Here are some basics to apply to any and all attempts to get your financial and personal information:
Never give your passwords to anyone.
Use a password manager
Use MFA (Multi-Factor Authentication) IN all circumstances
Be a critical thinker (more in the video)
1. Fake Job Application Portals
How it works: They send you a link to a professional-looking career site or “secure application form” that mimics a real company’s job portal.
Goal: You’re prompted to “log in” using an email and password — and if you reuse that password for your bank or PayPal, they’ve got a direct entry point.
Clues: URL slightly misspelled, odd subdomains (careers-companyname.xyz), or the page doesn’t exist on the company’s real site.
2. Malicious Attachments
How it works: You’re sent a PDF or Word document labeled “Job Application,” “Offer Letter,” or “Job Description” containing malware.
Goal: Once opened, the malware records your keystrokes, captures passwords, or installs a remote access tool.
Clues: The file asks you to “Enable Macros” or “Allow Content,” which can execute hidden malicious code.
3. Phishing Emails
How it works: A fake recruiter or HR manager needs you to “verify your account” before an interview. The link leads to a fake login page for your email, bank, or payment processor.
Goal: Steal your credentials directly.
Clues: Urgent tone (“Only filling five positions!”), generic greetings, mismatched email addresses.
4. “Direct Deposit Setup” Scams
How it works: After a fake job offer, they send you forms to set up payroll and benefits. They ask for online banking credentials “to verify your account.”
Goal: Access your financial accounts under the pretense of setting up payment.
Clues: Legitimate employers never need your online banking login — only routing and account numbers for deposits.
5. Fake Background Check or Credit Report Links
How it works: They claim the job requires a background check you must pay for online, using a link to a “screening partner.”
Goal: Capture your credit card logins, bank credentials, or whole SSN.
Clues: They insist you use their provided link, not a known vendor like Checkr, Sterling, or HireRight.
6. “Work From Home Equipment” Purchase Requests
How it works: They promise reimbursement for buying laptops or software, but you must log into a “company payment system” to receive the funds.
Goal: Get your login credentials for PayPal, Zelle, or your bank.
Clues: Legit companies either ship equipment or use established vendors — not login-gated reimbursement portals.
7. Social Media DMs With Job Offers
How it works: They message you on LinkedIn or WhatsApp about an “exclusive remote job” with high pay, then push you to complete onboarding via a suspicious website.
Goal: Trick you into creating an account with credentials you often reuse for other services.
Clues: Profile has limited work history, a recent creation date, or no mutual connections.
