
You can listen to the full podcast here
Howard: A university student was victimized by a sophisticated fake job offer scam. The hacker noticed that this person had a profile with an IT background on the AngelList social media site, found the victim’s email address and sent them a fake job offer from the well-known cybersecurity firm Splunk. The victim was asked to do a Skype interview with a supposed HR person. They got a job offer and then did an online interview with the supposed CIO. And here’s where the scam cost the victim: The CIO said they would pay for the victim to get new computer gear for their home office if the victim registered their credit card with their company account so that they’d be reimbursed. The victim had to buy the computer gear at an Apple store, ship it to an address where supposedly Splunk would install security software and then it would ship the gear back to the victim. Well, that computer gear went to the fraudster as well as the victim’s credit card. This is another example of how crooks take advantage of the fact that today lots of job interviews are done online, especially because of the pandemic.
Terry: This is a really crazy one. We dealt with a scam similar to this in 2020. A large retailer was mass hiring for their warehouses and the scammers duplicated their job application system. Next thing you know applicants were applying to the wrong website. The threat actor said, ‘You qualify, but you need to buy some equipment from a certain site and we’ll reimburse you for. The event sent fake quotes from the retailer. It looked completely legit. But they were buying the gear for the scammers.
Howard: For one thing no legitimate company is going to say, ‘We’re going to reimburse you for your expenses, but the way this starts off is you give us your credit card .’ That should be a tip-off. The other thing is the victim tried to verify that the people she was talking to were real. She looked up online the name of the HR person who she was going to have an interview with, and sure enough, Splunk had a real employee with that name. The problem is that doesn’t guarantee that the person that she was talking to was that employee.