Job scams are spiking at the exact moment more people are looking for work online. Between May and late July 2025, reported job‑related scams jumped more than 1,000 percent, according to new research by Newsweek and McAfee.
The labor market has also cooled: The U.S. unemployment rate rose to 4.3 percent in August 2025, the highest since 2021, which means more applicants are vulnerable to too‑good‑to‑be‑true offers.
Recruitment fraud isn’t just a nuisance for candidates; it’s a data and security risk for employers, too. Organizations should treat recruitment scams as a core employee protection concern alongside executive impersonation and phishing.
How Can Job Seekers Stay Safe From Scams?
- Treat every unsolicited offer as unverified until proven otherwise.
- Ask for an email from the recruiter’s corporate domain and a calendar invite from the same domain.
- Save evidence. Screenshots, URLs and message histories help platforms and companies take action.
- If something feels off, pause and validate — even a five‑minute check can prevent a costly mistake.
Why Job Scams Are Surging Now
Attackers have better tools. Generative AI has lowered the cost of creating convincing recruiter personas, scheduling “interviews,” and producing realistic offer paperwork. Law enforcement and industry groups are also warning about deepfake‑enabled impersonation that undermines trust in voice and video, making it harder for candidates to tell real people from fabricated ones.
And the con spans multiple channels. What used to arrive as a single suspicious email now unfolds as a long-form scheme across social media DMs, messaging apps, email and fake application portals. If you evaluate each message or site in isolation, you miss how the pieces connect into one coordinated campaign.
Along with stress, economic pressure creates urgency. With unemployment at a four-year high, more candidates are anxious to secure work. That pressure makes people more likely to respond quickly, skip basic checks and overlook red flags that would otherwise prompt a second look.
Common Tactics to Watch For
Here are some common job scam tactics to keep in mind.
Fake Job Postings and Ads
Fraudulent listings on social platforms and search ads are designed to look authentic but steer applicants into off‑platform chats or forms that capture sensitive information. The goal is to move you away from official channels and into a controlled environment. Here are the red flags to look out for.
Role Not on Company’s Official Careers Page
If a search ad or social post points to a look‑alike site and the job isn’t listed on the company’s real careers page, assume it’s a funnel, not a job.
Domain Mismatch and Homoglyphs
URLs that swap characters (e.g., “dọppel[.]com”), add extra hyphens, or use odd country codes. Check the root domain against the company’s main site.
Fast Requests to Move Off‑Platform
“Let’s shift to WhatsApp/Telegram/Signal” or a personal Gmail/Proton address for “privacy.”
Unvetted Interview Software
Links to install an app, enable macros or grant screen‑sharing/admin access before you’ve even met a human.
Early Requests for Sensitive Data
SSN, bank info, selfies with ID, 2FA codes and crypto wallets with seed phrases like “to set up payroll.”
Phishing Emails and Messages
Links often route to look‑alike domains that mimic a company’s brand and collect resumes, identification documents and bank details. Even small variations in a URL or sender address can signal a credential‑harvesting setup.
Examples of Look‑Alike URL Patterns
TLD swaps
Careers.brand[.]co, brand[.]ai, brand[.]work instead of brand[.]com.
Hyphens and Extra Words
Brand-careers-secure[.]com, join-brand[.]com, brandjobs[.]careers.
Subdomain Flip
The rightmost domain is what counts. Compare the legit careers.brand[.]com to the fake brand.careers‑portal[.]com or brand[.]com.jobs[.]site The real domain is jobs.site.
Homoglyphs (Look‑Alike Characters)
Brаnd[.]com (Cyrillic “a”), brɑnd[.]com (Greek “alpha”), brancl[.]com (“cl” for “d”).
Username@ Trick in URLs
https://brand[.]com@offer‑portal[.]site/careers. The actual host is offer‑portal.site.
Long Official‑Looking Prefixes
https://brand[.]com.verify‑center[.]pro/apply (real domain is verify‑center.pro).
Link Shorteners/Redirect Chains
Avoid shortened forms like bit[.]ly/BrandCareers that bounce to unrelated domains.
Mobile Dressing
m‑careers.brand‑jobs[.]com or amp.brand‑apply[.]com to appear legitimate.
Examples of Suspicious Sender Address Variations
TLD Swaps
Recruiting@brand[.]co, careers@brand[.]work, offers@brand[.]support.
Hyphens and Add‑Ons
hr@brand‑careers[.]com, jobs@brand‑hiring[.]com.
Homoglyphs in the Domain
careers@brаnd[.]com (Cyrillic “a”), payroll@brɑnd[.]com (Greek “alpha”).
Free-Mail Fronts Posing As Official
brand.recruiting@gmail[.]com, hr.brand@outlook[.]com, jobs‑brand@proton[.]me.
Subdomain Misdirection in the Domain Part
no‑reply@brand[.]com.secure‑review[.]net (actual domain is secure‑review.net).
Reply‑To Mismatch
Form shows careers@brand[.]com but Reply‑To is jobs@brand‑careers[.]co.
Display‑Name Spoofing
“Brand Recruiting” as the name, but the actual address reveals talent@brand‑apply[.]co.
Impersonated Recruiters and Task Jobs
Scammers pose as well‑known companies or recruiting firms, then pivot to quick “paid tasks” that require deposits or cryptocurrency transfers. The Federal Trade Commission has flagged this pattern after reporting more than $220 million in losses in the first half of 2024, which serves as a reminder that any request for money is a clear red flag.
How to Stay Safe During Your Job Search
Verify the Recruiter and the Role
Use the company’s official careers page and corporate email domain to confirm the opening. Cross‑check the recruiter on LinkedIn and the company site. If you’re unsure, call the company’s main line and ask to confirm the contact.
Use Two Channels to Validate
Before sharing documents or clicking links, confirm through both an official business email and a live call or video meeting scheduled from a company domain.
Never Pay to Get Paid
Legitimate employers do not ask for money for equipment, training or expedited onboarding. The FTC’s guidance is clear on this point. Any recruiter asking for payment is likely a fraud.
Protect Your Data
Do not send bank details, full SSNs or ID scans until you’ve received a written offer from a verified source and completed standard background steps through a known provider.
Inspect Links and Domains
Watch for typosquats (attackers using url variations with minor mispellings) and link shorteners (like Bit(.)ly that can mask the original url). Real employers use consistent, brand‑owned domains across email and application portals.
Report and Block
If you encounter a fake offer, report it to the platform, alert the impersonated company’s security or recruiting team and file a report with the FTC at ReportFraud.ftc.gov.
What Companies Should Do When They’re Impersonated
Publish a Verification Page
List official recruiting domains, email formats and your “we never” rules. For example, indicate that “We never ask for payment” or “We only interview via these platforms.”
Harden Sender Identity
Use SPF, DKIM, and DMARC. These email authentication protocols help prevent spoofing and phishing by verifying a sender’s legitimacy. Reject or quarantine failures to reduce spoofing.
Monitor Beyond Email
Track brand abuse on social, paid ads, messaging apps and fringe platforms, and link indicators into campaign views so takedowns hit the underlying infrastructure. This entails grouping domains, sender addresses, social handles, ad accounts, phone numbers, wallets, hosting IPs, TLS cert fingerprints, tracking/analytics IDs, into a single, graph‑style view of the attacker’s campaign
Make Reporting Easy
Provide a public alias (e.g., security@ or recruiting@) and publish steps for victims to share evidence so you can escalate quickly to platforms, registrars and law enforcement.
Educate Your Team
Equip recruiters with templated responses, visible verification cues in their profiles — like a “Verified Recruiter” badge on LinkedIn — and a fast path to your security function. These steps reduce dwell time for scams and reassure candidates.
Stop Job Scammers
Scammers borrow the aesthetics of legitimate hiring and exploit urgency. With vigilance and verification, applicants can avoid handing over money or sensitive data to criminals, and employers can keep candidates safer by making authenticity easy to check.
If a job offer arrives out of the blue or rushes you to act, slow down, verify the contact through official channels and report anything suspicious. The goal is simple: Protect your information, protect your time and help the next person steer clear of the same trap.
