4 Signs a “Work from Home” Job Offer Is Actually a Scam
With the new world of widespread remote work, you might be especially eager to consider a job offer or listing that promises that you can work from home. But you should be especially cautious, too.
Beware of scams
Working from home is very widespread right now due to the coronavirus pandemic. Unfortunately, so is unemployment. It’s a bit of a perfect storm for a type of scam that’s been around for a while: fraudulent “work from home” job offers. Should you get one of these “offers,” here’s a guide to how this scam works, how the prevalence of working from home right now is bolstering it, and how to avoid falling victim. Plus, watch out for these computer mistakes you should have stopped making by now.
What are “work-from-home” job scams?
They’re pretty much what they sound like. They’re scams that make it look like you’re being offered a job where you’ll be able to work entirely from home—but there is no job, and they’re actually just trying to steal your money.
While some scammers might be less-than-meticulous with their sham offer, others might go to great lengths to make the offer look real. “They may create fake companies, but they can also spoof real companies,” explains Karim Hijazi, CEO of Prevailion. “They may also steal the identities of real people, such as business executives or HR recruiters, in order to fool their victims. They may post on legitimate job sites like CareerBuilder, or they may contact the person directly via email, SMS, or social media sites such as LinkedIn.” So just because an offer is on a legitimate career site doesn’t mean the offer itself is legitimate. If you’re already working from home, make sure you’re following the golden rules for WFH.
How is COVID-19 bolstering these scams?
Again, the pandemic has created a perfect storm for these scams. Sadly, scammers take advantage of the current climate and people’s hardships, and COVID-19 is no exception. “For the first time in our history, virtually every company that can do so is trying to figure out how to keep its employees at home,” Hijazi explains. “There is a very high percentage of people who are actively looking for a job—any job—and plenty more who are keeping their options open in case they’re the next one on the chopping block. As a result, people who wouldn’t normally open a WFH job offer email are more likely to do so now.”
Sign: The job offer just seems way too good to be true
According to Hijazi, this simple gut feeling might be the strongest indicator that something is wrong. “[The scammer] may offer a very above-average rate, a promised upfront payment or high bonus, easy work, et cetera,” he says. If any of those things strike you as a bit too lofty, they probably are, so make sure you take a close look at all of the details of the offer.
Sign: There are spelling and grammar errors
Yes, anyone can make grammatical errors, but if the job description you’re looking at contains enough errors—or a large enough error, like a misspelling in the name of the company—that it seems like someone really should have caught it, the offer might be nothing but a hastily written scam.
An unfamiliar—or too familiar—email address
If the offer arrives via email, take a good look at the email address. One red flag is that the address—or any web address included in the offer—ends with an international domain, like “.ru.” (This is the top-level domain for Russia.) Before clicking on any link, hover over it and peek at the domain. If it’s not familiar, don’t click on the link. (And you should avoid clicking on links from unfamiliar email senders regardless!)
Interestingly, an email address that’s too familiar can also be a warning sign. For instance, a recruiter for a certain company will typically be using a work email for that company—not, say, a Gmail address. While Gmail certainly might be a trusted site and you’d probably be inclined to trust it, consider that a legitimate job recruitment email will most likely come from an email address from the specific company.
You’re encouraged to open attachments
Attachments are a danger zone for any kind of scam. They’re often “Trojan horses” that contain malware, designed to steal your passwords, install a virus, or otherwise obtain your information and/or money. But, just like fake email and web addresses, they can look convincing. They “may be disguised as a job description, application, or payment transfer request, but actually contain malware,” says Hijazi. If the sender is not someone you recognize or have verified as legitimate, do not open any attachments. Be especially wary if the message specifically tells you to open an attachment or download something. Again, this is a good rule for any email, not just a job offer. For more info, watch out for these signs you’re falling for a phishing email.
Stay safe: Do your research
Luckily, there are plenty of ways to avoid falling victim to a work-from-home scam (or any online scam, for that matter). When considering a job offer—whether through email or on a career site—you should first check to make sure the company has a real-looking website, and dig deep for information on the site. “You can…look up the WHOIS information on the website to see how old it is,” Hijazi recommends. “A website that was only launched in the past few months raises more questions than one which has been around for years.” He also suggests searching for the site on the Better Business Bureau and even on a database of state corporations. If the company doesn’t show up—or if it shows up in a negative light, i.e. people have made complaints about it—it’s likely not legitimate.
You should also look up the name of the person the email says it’s from—are they a real person, and do they really work for that company? To be ultra-careful, you can even call the company’s HR department to make sure that they really did send you the offer or really do have that job opening. Better safe than sorry!
Stay safe: Dig deep for the true email sender
There’s a simple, but little-known, way to get a good idea if an email is from a legitimate sender. You need to read the email header. Just by doing that, “you can immediately catch a lot of scams that rely on email spoofing to impersonate legitimate companies or organizations,” Hijazi says. To do this, click “show original” (on Gmail) or “view source”; this makes the full header visible. Find the line that says “return-path.” It will show the “true origination point” of the email, he says: “Criminals can easily spoof a legitimate domain, so that what you see in your inbox is ‘[email protected]’ But the return-path will always tell you the truth.” Again, if the domain here is an unfamiliar one—and, especially, in direct contrast to the one you see in your inbox—the email is not legitimate. Find out the scary things a hacker can do when they have your email address.
Stay safe: Keep your personal information to yourself
This is another biggie in today’s climate. In addition to working online much more, we’re also shopping online and researching and donating to charities en masse. It’s so easy with just a few clicks to provide personal information—but be careful. Hijazi’s advice? “Don’t provide sensitive personal information like your Social Security Number, bank account number, credit card, etc., to someone you’ve only engaged with remotely.” This is especially true when it comes to your social security number, which you really shouldn’t be being asked for on anything but a government form, and certainly not over the phone. Before sharing information like this online, make sure you’re absolutely certain the site is legitimate.
Stay safe: Safeguard against malware
Threats of getting a computer virus or being scammed are omnipresent. Make sure your computer has strong antiviral software, and don’t ignore “virus” or “update” warnings on your computer. Make sure your email’s spam filter is working. Hijazi even recommends using a separate device for banking from the one you use for email, if possible. For more tips, follow these rules that make you less likely to be a target for scammers.