“While hiring scams have been around for many years, cyber criminals’ emerging use of spoofed websites to harvest [personally identifiable information] (PII) and steal money shows an increased level of complexity.”
According to the United States Bureau of Labor Statistics, 5.9 million Americans were unemployed as of January 2020. With so many people hunting for jobs, criminals are seeing lucrative opportunities for exploitation, and fraud. In fact, the IC3 recently announced rising incidents of employment fraud or the “fake job scam,” where a bad actor impersonates an employer. However, their chief concern is a new malicious focus on using these schemes to steal PII from job seekers. With the agency expecting bad actors to use stolen PII for new account fraud, an already $3.4 billion criminal enterprise in 2018, and online account takeovers, which numbered 679,000 that same year, financial institutions must move to address employment scams to protect their customers and mitigate losses.
Deceptive, Damaging & Undiscerning
Deception is central to employment schemes. By faking company websites and job advertisements, fraudsters trick victims into submitting applications and follow up to conduct phony interviews, roleplaying positions from across the company to create the illusion of authenticity. Under the guise of the hiring process, the criminals may request PII such as social security numbers, and prerequisite fees for background checks or training.
By posting on popular job sites, fraudsters’ ads are obscured amongst thousands of real opportunities, allowing bad actors to target victims from all backgrounds with striking effectiveness. According to a recent joint survey by the Better Business Bureau’s Institute for Market Trust and partner organizations, 81% of respondents who were targeted by an employment scam engaged with the fraudster, and 25% lost money, making it the third most effective scam typology in their report. This is underscored by the IC3 announcement which estimates that the average employment scheme victim loses $3000 and sustains credit damage.
With employment scammers indiscriminate and proficient in their pursuit of funds and PII, institutions must consider how their financial crime management approaches can best defend against this significant threat.
Considerations for Financial Institutions
Online Account Takeover Detection
Fraudsters often use PII gathered through employment schemes to compromise victims’ online accounts. With earlier and faster detection of unusual online account access, institutions can prevent criminals from making unauthorized transfers and harvesting further information.
Verafin’s Online Account Takeover solution exposes unusual access early with advanced detection for suspicious wires and ACH transfers, and online event analysis, including system logs and IP addresses.
Deposit Scam Detection
In some cases, employment scammers will convince victims to open an account at a target institution and instruct them to process transactions involving fake checks or mobile deposits. To effectively intervene, institutions need a financial crime management system that examines customer activity across multiple commonly abused deposit channels and detects suspicious actions before funds are moved.
Verafin’s Deposit Fraud analytics detect when a customer may be a victim of a known deposit fraud scam, such as opening a new account funded by a fraudulent check or mobile deposits, allowing you to react before funds are withdrawn.
Risky Entity Analysis
Using stolen PII, criminals can not only impersonate victims but can also break the information apart to create new identities, in what is known as synthetic identity fraud. These fabricated identities are a common mechanism for crime rings and are often difficult to detect. To avoid losses and halt this cycle of perpetuating crime, institutions need fraud detection that provides insight into unusual activity spanning multiple institutions.
Leveraging the power of the Cloud, Verafin’s Risky Entity Analysis can alert investigators if a customer at your institution is associated with money laundering or suspected criminal proceeds at another institution. With our unique cross-institutional analysis and information sharing capabilities, Verafin proactively detects potential risks of illicit activity spanning multiple institutions.
Employing Education & Advanced Detection
“Victims of criminal identity theft face both financial and reputational damage, which impacts their careers and their livelihood… more needs to be done to avoid this from continually happening to unsuspecting victims.”
Robert Siciliano, Industry Expert, Identity Theft Resource Center Report, 2016
Education is a critical first step to ensure staff and customers are informed of the potential indicators of scams. Verafin offers a complimentary eBook exploring common scenarios used to defraud your customers that outlines red flags, victimology and resources on romance schemes, Business Email Compromise (BEC), employment scams, and more.
While there is hardly anything more personal than our own identity, employment scammers have not hesitated to infringe on customer privacy and security, capturing PII while continuing to inflict significant monetary losses. Decisive action is needed, and a financial crime management system that provides advanced detection capabilities is the best approach to counteract the growing threat from fraud.