In a sad commentary on just how desperate American job seekers are becoming, a Russian hacking gang has infiltrated major employment sites, offering members jobs that involve transferring funds internationally from home. It sounds simple enough: Deposit a check into your account, then wire a large portion of the funds to Russia, keeping a large "handling fee" for yourself.
Of course the check they send you to deposit turns out to be a clever counterfeit, and every penny that you wire is deducted from your account, likely causing you to be overdrawn. Surprisingly enough, thousands of people have been duped by this over the past year. Somewhere there's a Nigerian prince smacking himself in the forehead and wishing he'd thought that one up.
"Not only do the people involved lose thousands of dollars, but they could face criminal prosecution from the banks," says Joe Stewart, Director of Mal Ware Research at SecureWorks, an information security services company that protects businesses from hackers. They're the ones who keep hackers from getting your personal information from banking, credit card, health care and and utility companies. Stewart himself was responsible for cracking this particular scam, and even alerting some unfortunate participants that they were about to be duped.
There are many similar scams going on out there, and although they frequently change business names, account numbers and email addresses, most start with an email offering work from home that involves transferring funds to foreign accounts. They know the recipients are looking for work and vulnerable, because they've hacked into popular job sites' databases and harvest email addresses of those who have registered as job seekers.
If you respond favorably to their first email, they'll then offer to send you a check, usually for just under $3,000, to deposit in your own account, keep up to $500 for your time and effort, then wire the rest to an account in St. Petersburg, Russia, within 24-hours.
The problem? The check they sent you is fake, even though it looks completely legitimate with water marks, etc. The fakes are so good that it takes the bank as many as 10 days to figure out that it's not real, and by that time, your own money is long gone. Once you've wired it somewhere, you can't get it back.
Apparently so many people have been duped because of the authentic look of the checks. The scammers hacked into the databases of several companies that archive business check images, complete with account numbers, names, addresses and signatures. Using these elements, the criminals create their own checks.
SecureWorks uncovered a computer server that stored digital images of about $9 million worth of high-quality fake checks, each for slightly less than $3,000, written against some 1,200 business accounts, and turned this information over to the FBI.
"These kinds of scams are popping up all the time" says Stewart. But most have certain similarities, and he says you should be on the look out for the following red flags:
1. Too much money: No legitimate company is going to trust you with thousands of dollars merely on the basis of an email relationship. Basically, if it seems too good to be true, it is.
2. Poorly written: Bad grammar and misspellings are a sure tip off. They're hoping you'll cut the senders some slack on this because you think English is their second language. Don't.
3. Foreign and unsolicited: Don't trust offers for jobs you haven't applied for that come to you out of the blue, especially if they don't involve your particular skill set, and are from foreign companies.
It's a shame that these criminals are preying on the unemployed -- who are perhaps most in need of a financial lifeline -- but a little common sense is the best protection. The delete key is probably your best defense against internet job scammers.
Related Stories from Examiner.com: