Last month, I received the email of a lifetime job: Vogue wanted to hire me as a freelance writer to cover a fashion event in Canada.
The email, with the subject line “Vogue Talent Recruiting Team,” arrived just as I was looking for new projects to work on after completing a six-month research contract.
Surprisingly, the editor-in-chief of British Vogue, Edward Enninful, was emailing me to offer me an all-expenses-paid trip to Toronto, as well as payment for coverage of the event.
When I re-read the email, I noticed something was wrong. Enninful’s email address was a Gmail account, not a standard Condé Nast address. His name was also missing from the “From:” field; instead, the email was from “Condé Nast.”
“Our reps came across your past works online and with interest we thought you might be interested in joining the rest of the team,” it said, with typos. It didn’t sound like someone in charge of a major publication.
I was well aware that the job offer was a forgery. This was not British Vogue’s Edward Enninful.It was someone impersonating Enninful in order to obtain something from me. When I asked for more information, I was given a PDF full of typos and a table of the costs they would cover for my trip.
Job scams typically involve phony job offers that attempt to take advantage of the job seeker in some way.
There are numerous types of job scams, but scammers are generally after one of two things: the job seeker’s personal information or a way to steal the job seeker’s money through bogus offers.
Job scam protection is as much about cybersecurity as it is about doing your research and generally being skeptical of the company that is trying to hire you.
You should use two-factor authentication and change your passwords on a regular basis to make it as difficult for scammers to hack into your accounts as possible.
However, avoiding scams necessitates the development of new skills, such as detecting minute details that indicate something is amiss. In my case, the Gmail address revealed everything.
My own scammer was probably after one of two things: spear phishing to gain access to my accounts or sending me a bad check to cover the cost of the trip.
Given the fake PDF that was sent to me, Ariel Robinson, senior product manager at New Relic Security, was suspicious of a spear phishing attempt.
“The scammers are attempting to obtain your personal information as the victim,” Robinson explained. “I would go through and change all of your passwords, as well as run a virus scanner or see if you can restore your laptop to before opening this attachment.”
If the people who targeted me had obtained enough of my personal and financial information, they could have turned me into an unwilling money mule by using identity theft to open bank accounts and credit cards.
In any case, the fact that I am a freelance writer looking for work attracted the scammers to me as a target.
I’m not sure how much they know about me — did they see me asking for assignments on Twitter? Did they get my email address from my Twitter bio or my website? Did they care that I’ve never written about fashion? — but Robinson believes that how much I share online is critical to my safety.
In any case, the fact that I am a freelance writer looking for work attracted the scammers to me as a target.
I’m not sure how much they know about me — did they see me asking for assignments on Twitter? Did they get my email address from my Twitter bio or my website?
Did they care that I’ve never written about fashion? — but Robinson believes that how much I share online is critical to my safety.
“This is particularly difficult for freelance writers,” Robinson, who used to be a freelance journalist before transitioning into cybersecurity, explained.
“To make our living, we have to put ourselves out there, right? You have a website. You make your contact info readily available. That means that we have to be extra careful and extra judicious because we make ourselves that much easier to find.”
Job scams are on the rise, according to the Federal Trade Commission. The agency received more than twice as many job scam reports in 2021 as it did in 2020, and more than 16,000 complaints were filed in the first quarter of 2022.
And it’s not just freelancers like me who are at risk: before the remote work boom, it was simple to spot fake opportunities that cheated workers out of their money: working from home with flexible hours was what made opportunities suspicious, too good to be true.
But, as more employers offer WFH and hybrid arrangements, how can employees tell a scam from a good opportunity?
Despite a shift in working culture following the pandemic, Robinson maintains that the old adage “if it’s too good to be true, it probably is” still applies.
Unfortunately, much of the responsibility for staying safe falls on the job seeker or gig worker who is simply trying to make ends meet.
Researching the company to ensure its legitimacy is critical, as is looking for red flags such as typos and researching the person who contacted you.
It is also critical not to open any attachments — a mistake I made out of curiosity — until you confirm the opportunity is legitimate, as is not sharing your bank information with companies who contact you.
Observing the email domain, which eventually revealed my scammers’ use of Gmail rather than the standardized Condé Nast email format, can also reveal the legitimacy of the offer.
“When I was a writer and I needed to be easy to find, I abided by some safety tips to keep myself safe,” Robinson said. “I never post about where I am.
I never talk about location. If I talk about location, it’s very broad, and I also turned geolocation off on all of my devices. I check all of my app permissions regularly to make sure it’s still turned off.”
Robinson also warns that LinkedIn is rife with scammers, owing to the fact that it is a networking app where job seekers are eager to meet people who might offer them a job. “Be prudent,” Robinson advises. “Go to the person’s profile and take a look at it.”
MORE FROM RAVZGADGET: Roku Could Start Selling Its Own Smart Home Lighting Accessories Soon
Seeing a scam that I could have fallen for has reinforced my commitment to my own cybersecurity. I changed my passwords and ran an antivirus scan on my laptop, as Robinson advised, and malware was discovered and removed.
However, Robinson wants internet users to know that if they are vigilant and set boundaries around the information they share, they can protect themselves from scams.
“The data economy is huge,” she said. “But users aren’t helpless. We have more agency than we think we do.”