How to Detect and Avoid Phishing and Email Scams: Keep yourself safe online with these tips

What Are Phishing and Email Scams?

Phishing is a tactic used by cyber-criminals to obtain sensitive information by tricking the recipient into clicking malicious links, downloading attachments, or sending personal, financial or other sensitive information. It is meant to catch the message recipient off-guard by impersonating trustworthy sources like well-known companies or brands, and even friends or coworkers, to extract private and personal information.

These types of scams can happen via email, social media, chat, text, or phone. They have been around for years and, as the internet has become more sophisticated, so have they. In 2020, the Federal Trade Commission received over 2 million fraud complaints from American consumers—reporting total losses of $3.3 billion—while 74% of companies in the U.S. were successfully infiltrated by a phishing scam. 

How Do Phishing Scams Work?

Phishing scams often invade inboxes disguised as an opportunity that should be taken advantage of with great urgency. These emails will usually include a link to click for more info or to “collect your reward.” Once clicked, the scammer will gain access to the target’s account and/or user profile. Alternatively, they may just ask for the information, like a bank account number, PIN, or social security number, which they plan to use fraudulently. 

In some lesser-known cases, unscrupulous individuals employ phishing scams just to violate and exploit the privacy of others. In any case, email and phishing scams have proven to be troublesome for the target, as it can compromise one’s privacy, finances, credit, and reputation.

How to Identify Phishing and Email Scams

One of the major keys to spotting a phishing scam is to understand that they may appear to look like any average message in your inbox, but the impact they can have on your career, finances, and credit can be severely damaging. The best way to keep yourself safe is to be aware of scams that have taken place in the past.

The Federal Trade Commission has a web page where they report on recent job search scams. They also have information about recent scam alerts and common schemes related to topics like student loans, fake checks, family emergencies, and more. Other resources for keeping up with the latest news include the Cyber Security and Infrastructure Security Agency (CISA) and USA.gov.

If you suspect an email may be a scam, you can do an online search to verify the sender. Search results may include stories of how that person or company has been associated with phishing in the past. Alternatively, you can call or email the human resources or recruiting department at a company to confirm whether the person reached out legitimately. 

Here is a brief overview of some “red flags,” or warning signs, that you may be the target of an online scam:

1. If your first interaction with a company is receiving a job offer for a role you don’t remember applying to - Even if it was a job you submitted for, a legitimate company would have a selection process, meet with you and other potential candidates, and check references. Even if the process doesn’t seem rushed, always check to make sure you actually applied to the job if the “recruiter” claims you did.

2. If you receive a message that shares a lot of details about a role, but no information on the skills or experience required - this is likely a scammer casting a wide net to attract as many targets as they can.

3. If the “employer” plans to send you a check (to cover your initial salary or to buy equipment, for example), and the payment is higher than expected - Scammers will then ask you to deposit it in your bank account and send them back the difference. This may be a form of money laundering, which you could be legally liable for.

4. If the sender asks you to provide or confirm personal information such as banking or login credentials

5. If the message contains misspellings, grammatical errors, is badly written or disjointed, and/or contains exclamation marks and words or sentences in capital letters

6. If you are offered a role that is more senior than the one you applied for or the salary is a lot more than you would expect it to be

7. If an email address or social media account doesn’t look genuine - Often a phishing email will look like it came from a legitimate and well-known company but will have minor variations, particularly in the email sender’s domain name. (For example, @mail.ziprecruiter.work as opposed to @ziprecruiter.com.) Take some time to examine the email address.  

8. If the email correspondence appears to come from employers using generic/free email domains like @gmail.com, @yahoo.com, @outlook.com - Most legitimate employers use the same domain as their brand’s website.

9. If the message contains an attachment that looks strange or suspicious - It may contain a virus or install malware (malicious software used to carry out scams) on your device if you open it. Even if you believe that an attachment is legitimate, it is good practice to always scan it by using an antivirus software.

10. If the email claims to direct you to a well-known site, but when you hover over the link with your mouse it displays a different URL - Also, check to see if there are misspellings, slight changes, or completely different names within the web address.  

11. If the email attempts to create panic or a heightened sense of urgency that presses you to take an action - For example, it may claim that your bank account (or any other type of account, including your ZipRecruiter account) has been compromised and implore you to confirm your login credentials to verify your identity. Another popular method is to alert you that your account will be closed if you don’t share your details.

12. If your computer or browser seems to be functioning strangely - In many cases, phishing scams are connected to malware that can cause your browser pages to load unusually slow, create pop-ups, or generate icons on your desktop that were not there before you received the message.

13. If a potential employer asks you to download applications like Telegram, Google Hangouts, Wire, or Skype in order to carry out a video interview - These apps are often used by bad actors to perpetuate their schemes. More standard apps like Zoom, Microsoft Teams, or Google Meet are less prone to these scams.

14. If you are directed to a site that is not encrypted - Check by looking at the URL in your browser. If it doesn’t start with “https:” or have a padlock icon at the start of the web address, steer clear because encryption cannot be verified.

How to Report Phishing and Email Scams

If you have been a victim of a scam, or just managed to identify one, it’s imperative to report it to the proper authorities as soon as possible. If you have already disclosed bank or credit/debit card details, or received funds into your account, contact your bank or card issuer immediately to stop any transactions and to ask advice on next steps. You will likely need to file a report with your local police department, as well.

If scammers claimed to have seen your information on ZipRecruiter, or if you are concerned about an unsolicited email for any reason, don’t respond to the sender. Instead, forward the email to trustandsafety@ziprecruiter.com with “SUSPICIOUS EMAIL” in the subject line. We work hard to identify and remove suspicious job postings but if you see any, please click the “Report Job” link at the bottom of the posting.

Beyond ZipRecruiter, here are some additional contacts you should reach out to:

Federal Trade Commission

• The Federal Trade Commission has a web page where they report on recent job search scams. You can report fraud to the FTC online.

United States Computer Emergency Readiness Team (USCERT)

• Email them at phishing-report@us-cert.gov 

FBI’s Internet Crime Complaint Center

• File a complaint here

econsumer.gov

• If the fraud seems to have originated outside of the United States, report it here 

State and Local Authorities

• Find out how to report fraud to your State and Local Consumer Agencies here

Other Places to Contact:

• The email provider that the message came from. Some common ones are: Yahoo, Gmail, Outlook, Verizon, AOL, iCloud, Comcast

• The Anti-Phishing Working Group, which includes internet services providers (ISPs), security vendors, financial institutions and law enforcement agencies, is an international coalition that unifies the global response to cybercrime across industries, governments and law-enforcement sectors, and NGO communities (email: www.reportphishing@apwg.org)

• Check your credit report for suspicious activity with TransUnion, Equifax, or Experian

Help ZipRecruiter Keep Our Community Safe

If you happen to come across something that seems suspicious, please email our dedicated Trust and Safety Team so we can have a look and take appropriate action. Our customer service representatives are available seven days a week to investigate and weed out anything that doesn’t seem right.