[HN Gopher] Someone is impersonating us in a recruiting scam
___________________________________________________________________
Someone is impersonating us in a recruiting scam
Author : jenthoven
Score : 218 points
Date : 2022-07-13 16:06 UTC (6 hours ago)
(HTM) web link (www.kapwing.com)
(TXT) w3m dump (www.kapwing.com)
| hn_throwaway_99 wrote:
| I mean, TBH this seems like a pretty dumb scam, and you have to
| be pretty gullible to fall for it. Send my bank account
| information over to a company before I've actually had face-to-
| face conversation with anyone there? And who would expect to get
| an offer letter before you've even had an actual interview (as
| opposed to just some questionnaire you had to fill out)?
| ghaff wrote:
| >And who would expect to get an offer letter before you've even
| had an actual interview (as opposed to just some questionnaire
| you had to fill out)?
|
| Many years ago now but I did get a job offer out of grad school
| on the basis of a mass mailed job application cover
| letter/resume. (And this was with a major aerospace company.)
| Only did a site visit/interview after I asked for it.
| omoikane wrote:
| Due to the rising trend of people working remotely, some people
| might have never had any physical contact with the people they
| work with, all the way from interview up to signing the
| contract. It might be difficult for these people to verify that
| a startup is legit.
| hn_throwaway_99 wrote:
| I work in a remote company, and have hired a ton of people
| remotely. How many folks do you know who are hired remotely
| without ever having even a phone call, not to mention a
| video/zoom call?
| omoikane wrote:
| Since a lot of interviewers conducted interviews from their
| homes during the pandemic, I am not sure just being able to
| see a person would provide enough assurance.
| hn_throwaway_99 wrote:
| Don't disagree, but that didn't happen in this case.
| oplav wrote:
| I was on a Zoom interview panel where it was clear that
| the interviewee had someone else on an earpiece and was
| being fed answers.
|
| When we conversed about non-technical things, the
| interviewee spoke clearly and fluently. But when we'd ask
| a targeted technical follow-up to something on their
| resume, they would always repeat the question slowly, and
| then robotically with several pauses say their answer
| back. Another interviewer said they could hear the voice
| in the earpiece talking in between their pauses.
|
| I'm not sure what their end goal was with getting hired,
| but we ended up cutting the panel short.
| dahart wrote:
| Younglings may have no idea what's normal, right? I don't
| know anyone who's been hired without a call or interview,
| but that isn't necessarily relevant; it doesn't mean that
| scam is obvious to someone who's never been hired anywhere
| before, or is too excited about the prospect of a decent
| job to question the process. Lots of scams are somewhat
| based on people's general reluctance to challenge someone
| else, especially when there's a prize or benefit on the
| line, this is a human trait.
| bornfreddy wrote:
| I don't understand this part, is this US-specific? (Genuinly
| curious... I'm from EU) If I send my banking details to some
| company here they can deposit funds (as in, pay) to it. No way
| can they withdraw anything without my authorization. So how
| does this scam even work? Or am I missing something?
| jenthoven wrote:
| [This is Julia, the OC] It's not exactly clear what the end
| scam will be. Scammers ask for bank info, a photo of your ID,
| and credit info. Sounds like some sort of identity theft or
| bank withdrawal situation.
| hn_throwaway_99 wrote:
| Welcome to the byzantine world of ACH transfers in the US.
|
| Short of it is that, _no_ , they do not need your specific
| authorization to initiate a withdrawal. Here's how ACH works:
|
| 1. One banking institution is the ODFI - originating
| depository financial institution, that makes the request. The
| other is the RDFI - receiving depository financial
| institution. In order to make a withdrawal, the ODFI sends
| the RDFI an ACH request that says "For this routing number
| (which determines the RDFI), for this account number and
| account holder name, debit $XXX amount and send it to me, the
| ODFI." No other authorization is necessary from the account
| holder.
|
| 2. The RDFI will send the ODFI (basically, the ACH process is
| more complicated) the money, BUT the RDFI has 90 days I
| believe (maybe longer) to pull the money back (search for
| "R10 ACH response code). If they do, the ODFI is left
| "holding the bag" and must return the funds. Thus, it's up to
| the ODFI to ensure that the user who initiated the withdrawal
| in the first place is authorized to do so.
|
| Thus, a common ACH scam is:
|
| 1. Bad guy opens account at some financial institution with a
| stolen identity.
|
| 2. Many fintechs and online banks use Plaid to link to an
| account at an external institution to transfer funds. If the
| bad guy somehow has stolen credentials, then they link Plaid
| to that external account.
|
| 3. Bad guy initiates the ACH. Most ODFIs will then hold the
| funds for 2-5 days (depends on how long the account has been
| open, there are banking rules about how long they can hold
| it) specifically because of this return possibility.
|
| 4. Bad guy then tries to withdraw the money as soon as they
| can. If the original account holder doesn't notice the money
| missing from their account for, say, 2 weeks, the bad buy
| will have gotten the money and the ODFI is the one that has
| to make good on the stolen funds.
|
| Google "ACH Fraud". It's a common problem with startups that
| don't realize all the intricacies and problems of the NACHA
| rules.
| bornfreddy wrote:
| Wow, that is interesting... Thank you for an excellent
| explanation, makes sense now.
| frays wrote:
| Wow... The US banking system is truly mind boggling.
|
| Thank you for taking the time to share this information
| about ACH scams.
| yieldcrv wrote:
| I mean if I said it was for Direct Deposit this would match
| many candidates and employees experience.
| _jal wrote:
| Companies are increasingly intrusive when hiring, like everyone
| else. Running background, credit, etc. checks for low-level
| employees was considered absurd not too long ago, now it is
| routine.
|
| Especially young folks, excited by their great new gig, are
| likely to be unclear on where, exactly, the line is, or not
| think through the implications of things happening in the wrong
| order. (At my current gig, one of the first things HR did after
| we signed was ask me for direct deposit info.)
| aynyc wrote:
| People are gullible. I can probably build a website with
| reasonably fake job listings, and ask job applicants to fill
| out I-9. I'm pretty sure I can get a lot of personal data from
| that.
| vlunkr wrote:
| There are lots of dumb scams. It's a numbers game, you reach
| out to thousands of people and if only a few bite, you're
| probably still making a profit.
| V-2 wrote:
| Plus the "offer" (and all email communication) is run from a
| Gmail account, they didn't even bother to spoof or semi-spoof a
| credible looking address. Of course they're not targeting the
| best and brightest, but this is by design - such folks wouldn't
| jump at a random job opportunity to begin with
| elcomet wrote:
| I'm not sure it help to shame people who fall for those scams.
| People do fall for it, scammed are exploiting human's trust
| that most people are nice. Most scams seem dumb once you know
| about them. And once some scam becomes well known, scammers
| will just change tactics.
|
| The important thing is to educate people (for example do not
| give your bank information over the phone ever, except if you
| are the one who called maybe) and have good insurances in case
| something like this happens. And I believe it could happen to
| any of us, even people who think they're not gullible.
| hn_throwaway_99 wrote:
| Sorry, I didn't mean to shame folks, I just meant to
| highlight that there is very little in this scam that seems
| new or clever, so it doesn't seem particularly noteworthy. I
| probably get a couple of similar scams directed to me every
| week (we joke in our company how we all get texts from our
| "CEO" asking to respond to an urgent need...)
|
| Every now and then I'll read about an online phishing/spear-
| phishing scam and think "Wow, that is really good. I
| definitely may have fallen for that!" (e.g. the "delayed
| disconnect" phone scam - TBH I didn't even realize some
| landlines worked like that.) This is not one of those times.
| nerdponx wrote:
| TIL about delayed disconnect. Scary!
| slig wrote:
| There's a reason why there are a lot of typos, broken English,
| fake emails from gmail, etc, they do not want to waste time on
| non-gullible people.
| AtNightWeCode wrote:
| Reminds me of that guy from Sweden(?) who HIRED more than 100
| people to a non-existing company. Best scam ever, because it is
| so stupid, and hard to understand why.
| tpmx wrote:
| This story from four months ago?
| https://metro.co.uk/2022/02/21/jobfished-bbc-doc-on-madbird-...
| (It was the UK.)
| BashiBazouk wrote:
| I was contacted through LinkedIn by a scammer with a position at
| a major company. The email was slightly off and the email suffix
| was a .company.somethingelse.com. I contacted the company HR
| department asking if it was a real job and if not, would they
| like all the information I had on the scammers. No reply...
| sparrish wrote:
| They probably thought your report of a scam was a scam itself.
| We get this occasionally at our company.
| adrianmsmith wrote:
| You'd hope the company would care. But on the other hand I
| suppose it'd be you being scammed not them. As harsh as it
| seems, that's probably why they don't care.
| ghaff wrote:
| And it would probably be a hassle for the HR person to reach
| out to legal, answer various questions, and deal with it. Not
| their job, not their problem, not a great attitude either--
| but so it goes.
| mden wrote:
| Or more explicitly the people who would see the message would
| have no incentive to do anything about it as it would likely
| add more work for them with no gain. I think this is in part
| a result of all work "efficiency" optimizations and the exact
| performance metrics that come with them that have been
| applied to many workers in the past decade or so.
| rmbyrro wrote:
| Initially I expected they'd pretend to hire the person to use
| services for free.
|
| It could last about 45 days. After the first missed paycheck,
| they could drag 2 more weeks on "bank transfer issues".
|
| Depending on the person, even 60 days...
|
| They could potentially get 2 months of senior video editing free
| of charge. Sell this on Fiverr and make more money they were
| asking the candidates.
| trwhite wrote:
| These scams always have horrendous grammar. To me that's a huge
| red flag
| lnxg33k1 wrote:
| It's done on purpose, those who don't see the grammar mistakes
| are more likely to fall for the scam and not be able to track
| the scammer back
| darkwater wrote:
| Oh! That's a way of seeing it that I never thought about but
| that now just made "click" in my mind!
| phendrenad2 wrote:
| I've heard from multiple senior engineers that they felt like
| they were being scammed while interviewing with a legitimate
| company. I end up spending a lot of time digging through the
| company website to make sure that at least ONE of the people I
| spoke to in interviews is even mentioned by name somewhere. If I
| can't do that, I make up some excuse to talk to the CFO about
| stock option vs base salary balance or something.
|
| This is all bullshit. Companies should accompany any request for
| personal information with a document signed by their private key,
| so I can verify it with the company's public key. Wasn't PKI
| invented in the 1980s?
| notjustanymike wrote:
| We've had an ongoing problem with this as well, and it's
| shockingly effective. A couple of "candidates" have reached out
| to us right before they were scammed.
|
| The con really preys on people's hopes - promise them a higher
| paying job, hopes of a better life, then casually extort them
| right at the end.
| frays wrote:
| How did the "candidates" actually get scammed? Did the bad
| actors steal their personal information and commit fraud?
|
| I don't understand what scammers get out of doing this. How do
| they make money?
| Beaver117 wrote:
| Recruiters get what they deserve for ghosting people and being
| assholes
| robbitt wrote:
| This is common problem in nearly all intermediary business models
| from real estate agents, stock brokers (now nearly obsolete),
| recruiters to freight brokers...
| seaerkin wrote:
| There are companies that offer brand and employee impersonation
| detection services, but something like this is undetectable. Any
| scam done through a public email provider, you really can't do
| much aside from reporting the email and raising awareness.
|
| Had the scammers linked back to a domain or website that looks
| similar to your brand, THAT is detectable and there are services
| that can help here.
| tessgadwa wrote:
| I was targeted by a similar recruiting scam several years ago --
| again, a smallish company which was high on my interest list,
| with a personalized email matching my stated skills and
| experience.
|
| All I can say is that while legit "cold" recruiting outreach
| happens all the time, if you are a job seeker take the time to
| verify these contacts. Don't give out personal or contact
| information until you are absolutely sure you know who you are
| talking to! A professional will not mind you taking this extra
| step.
| ChrisMarshallNY wrote:
| I was once contacted by Apple.
|
| The email almost got shitcanned, because it was so scruffy.
|
| The subject was just "Hello From Apple." There was no HTML in
| the email, and the letter was really short.
|
| It may have been an auto-generated one.
|
| It never turned into anything, but it was a legit contact.
| acid__ wrote:
| That's funny, there's actually been an intentional shift
| among "email thought leaders" towards shorter, plain-text
| emails because they can come across as more personal in
| today's world of high-powered CRMs.
| ipaddr wrote:
| Reminds me of the Amazon ones.
| matsemann wrote:
| I once had a recruiter from facebook get stuck in the "spam"
| tab in facebook messenger back in 2014. Not the "you may
| know" message requests you get a notification about, but the
| spam you never see.
|
| It was legit. Didn't see it until someone reached out a
| different way. A bit funny how their own platform failed
| them.
| jenthoven wrote:
| [This is Julia, the OC] 100% agree. At Kapwing, we would never
| penalize a candidate for verifying a job opening; in fact, we'd
| likely see it as a positive signal and sign of enthusiasm.
| AtNightWeCode wrote:
| First impression. Fake. Some random company trying to get
| attention. Scams are often more generic or more poorly done. This
| would be some Americans trying to harm the biz by targeting. Not
| unheard of but not very likely.
| baxtr wrote:
| Interesting scheme. I wonder why they do it.
|
| Neither in the linked article nor in the comments here I found a
| real financial damage - other than huge waste of your time and
| loss of personal data.
|
| Anyone any clue on this?
| andreygrehov wrote:
| This could be one of the reasons -
| https://www.cnet.com/personal-finance/crypto/a-fake-job-offe...
| useruser1991 wrote:
| Unrelated: Kapwing runs the most odious dark pattern I've seen
| for users who wish to cancel - they threaten to make all the
| content you created public.
| JoeAltmaier wrote:
| Reminds me of food delivery companies presenting themselves as
| restaurants. There was some question of if or how illegal it
| actually was.
| cyral wrote:
| A good read: https://www.readmargins.com/p/doordash-and-pizza-
| arbitrage
| mnd999 wrote:
| Surely it comes down to trademarks. If you're using someone
| else's trademark you're in trouble if they sue you.
| paulgb wrote:
| Or wire fraud. IANAL but this in particular seems to go
| beyond trademark misuse into yeah-that's-a-crime territory:
|
| > For example, in this case, candidates received the "offer
| letter" with our old company logo in the letterhead instead
| of the new logo we introduced recently. The offer letter was
| also signed by a random "Advisor" named Tom Gahm (who
| actually doesn't exist) rather than the CEO.
| nowherebeen wrote:
| Oh the irony. These startups have been growth hacked!
| khendron wrote:
| Something similar happened to one of my corporations. Somebody
| targeted by scam the was suspicious and contacted me via
| LinkedIn. Discovered somebody had setup a completely separate and
| very legit looking website using a similar domain name (e.g.,
| instead of company.com, it was companyinc.com).
|
| I have no idea if they successfully scammed anybody.
|
| One thing I did that is not mentioned in this article is that I
| contacted the police. The police took a statement and collected
| all the relevant files (e.g., the PDF job offers I had been
| sent).
|
| There was, unfortunately, not much the police could actually do.
| But having an official police report helped in my next step,
| which was to start an internet-wide game of whack-a-mole with the
| scammer's website. I'd identify the hosting company, send them an
| abuse report, citing the police report, and request the website
| be taken down. The hosting company would usually comply within 24
| hours, then a week or so later the website would reappear using a
| different host. Lather, rinse, and repeat several times until the
| scammer gave up (or moved to a different domain that I have not
| discovered yet).
| edm0nd wrote:
| A North Korean APT and other nation-state backed hackers are
| using fake job offers and interviews to drop targeted malware.
| It's actually a pretty effective method. Certainly something to
| be aware of if you are job hunting and an engineer or sysadmin
| position for a large F500 company. Triple verify everything and
| dont open PDFs lol.
| blobbers wrote:
| If you work at a crypto exchange I have an exciting opportunity
| for you!
| palata wrote:
| I don't get how it works. If I give my IBAN, then people can send
| me money, but they cannot take money from me.
|
| A scam would need to ask e.g. my credit card data, but at this
| point it's pretty clear that it's not to send me money.
|
| I am not in the US. Is that different there? Like do you use the
| same numbers for both? Or do people just not know the difference?
| erichurkman wrote:
| The key is in the 'congratulations' email:
|
| > Please note that, on acceptance of this employment offer, the
| following equipment will be deliver to you to set up your home
| office, the funds for the purchase of the equipment will be
| made available to you prior to purchase and delivery.
|
| They will send you a $15k check, you'll buy the equipment, and
| Venmo them back the remainder. Meanwhile, the check bounces.
| mhzsh wrote:
| Years ago, my previous employer had a few listings on Indeed for
| software engineers (some were very long-running). A recruiter
| reached out to us with a candidate they had, who had experience
| in the areas we were looking for, which was enticing because
| people like this were not so easy to come by for a small company
| not based in a major city. By chance, we found out during the
| interview process with the candidate that the recruiter was
| playing both parties. This very shady recruiter cloned our job
| listing (removing the company information) and was able to out-
| rank us in the search. They presented themselves to the candidate
| as if they were working for us, and to us they presented
| themselves as trying to place this candidate, effectively
| collecting a recruiting fee for hijacking our listing forwarding
| a resume. They ended up with nothing but a warning from lawyers,
| but they _almost_ got an easy paycheck out of it.
| ricardobayes wrote:
| Color me naive, but why is this a bad thing? If your listing
| reaches more people, it's ultimately better for you. Maybe I'm
| misunderstanding something.
| gnicholas wrote:
| It's the fee, which is a percentage of the employee's salary.
| That's much more than the listing fee on Indeed, likely by
| orders of magnitude.
|
| There's also the downside that some scummy person is
| representing themselves as being affiliated with you, when
| they're not. So if they do scummy things to the candidate
| (which they likely would, given what they're doing to you),
| then you are painted in a bad light. Think of situations that
| HNers complain about here, and then imagine that it's your
| company being (wrongfully) dragged for having lousy
| interviewing practices.
| bertil wrote:
| The fee is the most common issue cited by employers.
|
| I generally respond (as a candidate) to get a sense of the
| problem. I can assure you that bad representation is the
| biggest problem. It's not uncommon for recruiters to say
| something really problematic (bluntly racist or sexist) or
| impose excessive interview steps to filter candidates,
| without knowledge of the industry. I often know the hiring
| manager well enough to give feedback and they are generally
| horrified.
| tshaddox wrote:
| I would imagine it's for the same reason that many big
| musical acts go to lengths to make it difficult for concert
| tickets to be resold. It's important to them to manage their
| relationship with their customers, and they simply don't want
| all or most of their tickets essentially being auctioned off
| to the highest bidders even if that is technically the most
| economically efficient allocation according to some extremely
| short-sighted interpretation of an Econ 101 textbook. Heck,
| it's the same reason Apple sometimes has long wait times for
| a new popular iPhone model instead of holding an auction and
| shipping to the highest bidders first.
| ricardobayes wrote:
| I think you're right, it's what separates companies
| classing the same/similar behavior as unwanted, even
| illegal (grey market luxury watch dealers) vs encouraged
| (food delivery). The relationship with the client and it's
| perceived value. Coming to think about it, probably a
| Michelin-star high-end restaurant would shoo away a
| doordash person coming to pick up takeaway.
| PragmaticPulp wrote:
| Because you don't want an unrelated 3rd party inserting
| themselves between you and the candidates.
|
| How many good candidates were scared away by the sketchy
| recruiter? There's no way to know.
| ricardobayes wrote:
| How is this different than doordash coming to pick up food
| from a restaurant and delivering to me? I think it's very
| similar, they charge an extra fee, restaurants might not
| sign up for this and it's not the restaurant employees
| handing me the food.
| mhzsh wrote:
| In this case, neither party has really signed-up for it.
| To the candidate, it might not matter that much if they
| don't have a negative experience with the recruiter, but
| to the company whose job listing was straight-up
| plagiarized and outranked on the same job board (with a
| big recruiting fee on top), it's very different. With
| doordash, you at least agree to the fee, right?
| ratww wrote:
| Well, for one either you or the restaurant wanted
| Doordash to do that job, and Doordash isn't
| misrepresenting themselves as if they were working for
| the restaurant (without the restaurant's knowledge).
|
| Of course, with that said, there was some service a few
| years ago (maybe it's Doordash?) that was generating
| landing pages and buying domains pretending they were the
| restaurant. But that's also very shady.
| opendomain wrote:
| Delivery services DO misrepresent restaurants. If you
| search for a specific restaurant in your area, you will
| get lots of SEO spam that is not from the actual
| restaurant.
| ratww wrote:
| ...and that's precisely what I mentioned in the second
| paragraph of my message.
| RHSeeger wrote:
| > Doordash isn't misrepresenting themselves as if they
| were working for the restaurant
|
| From what I head, the various delivery services have been
| setting up websites that pretend to be the actual
| restaurant's site, but list their own phone number. So
| they're committing fraud, too.
| JacobThreeThree wrote:
| If the recruiter is saying he's been hired by a company to
| find people for a given job posting, and he hasn't actually
| been hired by the company, that's fraud.
| a2tech wrote:
| I don't think this is uncommon--in fact I think it's the way
| many recruiters work.
| yomkippur wrote:
| raverbashing wrote:
| Hence why most companies don't accept placements by
| recruiters unless it's the one they specifically hired for
| the job
| apohn wrote:
| Unfortunately recruiters lie about "exclusivity" as well.
|
| About a year ago I was on the job market and multiple
| recruiters reached out to me with the exact same job
| listing, just with the company name removed. All of them
| claimed to have an exclusive relationship with the company
| and they were working directly with the hiring manager.
| With 5 minutes of Googling I found the original position
| and the company that posted it.
|
| Do they get penalized if they present a candidate for the
| job and the company says "No recruiters" and they remove
| the candidate from their candidate pool?
| benglish11 wrote:
| penalized by who? It works enough that tech recruiters
| and their agencies make a lot of money. If there is no
| agreement between the company and the recruiter the
| company is free to contact that applicant themselves. The
| recruiter will usually hide the contact information of
| the applicant for this reason.
|
| Enough hiring companies only care about getting a
| seemingly qualified applicant in for an interview and
| will ignore what ever shady things recruiters do.
| HWR_14 wrote:
| He's asking if he, as a candidate, will get blackballed
| by the company if a recruiter submits his resume. I think
| you're assuring him he will not.
| thih9 wrote:
| And many real estate agents, and sadly perhaps more
| occupations.
| lotsofpulp wrote:
| How is that how real estate agents work? The seller signs
| an agreement outlining compensation with a real estate
| agent before any work is done.
| jjk2178 wrote:
| A real estate agent might repost an owner's ad for an
| apartment, and earn a broker's fee from the renter when
| the apartment is rented
| lotsofpulp wrote:
| I have only dealt with agents for apartment rentals in
| NYC, and there, the landlord hires the agent and agrees
| to pay them a fee, just like a house seller would agree
| to.
|
| If neither a renter or the landlord have an agreement to
| pay an agent, why would the agent be owed any money?
| RHSeeger wrote:
| In Mass, it's the renter that pays the fee.
| lotsofpulp wrote:
| In NYC, the renter usually pays the fee too, but that is
| simply part of the rental agreement from the landlord.
|
| The person that agreed to pay agent is still the
| landlord. In times when supply of apartments exceeds
| demand from renters, landlords have to pay the agent from
| their pocket.
|
| But the point is that in all cases, someone agreed to pay
| an agent. The agent did not simply materialize and
| obtained a right to collect money from someone.
| nradov wrote:
| That's not how the multiple listing systems work in the
| US real estate market.
| fshbbdssbbgdd wrote:
| Realtors certainly will _try_ to get you to sign an
| exclusivity contract as early as possible. But if you
| don't sign, most will show you homes for free. Agents
| will talk about it like you don't have a choice to get
| you to sign, though. Personally, I'd at least demand that
| such a contract include a cash rebate for a portion of
| any fees the realtor earns, and I'd want it to be limited
| to the transaction on a particular home. I wouldn't sign
| anything that prohibits me from working with other agents
| on other purchases.
| [deleted]
| pyuser583 wrote:
| I was told this by a realtor once.
| gumby wrote:
| Nowadays you can often use a search with some text from the
| ad to figure out who the real company is. Though who would
| bother?
| gorbachev wrote:
| I do that every time a recruiter cold calls me about an
| opportunity without mentioning the company, if the
| opportunity sounds interesting.
| Kalium wrote:
| I do that to find out who the company is. It's usually a
| better way to find out how much they pay than the recruiter
| is. Too often recruiters try to avoid telling me either
| item.
| albedoa wrote:
| > Though who would bother?
|
| It takes like four seconds.
| stevage wrote:
| Who would bother to find out who the company they would be
| working for is? Who wouldn't?
| ako wrote:
| It is shady, but at the same time it sounds like the recruiter
| succeeded where your company failed. He was able to find a
| candidate for your position, where your employer was unable by
| just posting it to indeed.
|
| He did a better job, and maybe that is worth the additional
| money? Do you think your employer would have found the same
| candidate by just relying on the job listing on Indeed?
| theamk wrote:
| The recruiter copied listing as-is, with only company name
| removed. If thir listing wasn't there, candidate would find
| the company directly.
|
| So they provided no positive value; in fact they provided
| negative value by adding duplicate listing and making them
| harder to navigate. I don't thin
| bobbaf wrote:
| This is also how they were able to steal money from Axie
| Infinity, they sent a malicious PDF file that was able to exploit
| and compromise the company's security and steal US$600 million!
|
| https://www.cnet.com/personal-finance/crypto/a-fake-job-offe...
| sbassi wrote:
| You should post a visible warning in your careers page, it may
| help for some cases.
| random_0 wrote:
| May be they should add a notice on their home page too.
| 120bits wrote:
| This is the 4th time I have heard this news in a month. I wasn't
| paying much attention till it happened to my girlfriend.
|
| A person with a linkedin profile, that looks very legit saying
| they work for Nike at a senior level position reached to my gf
| for a job role. Well, at first she was excited and then she
| forwarded me their profile. It was really good presentation,
| however, few things were way off. Like the timelines on their
| profile were not accurate. The related experience was shady and
| more. As I dig deep I was convinced its a scam.
|
| I reported the profile to Linkedin.
| kstrauser wrote:
| Ugh, LinkedIn. Someone created a profile saying they were in my
| company's Mumbai office. We're 100% US-based, which is very
| important in our specific market. It could be very bad for us
| if a large customer thought we were lying about having
| employees outside the US.
|
| I finally had to resort to blatant Twitter shaming to get
| LinkedIn to address the problem.
| toss1 wrote:
| I've been reading quite a few more of these lately.
|
| It appears that LinkedIn has a problem not only with the
| tsunami of everyday recruiter spam flooding out their primary
| value proposition (real biz connections), but now criminal
| scams exploiting their platform.
|
| Seems like one of those tipping point phenomena, that doesn't
| seem critical, until it is, and by then, it's too late and
| mostly all of the customers have decided they're done with it.
| jenthoven wrote:
| [This is Julia, the IC] In this case, LinkedIn had nothing to
| do with the scam. The thieves were using my real name and
| they didn't create a fake profile for the supposed recruiter,
| so there's unfortunately no phony profile to report.
| matsemann wrote:
| Someone used this technique to steal hundreds of millions in
| crypto tokens from a company recently, so looks to be a common
| and lucrative scam more people are trying.
| https://news.ycombinator.com/item?id=32001742
| abadger9 wrote:
| this happened to me with facebook pre ipo! someone tried to
| impersonate them and screw with me on a fake technical interview.
| That person ended up getting kicked out of our college for
| academic reasons and the campus facebook recruiter found out and
| extended me an interview.
| teetertater wrote:
| On the other hand:
|
| I once got an offer letter with typos, after just a phone
| screen.. and it was totally legit! I worked there for a while
| bell-cot wrote:
| > ...an elaborate scheme around [our company name]
|
| Why is she calling this "elaborate"? It's typo-ridden, done from
| random gmail addresses, and worse. I get "Nigerian Central Bank
| need you help transfering $40 million to you account" spam that
| looks better-done than this scheme.
|
| Edit: 's/is he/is she'
| mbostleman wrote:
| The author and CEO appears to be a she, preferred pronouns
| notwithstanding.
| daniel-cussen wrote:
| That's intentional in both Nigerian 419's and this. They are
| both looking for fools with money with which to part.
| aprinsen wrote:
| Maybe it's not "elaborate", relative term, but it's multi step,
| several fake accounts, a fake mail server, multi step
| interview, and it's tailored to a specific company and targeted
| to a relevant audience.
| fsckboy wrote:
| I was just idly thinking "a name like kapwing should be easy to
| get a domain name for, i wonder where they got the name?", so I
| looked it up in wiktionary.
|
| Not sure if this is the origin, but wiktionary lists it as
| "(rare) the sound of a bullet richochet"... KA-PWING!
|
| is this how the company name is pronounced?
| jenthoven wrote:
| [This is Julia, the OC] We've got you
| https://www.youtube.com/watch?v=vpUvcWjFkFs
|
| Also check out our blog post about the name :)
| https://www.kapwing.com/blog/why-we-chose-an-onomatopoeia/
| IG_Semmelweiss wrote:
| I wanted to add information. Please correct if I am off:
|
| The reported heist of $xxx in Axie crypto by takeover of the
| majority of nodes, was organized N Korean group that created an
| entire fake company in linkedin and related story and web
| presence... The group used the mark - a senior engineer at axis -
| as a gateway to the nodes themselves, under the pretense of
| recruitment.
|
| The engineer went thru a very formal interview process, during
| which he received a PDF with sophisticated malware trojan.
|
| Food for thought.
| whimsicalism wrote:
| You are correct although it seems a bit under-reported.
|
| How does a senior engineer have control over millions of
| dollars without review?
|
| I also am somewhat skeptical of this one-click PDF hack. They
| used a zero-day for this attack? In Chrome? Why hasn't this
| been discussed if so?
| jahewson wrote:
| > We haven't had anyone report that they actually got stollen
| from yet, but of course there would be a delay before they
| notice.
|
| I'd expect that to happen sometime around Christmas :p
| davidkuennen wrote:
| Off topic but I love their website. Fast and nicely structured in
| general.
| sdflhasjd wrote:
| Not a fan of kapwing as they seem to be running a spam campaign
| on reddit.
|
| Also not fond of hosts that put watermarks on media as it
| contributes to a kind of bit-rot.
| jenthoven wrote:
| [This is Julia, the OC] We're not running a spam campaign.
| Any more info here on what you're referring to?
|
| We used to make it free to remove the Kapwing watermark, but
| needed to up our conversion recently to extend runway and
| fund R&D. Just shot every creative tool in our space
| leverages watermarks as a conversion lever because it means
| we can offer most things for free.
| sdflhasjd wrote:
| I am referring to a recent spate in unusual comments on top
| posts that link to reaction-image like clips hosted by
| kapwing.
|
| I'm trying to find some examples, but naturally there's
| none to be seen as soon as I look.
|
| The comments contain unusual English, perhaps computer
| generated, and consist of an initial sentence, followed by
| a quoted hyperlinked sentence linking to kapwing.
|
| I assumed these were an attempt by kapwing, and if that's
| not the case, I apologise for my accusation.
| hnthrow1553 wrote:
| This has been happening to my org more and more too.
|
| It's been a combination of fake linked accounts reaching out to
| unsuspecting people and getting them to pay in return for getting
| priority access to the recruitment queue. Sadly, it works - we
| have had people show up at our offices for their non-existent
| interview. They tend to get very irate when you explain that they
| were scammed.
___________________________________________________________________
(page generated 2022-07-13 23:00 UTC)