[HN Gopher] Someone is impersonating us in a recruiting scam ___________________________________________________________________ Someone is impersonating us in a recruiting scam Author : jenthoven Score : 218 points Date : 2022-07-13 16:06 UTC (6 hours ago) (HTM) web link (www.kapwing.com) (TXT) w3m dump (www.kapwing.com) | hn_throwaway_99 wrote: | I mean, TBH this seems like a pretty dumb scam, and you have to | be pretty gullible to fall for it. Send my bank account | information over to a company before I've actually had face-to- | face conversation with anyone there? And who would expect to get | an offer letter before you've even had an actual interview (as | opposed to just some questionnaire you had to fill out)? | ghaff wrote: | >And who would expect to get an offer letter before you've even | had an actual interview (as opposed to just some questionnaire | you had to fill out)? | | Many years ago now but I did get a job offer out of grad school | on the basis of a mass mailed job application cover | letter/resume. (And this was with a major aerospace company.) | Only did a site visit/interview after I asked for it. | omoikane wrote: | Due to the rising trend of people working remotely, some people | might have never had any physical contact with the people they | work with, all the way from interview up to signing the | contract. It might be difficult for these people to verify that | a startup is legit. | hn_throwaway_99 wrote: | I work in a remote company, and have hired a ton of people | remotely. How many folks do you know who are hired remotely | without ever having even a phone call, not to mention a | video/zoom call? | omoikane wrote: | Since a lot of interviewers conducted interviews from their | homes during the pandemic, I am not sure just being able to | see a person would provide enough assurance. | hn_throwaway_99 wrote: | Don't disagree, but that didn't happen in this case. | oplav wrote: | I was on a Zoom interview panel where it was clear that | the interviewee had someone else on an earpiece and was | being fed answers. | | When we conversed about non-technical things, the | interviewee spoke clearly and fluently. But when we'd ask | a targeted technical follow-up to something on their | resume, they would always repeat the question slowly, and | then robotically with several pauses say their answer | back. Another interviewer said they could hear the voice | in the earpiece talking in between their pauses. | | I'm not sure what their end goal was with getting hired, | but we ended up cutting the panel short. | dahart wrote: | Younglings may have no idea what's normal, right? I don't | know anyone who's been hired without a call or interview, | but that isn't necessarily relevant; it doesn't mean that | scam is obvious to someone who's never been hired anywhere | before, or is too excited about the prospect of a decent | job to question the process. Lots of scams are somewhat | based on people's general reluctance to challenge someone | else, especially when there's a prize or benefit on the | line, this is a human trait. | bornfreddy wrote: | I don't understand this part, is this US-specific? (Genuinly | curious... I'm from EU) If I send my banking details to some | company here they can deposit funds (as in, pay) to it. No way | can they withdraw anything without my authorization. So how | does this scam even work? Or am I missing something? | jenthoven wrote: | [This is Julia, the OC] It's not exactly clear what the end | scam will be. Scammers ask for bank info, a photo of your ID, | and credit info. Sounds like some sort of identity theft or | bank withdrawal situation. | hn_throwaway_99 wrote: | Welcome to the byzantine world of ACH transfers in the US. | | Short of it is that, _no_ , they do not need your specific | authorization to initiate a withdrawal. Here's how ACH works: | | 1. One banking institution is the ODFI - originating | depository financial institution, that makes the request. The | other is the RDFI - receiving depository financial | institution. In order to make a withdrawal, the ODFI sends | the RDFI an ACH request that says "For this routing number | (which determines the RDFI), for this account number and | account holder name, debit $XXX amount and send it to me, the | ODFI." No other authorization is necessary from the account | holder. | | 2. The RDFI will send the ODFI (basically, the ACH process is | more complicated) the money, BUT the RDFI has 90 days I | believe (maybe longer) to pull the money back (search for | "R10 ACH response code). If they do, the ODFI is left | "holding the bag" and must return the funds. Thus, it's up to | the ODFI to ensure that the user who initiated the withdrawal | in the first place is authorized to do so. | | Thus, a common ACH scam is: | | 1. Bad guy opens account at some financial institution with a | stolen identity. | | 2. Many fintechs and online banks use Plaid to link to an | account at an external institution to transfer funds. If the | bad guy somehow has stolen credentials, then they link Plaid | to that external account. | | 3. Bad guy initiates the ACH. Most ODFIs will then hold the | funds for 2-5 days (depends on how long the account has been | open, there are banking rules about how long they can hold | it) specifically because of this return possibility. | | 4. Bad guy then tries to withdraw the money as soon as they | can. If the original account holder doesn't notice the money | missing from their account for, say, 2 weeks, the bad buy | will have gotten the money and the ODFI is the one that has | to make good on the stolen funds. | | Google "ACH Fraud". It's a common problem with startups that | don't realize all the intricacies and problems of the NACHA | rules. | bornfreddy wrote: | Wow, that is interesting... Thank you for an excellent | explanation, makes sense now. | frays wrote: | Wow... The US banking system is truly mind boggling. | | Thank you for taking the time to share this information | about ACH scams. | yieldcrv wrote: | I mean if I said it was for Direct Deposit this would match | many candidates and employees experience. | _jal wrote: | Companies are increasingly intrusive when hiring, like everyone | else. Running background, credit, etc. checks for low-level | employees was considered absurd not too long ago, now it is | routine. | | Especially young folks, excited by their great new gig, are | likely to be unclear on where, exactly, the line is, or not | think through the implications of things happening in the wrong | order. (At my current gig, one of the first things HR did after | we signed was ask me for direct deposit info.) | aynyc wrote: | People are gullible. I can probably build a website with | reasonably fake job listings, and ask job applicants to fill | out I-9. I'm pretty sure I can get a lot of personal data from | that. | vlunkr wrote: | There are lots of dumb scams. It's a numbers game, you reach | out to thousands of people and if only a few bite, you're | probably still making a profit. | V-2 wrote: | Plus the "offer" (and all email communication) is run from a | Gmail account, they didn't even bother to spoof or semi-spoof a | credible looking address. Of course they're not targeting the | best and brightest, but this is by design - such folks wouldn't | jump at a random job opportunity to begin with | elcomet wrote: | I'm not sure it help to shame people who fall for those scams. | People do fall for it, scammed are exploiting human's trust | that most people are nice. Most scams seem dumb once you know | about them. And once some scam becomes well known, scammers | will just change tactics. | | The important thing is to educate people (for example do not | give your bank information over the phone ever, except if you | are the one who called maybe) and have good insurances in case | something like this happens. And I believe it could happen to | any of us, even people who think they're not gullible. | hn_throwaway_99 wrote: | Sorry, I didn't mean to shame folks, I just meant to | highlight that there is very little in this scam that seems | new or clever, so it doesn't seem particularly noteworthy. I | probably get a couple of similar scams directed to me every | week (we joke in our company how we all get texts from our | "CEO" asking to respond to an urgent need...) | | Every now and then I'll read about an online phishing/spear- | phishing scam and think "Wow, that is really good. I | definitely may have fallen for that!" (e.g. the "delayed | disconnect" phone scam - TBH I didn't even realize some | landlines worked like that.) This is not one of those times. | nerdponx wrote: | TIL about delayed disconnect. Scary! | slig wrote: | There's a reason why there are a lot of typos, broken English, | fake emails from gmail, etc, they do not want to waste time on | non-gullible people. | AtNightWeCode wrote: | Reminds me of that guy from Sweden(?) who HIRED more than 100 | people to a non-existing company. Best scam ever, because it is | so stupid, and hard to understand why. | tpmx wrote: | This story from four months ago? | https://metro.co.uk/2022/02/21/jobfished-bbc-doc-on-madbird-... | (It was the UK.) | BashiBazouk wrote: | I was contacted through LinkedIn by a scammer with a position at | a major company. The email was slightly off and the email suffix | was a .company.somethingelse.com. I contacted the company HR | department asking if it was a real job and if not, would they | like all the information I had on the scammers. No reply... | sparrish wrote: | They probably thought your report of a scam was a scam itself. | We get this occasionally at our company. | adrianmsmith wrote: | You'd hope the company would care. But on the other hand I | suppose it'd be you being scammed not them. As harsh as it | seems, that's probably why they don't care. | ghaff wrote: | And it would probably be a hassle for the HR person to reach | out to legal, answer various questions, and deal with it. Not | their job, not their problem, not a great attitude either-- | but so it goes. | mden wrote: | Or more explicitly the people who would see the message would | have no incentive to do anything about it as it would likely | add more work for them with no gain. I think this is in part | a result of all work "efficiency" optimizations and the exact | performance metrics that come with them that have been | applied to many workers in the past decade or so. | rmbyrro wrote: | Initially I expected they'd pretend to hire the person to use | services for free. | | It could last about 45 days. After the first missed paycheck, | they could drag 2 more weeks on "bank transfer issues". | | Depending on the person, even 60 days... | | They could potentially get 2 months of senior video editing free | of charge. Sell this on Fiverr and make more money they were | asking the candidates. | trwhite wrote: | These scams always have horrendous grammar. To me that's a huge | red flag | lnxg33k1 wrote: | It's done on purpose, those who don't see the grammar mistakes | are more likely to fall for the scam and not be able to track | the scammer back | darkwater wrote: | Oh! That's a way of seeing it that I never thought about but | that now just made "click" in my mind! | phendrenad2 wrote: | I've heard from multiple senior engineers that they felt like | they were being scammed while interviewing with a legitimate | company. I end up spending a lot of time digging through the | company website to make sure that at least ONE of the people I | spoke to in interviews is even mentioned by name somewhere. If I | can't do that, I make up some excuse to talk to the CFO about | stock option vs base salary balance or something. | | This is all bullshit. Companies should accompany any request for | personal information with a document signed by their private key, | so I can verify it with the company's public key. Wasn't PKI | invented in the 1980s? | notjustanymike wrote: | We've had an ongoing problem with this as well, and it's | shockingly effective. A couple of "candidates" have reached out | to us right before they were scammed. | | The con really preys on people's hopes - promise them a higher | paying job, hopes of a better life, then casually extort them | right at the end. | frays wrote: | How did the "candidates" actually get scammed? Did the bad | actors steal their personal information and commit fraud? | | I don't understand what scammers get out of doing this. How do | they make money? | Beaver117 wrote: | Recruiters get what they deserve for ghosting people and being | assholes | robbitt wrote: | This is common problem in nearly all intermediary business models | from real estate agents, stock brokers (now nearly obsolete), | recruiters to freight brokers... | seaerkin wrote: | There are companies that offer brand and employee impersonation | detection services, but something like this is undetectable. Any | scam done through a public email provider, you really can't do | much aside from reporting the email and raising awareness. | | Had the scammers linked back to a domain or website that looks | similar to your brand, THAT is detectable and there are services | that can help here. | tessgadwa wrote: | I was targeted by a similar recruiting scam several years ago -- | again, a smallish company which was high on my interest list, | with a personalized email matching my stated skills and | experience. | | All I can say is that while legit "cold" recruiting outreach | happens all the time, if you are a job seeker take the time to | verify these contacts. Don't give out personal or contact | information until you are absolutely sure you know who you are | talking to! A professional will not mind you taking this extra | step. | ChrisMarshallNY wrote: | I was once contacted by Apple. | | The email almost got shitcanned, because it was so scruffy. | | The subject was just "Hello From Apple." There was no HTML in | the email, and the letter was really short. | | It may have been an auto-generated one. | | It never turned into anything, but it was a legit contact. | acid__ wrote: | That's funny, there's actually been an intentional shift | among "email thought leaders" towards shorter, plain-text | emails because they can come across as more personal in | today's world of high-powered CRMs. | ipaddr wrote: | Reminds me of the Amazon ones. | matsemann wrote: | I once had a recruiter from facebook get stuck in the "spam" | tab in facebook messenger back in 2014. Not the "you may | know" message requests you get a notification about, but the | spam you never see. | | It was legit. Didn't see it until someone reached out a | different way. A bit funny how their own platform failed | them. | jenthoven wrote: | [This is Julia, the OC] 100% agree. At Kapwing, we would never | penalize a candidate for verifying a job opening; in fact, we'd | likely see it as a positive signal and sign of enthusiasm. | AtNightWeCode wrote: | First impression. Fake. Some random company trying to get | attention. Scams are often more generic or more poorly done. This | would be some Americans trying to harm the biz by targeting. Not | unheard of but not very likely. | baxtr wrote: | Interesting scheme. I wonder why they do it. | | Neither in the linked article nor in the comments here I found a | real financial damage - other than huge waste of your time and | loss of personal data. | | Anyone any clue on this? | andreygrehov wrote: | This could be one of the reasons - | https://www.cnet.com/personal-finance/crypto/a-fake-job-offe... | useruser1991 wrote: | Unrelated: Kapwing runs the most odious dark pattern I've seen | for users who wish to cancel - they threaten to make all the | content you created public. | JoeAltmaier wrote: | Reminds me of food delivery companies presenting themselves as | restaurants. There was some question of if or how illegal it | actually was. | cyral wrote: | A good read: https://www.readmargins.com/p/doordash-and-pizza- | arbitrage | mnd999 wrote: | Surely it comes down to trademarks. If you're using someone | else's trademark you're in trouble if they sue you. | paulgb wrote: | Or wire fraud. IANAL but this in particular seems to go | beyond trademark misuse into yeah-that's-a-crime territory: | | > For example, in this case, candidates received the "offer | letter" with our old company logo in the letterhead instead | of the new logo we introduced recently. The offer letter was | also signed by a random "Advisor" named Tom Gahm (who | actually doesn't exist) rather than the CEO. | nowherebeen wrote: | Oh the irony. These startups have been growth hacked! | khendron wrote: | Something similar happened to one of my corporations. Somebody | targeted by scam the was suspicious and contacted me via | LinkedIn. Discovered somebody had setup a completely separate and | very legit looking website using a similar domain name (e.g., | instead of company.com, it was companyinc.com). | | I have no idea if they successfully scammed anybody. | | One thing I did that is not mentioned in this article is that I | contacted the police. The police took a statement and collected | all the relevant files (e.g., the PDF job offers I had been | sent). | | There was, unfortunately, not much the police could actually do. | But having an official police report helped in my next step, | which was to start an internet-wide game of whack-a-mole with the | scammer's website. I'd identify the hosting company, send them an | abuse report, citing the police report, and request the website | be taken down. The hosting company would usually comply within 24 | hours, then a week or so later the website would reappear using a | different host. Lather, rinse, and repeat several times until the | scammer gave up (or moved to a different domain that I have not | discovered yet). | edm0nd wrote: | A North Korean APT and other nation-state backed hackers are | using fake job offers and interviews to drop targeted malware. | It's actually a pretty effective method. Certainly something to | be aware of if you are job hunting and an engineer or sysadmin | position for a large F500 company. Triple verify everything and | dont open PDFs lol. | blobbers wrote: | If you work at a crypto exchange I have an exciting opportunity | for you! | palata wrote: | I don't get how it works. If I give my IBAN, then people can send | me money, but they cannot take money from me. | | A scam would need to ask e.g. my credit card data, but at this | point it's pretty clear that it's not to send me money. | | I am not in the US. Is that different there? Like do you use the | same numbers for both? Or do people just not know the difference? | erichurkman wrote: | The key is in the 'congratulations' email: | | > Please note that, on acceptance of this employment offer, the | following equipment will be deliver to you to set up your home | office, the funds for the purchase of the equipment will be | made available to you prior to purchase and delivery. | | They will send you a $15k check, you'll buy the equipment, and | Venmo them back the remainder. Meanwhile, the check bounces. | mhzsh wrote: | Years ago, my previous employer had a few listings on Indeed for | software engineers (some were very long-running). A recruiter | reached out to us with a candidate they had, who had experience | in the areas we were looking for, which was enticing because | people like this were not so easy to come by for a small company | not based in a major city. By chance, we found out during the | interview process with the candidate that the recruiter was | playing both parties. This very shady recruiter cloned our job | listing (removing the company information) and was able to out- | rank us in the search. They presented themselves to the candidate | as if they were working for us, and to us they presented | themselves as trying to place this candidate, effectively | collecting a recruiting fee for hijacking our listing forwarding | a resume. They ended up with nothing but a warning from lawyers, | but they _almost_ got an easy paycheck out of it. | ricardobayes wrote: | Color me naive, but why is this a bad thing? If your listing | reaches more people, it's ultimately better for you. Maybe I'm | misunderstanding something. | gnicholas wrote: | It's the fee, which is a percentage of the employee's salary. | That's much more than the listing fee on Indeed, likely by | orders of magnitude. | | There's also the downside that some scummy person is | representing themselves as being affiliated with you, when | they're not. So if they do scummy things to the candidate | (which they likely would, given what they're doing to you), | then you are painted in a bad light. Think of situations that | HNers complain about here, and then imagine that it's your | company being (wrongfully) dragged for having lousy | interviewing practices. | bertil wrote: | The fee is the most common issue cited by employers. | | I generally respond (as a candidate) to get a sense of the | problem. I can assure you that bad representation is the | biggest problem. It's not uncommon for recruiters to say | something really problematic (bluntly racist or sexist) or | impose excessive interview steps to filter candidates, | without knowledge of the industry. I often know the hiring | manager well enough to give feedback and they are generally | horrified. | tshaddox wrote: | I would imagine it's for the same reason that many big | musical acts go to lengths to make it difficult for concert | tickets to be resold. It's important to them to manage their | relationship with their customers, and they simply don't want | all or most of their tickets essentially being auctioned off | to the highest bidders even if that is technically the most | economically efficient allocation according to some extremely | short-sighted interpretation of an Econ 101 textbook. Heck, | it's the same reason Apple sometimes has long wait times for | a new popular iPhone model instead of holding an auction and | shipping to the highest bidders first. | ricardobayes wrote: | I think you're right, it's what separates companies | classing the same/similar behavior as unwanted, even | illegal (grey market luxury watch dealers) vs encouraged | (food delivery). The relationship with the client and it's | perceived value. Coming to think about it, probably a | Michelin-star high-end restaurant would shoo away a | doordash person coming to pick up takeaway. | PragmaticPulp wrote: | Because you don't want an unrelated 3rd party inserting | themselves between you and the candidates. | | How many good candidates were scared away by the sketchy | recruiter? There's no way to know. | ricardobayes wrote: | How is this different than doordash coming to pick up food | from a restaurant and delivering to me? I think it's very | similar, they charge an extra fee, restaurants might not | sign up for this and it's not the restaurant employees | handing me the food. | mhzsh wrote: | In this case, neither party has really signed-up for it. | To the candidate, it might not matter that much if they | don't have a negative experience with the recruiter, but | to the company whose job listing was straight-up | plagiarized and outranked on the same job board (with a | big recruiting fee on top), it's very different. With | doordash, you at least agree to the fee, right? | ratww wrote: | Well, for one either you or the restaurant wanted | Doordash to do that job, and Doordash isn't | misrepresenting themselves as if they were working for | the restaurant (without the restaurant's knowledge). | | Of course, with that said, there was some service a few | years ago (maybe it's Doordash?) that was generating | landing pages and buying domains pretending they were the | restaurant. But that's also very shady. | opendomain wrote: | Delivery services DO misrepresent restaurants. If you | search for a specific restaurant in your area, you will | get lots of SEO spam that is not from the actual | restaurant. | ratww wrote: | ...and that's precisely what I mentioned in the second | paragraph of my message. | RHSeeger wrote: | > Doordash isn't misrepresenting themselves as if they | were working for the restaurant | | From what I head, the various delivery services have been | setting up websites that pretend to be the actual | restaurant's site, but list their own phone number. So | they're committing fraud, too. | JacobThreeThree wrote: | If the recruiter is saying he's been hired by a company to | find people for a given job posting, and he hasn't actually | been hired by the company, that's fraud. | a2tech wrote: | I don't think this is uncommon--in fact I think it's the way | many recruiters work. | yomkippur wrote: | raverbashing wrote: | Hence why most companies don't accept placements by | recruiters unless it's the one they specifically hired for | the job | apohn wrote: | Unfortunately recruiters lie about "exclusivity" as well. | | About a year ago I was on the job market and multiple | recruiters reached out to me with the exact same job | listing, just with the company name removed. All of them | claimed to have an exclusive relationship with the company | and they were working directly with the hiring manager. | With 5 minutes of Googling I found the original position | and the company that posted it. | | Do they get penalized if they present a candidate for the | job and the company says "No recruiters" and they remove | the candidate from their candidate pool? | benglish11 wrote: | penalized by who? It works enough that tech recruiters | and their agencies make a lot of money. If there is no | agreement between the company and the recruiter the | company is free to contact that applicant themselves. The | recruiter will usually hide the contact information of | the applicant for this reason. | | Enough hiring companies only care about getting a | seemingly qualified applicant in for an interview and | will ignore what ever shady things recruiters do. | HWR_14 wrote: | He's asking if he, as a candidate, will get blackballed | by the company if a recruiter submits his resume. I think | you're assuring him he will not. | thih9 wrote: | And many real estate agents, and sadly perhaps more | occupations. | lotsofpulp wrote: | How is that how real estate agents work? The seller signs | an agreement outlining compensation with a real estate | agent before any work is done. | jjk2178 wrote: | A real estate agent might repost an owner's ad for an | apartment, and earn a broker's fee from the renter when | the apartment is rented | lotsofpulp wrote: | I have only dealt with agents for apartment rentals in | NYC, and there, the landlord hires the agent and agrees | to pay them a fee, just like a house seller would agree | to. | | If neither a renter or the landlord have an agreement to | pay an agent, why would the agent be owed any money? | RHSeeger wrote: | In Mass, it's the renter that pays the fee. | lotsofpulp wrote: | In NYC, the renter usually pays the fee too, but that is | simply part of the rental agreement from the landlord. | | The person that agreed to pay agent is still the | landlord. In times when supply of apartments exceeds | demand from renters, landlords have to pay the agent from | their pocket. | | But the point is that in all cases, someone agreed to pay | an agent. The agent did not simply materialize and | obtained a right to collect money from someone. | nradov wrote: | That's not how the multiple listing systems work in the | US real estate market. | fshbbdssbbgdd wrote: | Realtors certainly will _try_ to get you to sign an | exclusivity contract as early as possible. But if you | don't sign, most will show you homes for free. Agents | will talk about it like you don't have a choice to get | you to sign, though. Personally, I'd at least demand that | such a contract include a cash rebate for a portion of | any fees the realtor earns, and I'd want it to be limited | to the transaction on a particular home. I wouldn't sign | anything that prohibits me from working with other agents | on other purchases. | [deleted] | pyuser583 wrote: | I was told this by a realtor once. | gumby wrote: | Nowadays you can often use a search with some text from the | ad to figure out who the real company is. Though who would | bother? | gorbachev wrote: | I do that every time a recruiter cold calls me about an | opportunity without mentioning the company, if the | opportunity sounds interesting. | Kalium wrote: | I do that to find out who the company is. It's usually a | better way to find out how much they pay than the recruiter | is. Too often recruiters try to avoid telling me either | item. | albedoa wrote: | > Though who would bother? | | It takes like four seconds. | stevage wrote: | Who would bother to find out who the company they would be | working for is? Who wouldn't? | ako wrote: | It is shady, but at the same time it sounds like the recruiter | succeeded where your company failed. He was able to find a | candidate for your position, where your employer was unable by | just posting it to indeed. | | He did a better job, and maybe that is worth the additional | money? Do you think your employer would have found the same | candidate by just relying on the job listing on Indeed? | theamk wrote: | The recruiter copied listing as-is, with only company name | removed. If thir listing wasn't there, candidate would find | the company directly. | | So they provided no positive value; in fact they provided | negative value by adding duplicate listing and making them | harder to navigate. I don't thin | bobbaf wrote: | This is also how they were able to steal money from Axie | Infinity, they sent a malicious PDF file that was able to exploit | and compromise the company's security and steal US$600 million! | | https://www.cnet.com/personal-finance/crypto/a-fake-job-offe... | sbassi wrote: | You should post a visible warning in your careers page, it may | help for some cases. | random_0 wrote: | May be they should add a notice on their home page too. | 120bits wrote: | This is the 4th time I have heard this news in a month. I wasn't | paying much attention till it happened to my girlfriend. | | A person with a linkedin profile, that looks very legit saying | they work for Nike at a senior level position reached to my gf | for a job role. Well, at first she was excited and then she | forwarded me their profile. It was really good presentation, | however, few things were way off. Like the timelines on their | profile were not accurate. The related experience was shady and | more. As I dig deep I was convinced its a scam. | | I reported the profile to Linkedin. | kstrauser wrote: | Ugh, LinkedIn. Someone created a profile saying they were in my | company's Mumbai office. We're 100% US-based, which is very | important in our specific market. It could be very bad for us | if a large customer thought we were lying about having | employees outside the US. | | I finally had to resort to blatant Twitter shaming to get | LinkedIn to address the problem. | toss1 wrote: | I've been reading quite a few more of these lately. | | It appears that LinkedIn has a problem not only with the | tsunami of everyday recruiter spam flooding out their primary | value proposition (real biz connections), but now criminal | scams exploiting their platform. | | Seems like one of those tipping point phenomena, that doesn't | seem critical, until it is, and by then, it's too late and | mostly all of the customers have decided they're done with it. | jenthoven wrote: | [This is Julia, the IC] In this case, LinkedIn had nothing to | do with the scam. The thieves were using my real name and | they didn't create a fake profile for the supposed recruiter, | so there's unfortunately no phony profile to report. | matsemann wrote: | Someone used this technique to steal hundreds of millions in | crypto tokens from a company recently, so looks to be a common | and lucrative scam more people are trying. | https://news.ycombinator.com/item?id=32001742 | abadger9 wrote: | this happened to me with facebook pre ipo! someone tried to | impersonate them and screw with me on a fake technical interview. | That person ended up getting kicked out of our college for | academic reasons and the campus facebook recruiter found out and | extended me an interview. | teetertater wrote: | On the other hand: | | I once got an offer letter with typos, after just a phone | screen.. and it was totally legit! I worked there for a while | bell-cot wrote: | > ...an elaborate scheme around [our company name] | | Why is she calling this "elaborate"? It's typo-ridden, done from | random gmail addresses, and worse. I get "Nigerian Central Bank | need you help transfering $40 million to you account" spam that | looks better-done than this scheme. | | Edit: 's/is he/is she' | mbostleman wrote: | The author and CEO appears to be a she, preferred pronouns | notwithstanding. | daniel-cussen wrote: | That's intentional in both Nigerian 419's and this. They are | both looking for fools with money with which to part. | aprinsen wrote: | Maybe it's not "elaborate", relative term, but it's multi step, | several fake accounts, a fake mail server, multi step | interview, and it's tailored to a specific company and targeted | to a relevant audience. | fsckboy wrote: | I was just idly thinking "a name like kapwing should be easy to | get a domain name for, i wonder where they got the name?", so I | looked it up in wiktionary. | | Not sure if this is the origin, but wiktionary lists it as | "(rare) the sound of a bullet richochet"... KA-PWING! | | is this how the company name is pronounced? | jenthoven wrote: | [This is Julia, the OC] We've got you | https://www.youtube.com/watch?v=vpUvcWjFkFs | | Also check out our blog post about the name :) | https://www.kapwing.com/blog/why-we-chose-an-onomatopoeia/ | IG_Semmelweiss wrote: | I wanted to add information. Please correct if I am off: | | The reported heist of $xxx in Axie crypto by takeover of the | majority of nodes, was organized N Korean group that created an | entire fake company in linkedin and related story and web | presence... The group used the mark - a senior engineer at axis - | as a gateway to the nodes themselves, under the pretense of | recruitment. | | The engineer went thru a very formal interview process, during | which he received a PDF with sophisticated malware trojan. | | Food for thought. | whimsicalism wrote: | You are correct although it seems a bit under-reported. | | How does a senior engineer have control over millions of | dollars without review? | | I also am somewhat skeptical of this one-click PDF hack. They | used a zero-day for this attack? In Chrome? Why hasn't this | been discussed if so? | jahewson wrote: | > We haven't had anyone report that they actually got stollen | from yet, but of course there would be a delay before they | notice. | | I'd expect that to happen sometime around Christmas :p | davidkuennen wrote: | Off topic but I love their website. Fast and nicely structured in | general. | sdflhasjd wrote: | Not a fan of kapwing as they seem to be running a spam campaign | on reddit. | | Also not fond of hosts that put watermarks on media as it | contributes to a kind of bit-rot. | jenthoven wrote: | [This is Julia, the OC] We're not running a spam campaign. | Any more info here on what you're referring to? | | We used to make it free to remove the Kapwing watermark, but | needed to up our conversion recently to extend runway and | fund R&D. Just shot every creative tool in our space | leverages watermarks as a conversion lever because it means | we can offer most things for free. | sdflhasjd wrote: | I am referring to a recent spate in unusual comments on top | posts that link to reaction-image like clips hosted by | kapwing. | | I'm trying to find some examples, but naturally there's | none to be seen as soon as I look. | | The comments contain unusual English, perhaps computer | generated, and consist of an initial sentence, followed by | a quoted hyperlinked sentence linking to kapwing. | | I assumed these were an attempt by kapwing, and if that's | not the case, I apologise for my accusation. | hnthrow1553 wrote: | This has been happening to my org more and more too. | | It's been a combination of fake linked accounts reaching out to | unsuspecting people and getting them to pay in return for getting | priority access to the recruitment queue. Sadly, it works - we | have had people show up at our offices for their non-existent | interview. They tend to get very irate when you explain that they | were scammed. ___________________________________________________________________ (page generated 2022-07-13 23:00 UTC)