If you want to skip the story, click here to go right to the solution.
Between a pair of back to back Zoom meetings, I was checking emails and Slack, and saw a note that raised my eyebrows. We had gotten two emails from candidates asking about our interview process, because, as they claimed, “It seemed a little sketchy.” Which is concerning in and of itself, except, here’s the thing: we didn’t invite either of these candidates to interview.
They forwarded us the email “we” had sent them, and lo and behold, it wasn’t actually from us at all. It was from someone purporting to be us, so much so that they’d even purchased the domain name “yokococareers.us” to send the emails from. They’d also taken the liberty of drafting an interview prep guide, company briefing, and outlining a totally fabricated benefits package.
What wasn’t clear to us was why? Obviously it’s a scam of some sort, but what’s the endgame?
Long story short, the impersonators create an elaborate interview process (out of curiosity, I also applied with them, you can read that story here) which includes an outreach email, a confirmation code, an obvious bit of bait and switch in which they ask the candidate to download Wire secure messenger (Wire is well aware of this scam) and go through an “interview” which is done via text with some… painfully dimwitted screening questions. Really the bare minimum to make it seem legit, which I suppose is exactly the point.
Once the candidate passes the “interview” they are then sent paperwork to complete, which includes a lot of personally sensitive information, including banking information for “payroll” purposes. Well, you can guess what they end up doing with that.
Unfortunately, this is a pretty common scam. Unlike many other common internet scams, however, there wasn’t much information online about how to combat this particular type of maliciousness. Despite that, we were able to resolve the issue faster than we anticipated. In the interest of making the internet a better place and sharing helpful information, here’s how you can do the same.
How to Stop a Scammer Impersonating Your Company with a Fake Domain Name:
1. Gather Evidence: First things first, gather the evidence you’ll need. Most critical are going to be the fraudulent emails with the original headers.
To do this in Gmail, go into the message and select the 3 dots “⋮” and select “Show original”
Important Note: You will need the person the email was originally sent to to do this and send you the “original” message. Doing this with a forwarded email will not give you the original email headers which are needed to report the domain.
See how to do this in Outlook here.
2. Lookup the Fraudulent Domain: Conduct a Whois lookup on the imposter domain name to determine which registrar was used to purchase the domain name.
3. Report the Domain to the Registrar: Once you know who the Registrar is, you can report the misuse to their Abuse department. This is often visible in the WhoIs record, or you can look it up on the Help or Support section of their website. In our case, the registrar was NameCheap. They had a simple form to fill out which enabled us to state our case and upload the associated evidence. You will, 100%, want to include a text version of the email with original headers here if you can.
4. Report the Fraud to the Authorities: After reporting it to the registrar, you should also report it to the authorities. The FTC, the FBI, and the local police. While they are unlikely to be able to actually do anything about it, your report helps them keep tabs on how much of this activity is happening and supports broader systemic efforts to combat this kind of crime.
- It may also help to have something on record, should someone fall for the scam, believe it actually was you, and take action against you, thinking you’re the perpetrator.
5. While You Wait: It can take a registrar a day or two to take action on this. While you’re waiting, there are a few other things you can do:
- Post an Update on Your Website: On your careers or contact section, explain what your process does, and does not, entail and remind candidates that communications from you will only come from authorized channels and domains, and list those authorized domains so candidates know what to look for.
- Reply to Those Who Have Reached Out: By now, dozens, hundreds, or thousands of people may have fraudulently been contacted on “your” behalf. While only a fraction of those will reach out to you about it, be sure to respond to them to let them know it wasn’t you. Arm your team with a template they can use to respond to others affected while you await resolution from the registrar.
6. If It Still Isn’t Fixed: There are some escalatory actions you can take. You can report the offending domain to Google and Microsoft. You can also report the site to Norton, McAfee, and Kaspersky.While these reports can’t take the domain down, they can flag it to be listed as spam/scam and prevent the emails from getting into inboxes.
7. Still No Joy?: You can escalate and attempt to file DMCA takedown requests with any of the offending providers. If additional emails or calls to the registrar have been unproductive, you can also consider looping in a lawyer to help draft a note informing the offending parties you may be forced to take legal action if the issue is not resolved.
There you have it – a crash course in thwarting job interview scams. It can be a little daunting, but if you follow the advice above, you should have the scam resolved within one to two days, and you can get back to doing the good work you do.
While you’re waiting, you may also consider applying for a job with the scammers. That’s what I did, and you can read that story here.
Latest Posts
WordPress vs WP Engine
(Updated: October 15, 2024) Recent tensions have escalated between Matt Mullenweg, founder of The…
Keep ReadingNavigating the AI Revolution: Top Takeaways from ASAE’s 2024 Annual Meeting
There is no better feeling than sitting back at your desk after a good…
Keep ReadingThe Essential Guide To SEO for 2024 and beyond
What You Need To Know Now About SEO We’ve put together this Essential Guide…
Keep Reading