Beginning on July 20th, many individuals contacted us asking if a job offer they had received from us was a legitimate offer, wanting to ensure that they were talking with the correct person at the company. The unfortunate truth was that none of the potential applicants seeking information had submitted an application with Caktus Group.
Over the past three weeks, we have seen a large uptick in the number of hopeful applicants; as well as those alerting us that there may be some fraudulent activity happening related to our recent hiring. The emails detailing these job offers came from a fraudulent site that closely matched our own company website; these emails, as well as the fraudulent website, have since been reported to Google for removal. Some offers included potential interview questions, as well as outright offering the applicant the job through email.
As a result of the increase in fraudulent activity, Caktus has removed all job postings from any job board, and any job postings you may see, at this time, are fraudulent and you should not interact with them.
Emails from Caktus will always come from the domain “@caktusgroup.com”. Any email that you receive that does not match this should be considered fraudulent. It is important that you not click any document that may be contained in one of these fraudulent emails. This can open you up to a number of different risks that may result in your email, or other social media accounts being compromised.
We would like to take this time to outline a number of ways you can spot fake job offers, and LinkedIn scams, and how you can keep yourself more safe in this remote work landscape.
There has been a rise in the number of fraudulent job postings. These scammers will find open postings on sites like Linkedin and Indeed and create fake company profiles and make job postings mirroring those of a legitimate company. Often this will happen with job postings that have been open for a period of time, or often even after the company has removed those job postings.
From an article on linkedin.com by Sagar Neupane¹:
10 steps to verify a job posting
1. Research the company by checking its website and LinkedIn page.
2. Look for other job postings by the company and compare the details.
3. Check the job requirements and qualifications. Do they seem reasonable for the job?
4. Look for any grammatical errors or typos in the job posting
5. Check the location of the job. Does it match the location of the company?
6. Reach out to the company through its official website or LinkedIn page to confirm the job posting.
7. Verify the recruiter or hiring manager who posted the job is legitimate by checking their LinkedIn profile and connections.
8. Check the salary and benefits offered. Does it seem too good to be true?
9. Look for reviews or feedback from current or previous employees of the company.
10. If you have any doubts or concerns, trust your instincts and avoid engaging with the job posting.
If you may have already applied to one of these fraudulent job offers, it is important to make sure that you verify the domain name from which you are receiving any offer or request for information related to outstanding applications. If there are any documents contained within the email, confirm that the sender’s email matches the domain name of the job to which you have applied. Ex. “email@example.com” would be a legitimate email address, as the domain name matches the company’s official website “https://www.caktusgroup.com/”, whereas “firstname.lastname@example.org” would not be.
In the same LinkedIn article by Sagar Neupane¹, Sagar details 5 examples of what may happen if you click on suspicious links:
- Malware could be downloaded onto your computer, which can steal personal information or damage your device.
- You could be redirected to a phishing website where scammers can obtain your login credentials or personal information.
- Pop-up windows may appear, prompting you to enter personal information or download fake software updates.
- Your browser may be hijacked, causing it to display unwanted ads or search results.
- Your device may be locked or held for ransom by cybercriminals, who demand payment to unlock it.
For more information on spotting fraudulent job offers and how to report them to LinkedIn, please read the article referenced above by Sagar Neupane¹: https://www.linkedin.com/pulse/exposed-dark-side-linkedin-job-scammers-sagar-neupane/
Knowing all of the ways you can spot a fraudulent job offer is important, but sometimes it is not enough. It can be difficult to tell that these fraudulent job postings are not legitimate, and you may have already clicked on some documents that you were sent or revealed financial information that has now put you at risk. Identity theft is a growing problem in this digital world, and scammers are getting increasingly savvy with how they approach and ensnare their victims. According to an article from Feb. 2023 on ftc.gov²:
The FTC received fraud reports from 2.4 million consumers last year, with the most commonly reported being imposter scams, followed by online shopping scams. Prizes, sweepstakes, and lotteries; investment-related reports; and business and job opportunities rounded out the top five fraud categories.
The financial impact, reported in the same article, of these reports is also a staggering amount:
Newly released Federal Trade Commission data shows that consumers reported losing nearly $8.8 billion to fraud in 2022, an increase of more than 30 percent over the previous year.
It is important to know what to do if you have fallen for one of these scam job offers so that you can protect yourself and your information as well as possible. Suggestions from an article on Lookout.com³, a Cloud and Endpoint Security provider, include:
Report it to law enforcement
If you were the victim of a scam, report it immediately to your local law enforcement agency. You can also report it to the FBI’s online crime complaint center.
Make sure to keep the evidence of the scam you encountered — emails, messages, screenshots, documents, and more. This will help the authorities investigate your situation, as well as provide proof to your bank if you file claims or you lose money as a result of the scam.
Report and block on LinkedIn
If you receive a message from a scammer on LinkedIn, you can block them and report them directly to LinkedIn so the platform can remove scammers from their site.
If you feel that you have been targeted by scammers using a fraudulent website, you can report this to Google through the Safe Browsing Reporting page: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
Simply enter the URL for the page and provide some details about the incident. In the case of Caktus Group, the URL “http://caktusgrouprecruitment.com” was entered into the “URL” section and details were provided about the fraudulent emails being sent to users.
If you would like to see who registered the domain and when you can check on ICANN Lookup: https://lookup.icann.org/en/lookup- this will provide all of the relevant information for the domain and what service the domain was registered through. In this case, we were able to see that the domain was registered on 2023-07-20 with Google LLC.
The remote work environment has opened up many new opportunities for those around the world and removes the limitations of needing to be physically present at your workplace, improving the talent pool that companies are able to draw from. While this has led to many new and exciting ventures, it has also given rise to a legion of scammers who also see this development as an opportunity. We must do everything we can to keep ourselves safe and protect our information from would-be criminals.
Links mentioned in this article, as well as additional resources for protecting yourself from online fraud:
https://www.linkedin.com/pulse/exposed-dark-side-linkedin-job-scammers-sagar-neupane/ - Details different types of job scams prevalent on LinkedIn, examples of scenarios, steps to verify a job posting, examples of what may happen if you click on suspicious links, deceptive tactics and how to stay safe, and how to spot and report fraudulent job offers.
https://www.ftc.gov/news-events/news/press-releases/2023/02/new-ftc-data-show-consumers-reported-losing-nearly-88-billion-scams-2022 - FTC article on data related to financial impact to consumers.
https://www.lookout.com/life/blog/job-scams-on-linkedin-what-are-they-and-how-to-stay-protected - Details 3 different types of job scams (Fake job posting, Fake recruiter profile, and Fake investor opportunity) as well as signs to look out for.
https://www.youtube.com/watch?v=GW_DLLjvrsc - First-hand account of a user being hacked by clicking on an attachment, which prompted her to log in to her Gmail account.
https://www.latimes.com/business/story/2023-01-12/job-scams-skyrocket-linkedin-indeed-pandemic - Contains examples of first-hand accounts of many individuals being scammed through LinkedIn by fake job offers that then led to the users’ information, as well as common scams.
https://www.welivesecurity.com/2022/05/09/common-linkedin-scams-phishing-attacks-fake-job-offers/ - Details a number of LinkedIn scams.
https://www.youtube.com/watch?v=nYdS3FIu3rI - Information detailing how a popular YouTube channel was hacked using documents that posed as .pdf files but were actually malware that captured session tokens. [Very in-depth technical dissection of what happened and how it was accomplished]