When the Scam Wears Your Name: How Fraudsters Use Fake Jobs to Target Consumers

In today’s digital hiring landscape, brand impersonation scams aren’t just a reputational threat—they’re a direct assault on consumer trust. Just as companies must guard against fraudulent applicants, they now face a parallel challenge: protecting consumers from fake job postings that misuse their brand to deceive and exploit.

At Socure, we experienced this firsthand. A fraudster created a convincing fake domain—careers.talent@socure.team—to impersonate our HR team and post a fake remote job for an Executive Assistant. The scammer didn’t stop at copying our name. They mimicked our tone, referenced real employees, and built a fake interview process to draw the victim deeper into the fraud.

This wasn’t a phishing attempt powered by sophisticated AI. The scam emails were riddled with grammatical errors and awkward phrasing—a hallmark of old school social engineering. But make no mistake: the damage was just as real. The job seeker thought she had landed a legitimate role at Socure, and the emotional and financial consequences were devastating.

Behind the Curtain: How the Scam Unfolded

The scam played out over a weeklong series of emails, with the victim, “Sally,” believing she was moving through the legitimate stages of a remote hiring process. Once Sally applied for the role, the hook was set when she received this email:

“After receiving your credentials via a job board, we carefully considered you, and we believe you’ll be a wonderful fit for our Executive Assistant role at Socure. We’d like to talk about your qualifications and our requirements for the position.”

At this point, the scammers asked Sally to join them via a Microsoft Teams account. The account was set up under a Socure HR representative’s name and displayed her social media photo with an email back to their name @socure.team. From then on out, all contact was managed through that fake Teams account.

Here’s a lightly edited transcript of the Teams exchange that followed:

Bad Actor: Hello, and how are you doing today? Did you sleep well? You’ll receive a call from one of our divisional Talent Acquisition and Human Resources Director, Mr. Michael Vandalone, today. The call would be to assess you for the phone call interview. You will be contacted between 100 PM – 400 PM PST today. Let me know what time between these given hours you will be available to receive the phone call.

Applicant: I’m doing well and yes, I slept well too. I hope you also had a nice evening. I can be reached between now (140pm) and 400pm PST. Thank you.

Bad Actor: Alright, perfect! I will let you know as soon as he’s available on seat to reach out to you. Ensure that you are online and stay reachable.

Applicant: Ok, sounds good. I have to leave around 230 PST, but I can take the call in my car. I just won’t be able to be online at this time.

Bad Actor: Mr. Michael will be on seat by 4 PM PST to give you a call. Ensure to remain reachable and keep your phone close as well.

Applicant: OK. ____________________________________________________________________

Sally spoke with Mr. Vandalone later that afternoon on a Teams call. The camera was not on and the conversation was short. Sally described him as, “ terse and had no sense of humor, and was unprofessional.” She went on to say, “All he did was ask a lot of questions that didn’t seem relevant and then said they will be moving forward on hiring me and that I should expect a call from the Socure HR person today.”

____________________________________________________________________

Bad Actor: Good morning Sally and how are you doing today?

Applicant: I’m doing well, thank you. How are you?

Bad Actor: I am doing great, thank you for asking.

Applicant: I spoke with Mr. Vandalone yesterday afternoon and he wanted me to let you know. Please let me know what the next steps are in the interview process. Thank you.

Bad Actor: Alright, perfect! Do remain online and stay reachable while I get feedback from the HR desk I will get back to you shortly in a few minutes and we proceed accordingly moving forward. I believe I am clear?

Applicant: Yes, but I have to run out now for an appointment.

Bad Actor: Alright, and we are all set to proceed. However, in regards, based on your rendition and questions answered the HR team has confirmed and offered you the position. I will be sending over your offer letter via email shortly for you to have filled out and sent back to me when completed and once I receive your signed offer letter we will proceed with a quick briefing on getting started and we proceed accordingly moving forward.

Applicant: Thank you. This is exciting. Yes, please send me the letter.

Bad Actor: Alright, perfect! We will be using this platform to communicate until we have your home office setup and fully functional and you have received your unique employee login and password which you will be using to gain access to the software packs that will be installed on your work PC and then we will be able to communicate more securely via our secure mail servers and through virtual presence 2.0 respectively. Once we have your workstation set up, your supervisor and I will connect with you through a three-way video conference and we’ll assist you in setting up your work schedule so it is flexible yet favorable for you and for the company as well. Understood?
I will let you know once I have sent over your offer letter via email within the hour so you can go through it carefully, and once clear proceed to sign it and have it sent back to me and we proceed accordingly moving forward with a quick onboarding briefing on getting started on I received your signed offer letter. I believe I am clear?

Applicant: Ok, sounds good. Thank you.

_____________________________________________________________________

Bad Actor: I have sent over your offer letter and you are to kindly acknowledge receipt of my email and the attachments therein.

Note: The image above – These are not real names and signatures – they are forged.

Note: The image above – These are not real names and signatures – they are forged.

“You’re Hired!”: How Scammers Onboard Their Victim

Not long after the “offer,” Sally was asked by her new “employer” to go to the nearest Apple Store and purchase gift cards. The explanation seemed harmless enough: Socure, they claimed, could use the cards to purchase work supplies and a laptop at a corporate discount. To pay for the cards, they sent her a check. She deposited it, and everything appeared in order.

The check was written on a bank she recognized, used Socure’s actual corporate address—which she had validated—and looked completely legitimate. When asked whether the check appeared to be counterfeit or “washed,” Stan Jaslar, CEO of SQN Banking Systems, said, “It appears to be a cooked counterfeit check”—meaning the scammers had access to valid account, routing, and transit information, but no physical check. Instead, they digitally manipulated an image to create a counterfeit check using some valid data, allowing them to fabricate a check for deposit.

Note: The image above – Copy of “cooked counterfeit” check. Routing and account numbers tie back to a different business name than Socure.

Eager to begin her new job and help however she could, Sally made the 90-minute trip to the Apple Store. She bought the gift cards, then followed the scammer’s instructions to send them photos of the cards.

Round Two: A Suspicious Request

The very next day, the fake employer asked her to repeat the process—this time at a different Apple Store. Another check arrived, and again, Sally deposited it. But there wasn’t another Apple Store nearby, so they decided she would return to the same one as the day before.

Note: The image above – Copy of “cooked counterfeit” check. Routing and account numbers tie back to a different business name than Socure.

That’s when things started to unravel.

The Apple Store employee who had helped her the day before recognized a red flag. Sensing something was off, they gently warned Sally that she might be involved in a scam. Acting out of caution, the employee refused to sell her any more gift cards.

The Moment of Truth

The scammer, growing impatient, pivoted. Since she couldn’t get more gift cards, they asked her to wire the amount of the second check directly back to them.

It was then that Sally’s credit union stepped in and told her the devastating truth: Both checks had been returned. She was being scammed.

“I was so excited about getting a role at Socure that I was completely heads down, and didn’t realize what was going on until it was too late,” Sally said, “I think this is why these people are successful. They prey on people who really want to work and will jump at a good opportunity”.

The Fallout: Harassment and Heartbreak

Even after learning the truth, the scammer didn’t stop. They grew aggressive—sending multiple messages a day via Microsoft Teams, pressing her to wire the money. But behind the scenes, Sally was taking action.

She had contacted the FBI, the Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC), and even Nevada’s Secretary of State, since that’s where the checks had come from. Although she was devastated, she was determined to help stop this from happening to anyone else. Unfortunately, the scammer went dark, and Sally was left with a painful loss—nearly $8,000.

Aftermath: Starting Over

Sally continued to cooperate with the FBI, providing as much information as possible. She also reported the scam to the FTC’s Identity Theft portal and filed formal complaints with the CFPB.

During the fake onboarding process, Sally had also provided her SSN and other personal details as well as her banking information and front-and-back copies of her driver’s License.

Feeling let down by her credit union and also concerned that she had given those details to the scammer, Sally closed her account and opened a new one at a larger national bank. Sally said making the decision to change who she banked with was pretty easy. “The credit union really let me down. They were little help in the process and told me that being scammed was my fault. I deposited the checks. I purchased the gift cards”.

Sally was devastated, “I felt like I was all by myself. People stopped calling me back, and I was left alone to deal with being scammed”. Since then, Sally has continued to look for work, albeit with a more suspicious eye, and has accepted her fate. “I’m not going to let this define me”.

Real-Life Victims: The Human Cost of Fake Job Scams

Sally’s story isn’t unique. In 2023 alone, Americans lost approximately $450 million to fake job scams, with over 105,000 incidents reported to the FTC. One college student lost over $2,000 after being scammed by a fake recruiter. Another victim in Australia was defrauded out of $48,000 through a fake employment scheme promising remote work and fast earnings.

The response from law enforcement and regulators is beginning to match the scale of the problem:

• FBI Warnings: The FBI has issued multiple alerts about scammers spoofing companies and job listings.
• Interpol Operation First Light 2024: Led to nearly 4,000 arrests and the seizure of over $250 million in illicit assets.
• FTC Alerts: The FTC continues to publish guidance to help consumers identify and avoid job scams.

Additionally, job boards have taken steps to address suspicious job postings. These include introducing identity verification badges, launching stronger fraud detection tools, and raising awareness about ‘ghost jobs’—listings that have no real intent to hire.

While consumer education is helpful, all of us, including Socure, can do more to protect consumers from fake job listings using our companies’ brands.

How Companies Can Protect Their Brand and Consumers

• Register lookalike domains to prevent scammers from misusing them (i.e. careers.talent@socure.team). In our case, the domain was purchased from a fraud friendly domain registrar, who allows bulk domain purchases and charges a much lower fee than more well-known registrars, gives free “privacy protection” that masks the owner of the domain and their location, and does not perform any validation of the person or company who is purchasing the domain. To add a sense of urgency here — we checked the availability of the .team and other look-alike domains for several companies in our marketplace, and found that for the majority of those companies, these domains are available for purchase.
• Clearly publish your legitimate hiring process and contact emails and warn consumers of the possibility of fake job postings. Socure has added a section to our “Careers” tab that identifies the problem of fake job postings and provides details related to our hiring process. What should, and should not, be expected in the process.
• Monitor job boards and submit takedown requests for fake listings. This can be done manually. You can also set up alerts with Google and job boards that will let you know when your company name is being used in a job posting. Some companies can help perform broad monitoring for your brand. If (and when) you identify a fraudulent job post, report it to the job board immediately and consider reporting employment scams to local cybercrime or consumer protection agencies.
• Train internal teams to pay attention to what they see on the job boards and to be especially responsive and empathetic to any requests coming from consumers and potential job applicants on alerts that they may have been scammed by your brand.
• Publicly warn job seekers if your brand has been spoofed. At Socure, we believe in helping protect the broader community from fraud and deception. As discussed, our brand was misused in a fake job scam that targeted unsuspecting individuals. While we’ve taken swift action to address the issue, we also want to raise awareness. Your brand matters to you just as ours does to us—and by highlighting specific threats like this, we can help the industry strengthen its defenses against malicious actors who seek to exploit trusted names and impact consumers in negative ways.

How Job Boards Can Protect Their Brand and Consumers

• Job boards and recruiting platforms should implement robust Know Your Business (KYB) and identity verification processes for companies and individuals posting job listings. Solution workflows can include verification of the business, the ultimate beneficial owner of the posting company, and the individual posting the listing to ensure they are an actual employee. These scammers used Socure’s logo, spoofed email addresses, and impersonated real Socure HR personnel using their names and photos. However, the individuals who posted the listings and controlled the accounts were unaffiliated with Socure. Proper KYB and identity verification protocols would have significantly reduced the chances of these scams succeeding. Such measures act as a deterrent, filtering out all but the most determined fraudsters and increasing the likelihood that bad actors can be identified and prosecuted by law enforcement.

Public Policy: A Missing Line of Defense

Despite the best efforts of private companies and job boards to combat impersonation fraud, the current legal and regulatory framework lags far behind the tactics of modern scammers. Today, it is shockingly easy—and legal—for bad actors to purchase lookalike domains, use anonymized domain registrars, and spin up convincing spoof sites without any real scrutiny. These are not sophisticated operations. They are enabled by regulatory blind spots and a lack of accountability in the digital infrastructure.

This must change.

To protect consumers, employers, and the integrity of the hiring ecosystem, policymakers should consider:

• Stronger regulations on domain registration, including mandatory identity verification for domains that mimic real brands or operate in sensitive sectors like hiring, banking, and healthcare.
• Greater accountability for domain registrars that repeatedly enable fraud by allowing the mass purchase of deceptive domains with no validation.
• Clear reporting channels and faster takedown mechanisms for job-related fraud—akin to copyright takedowns—to enable swift action when a fake listing is discovered.
• Enhanced cross-sector collaboration between industry, government, and law enforcement to track and penalize employment-related scams.

We believe that combating job scams is not just about protecting a brand—it’s a critical consumer protection issue. Public-private collaboration is essential, and we’re committed to working with regulators, consumer advocates, and other companies to advance policies that stop these scams at the source.

Identity verification is the new perimeter in the hiring landscape. Just as firewalls once secured our networks, identity verification now serves as the first line of defense—and it must be constantly monitored and reinforced. With the rise of stolen data, deepfakes, and AI-generated resumes, vigilance is more important than ever. Socure is dedicated to equipping others with the right tools, training, and awareness to fight back. If it happened to us, it can happen to anyone. Now is the time for all of us to take a stand.