After a layoff dumped me into the job market for the first time in more than a decade, I had an all-too-close encounter with a new breed of digital fraudsters who prey on the unemployed. These high-tech predators use a new twist on an old scam to “hire” the victim in order to gain access to their bank account. The scheme was cleverly engineered, but a couple of small irregularities tipped me off to my would-be assailants’ plans before they could steal anything more than two days’ worth of my time. Once alerted, I was even able to use some of their own tactics to inflict a bit of pain on the folks who sought to scam me.
Embarrassing as it might be, I’m sharing my experiences in the hope that they might help you avoid falling victim to these cyber-vultures and perhaps even turn the tables on them.
The setup
Like most successful cons, this one involved gaining the willing consent of its victim through some combination of greed, fear, or desperation. Having been laid off several months earlier, I fell into the latter category and was ripe for the picking. When I lost the unfulfilling but steady editorial job I’d held down for the past few years, I was confident that my strong credentials and deep collection of contacts I’d made over the years would help me land a better gig within a month or two.
To my surprise, the job hunting skills I’d honed over my 20+ year career were outdated and almost useless at penetrating the layers of digital screening agents that stood between me and a potential employer. I found myself in unfamiliar territory, struggling to learn the complex Kabuki dance that today’s job seekers must master in order to slip past Corporate HR’s silicon sentinels and gain an audience with a carbon-based life form.
Even engaging a resume coach to help me finetune my credentials failed to break the deafening silence until an email arrived from ZipRecruiter, one of several job hunting sites I was registered with. The recruiter was responding to the application I had submitted a day earlier for a remote-work tech writer position at a biotech firm. Since the scammers used the name of a real company for their scheme, I’ve redacted it from the email below:
Company: XXXXXX, INC. – Position Type: Full-Time/Part Time.
Positions Available: Copywriter/Technical Writer/Proofreader and Editor. Pay: 45-50/HR
Station: Freelance/Remote – Full Time & Part time available. Candidate Interview Reference Code: ZPRTR11680 – Job Code: 3022
JOB RESPONSIBILITIES:
- Manage team of experienced copywriters and proofreaders, bringing team members together in pursuit of highly relevant, error-free content across both digital and traditional print media
- Evolve company’s voice and tone, championing the evolution of, and adherence to, our brand style guide
- Lead proofing and copy functions as a “hands on” manager, personally taking on related tasks to hit critical deadlines
- Work closely with Creative Director and team in the development of new and existing concepts, and in crafting output that sells
- Manage overarching editorial process and workflow for all copy-writing and proofing milestones, prioritizing work, while improving process to maximize efficiency and productivity
- Supervise and coach copywriters on developing engaging content that seamlessly integrates with visual design.
Your resume has been reviewed by our HR Department for the position and we believe you are capable of handling this position based on the contents of your resume you sent for our ad on ZIPRECRUITER. Your details has been forwarded to Mrs MARK TAYLOR the Assistant Chief Human Resources Officer. He will be conducting interview with you to discuss the Job Details, Pay Scale and every other thing you need to know about the position.
You are required to Log on to Google Talk Messenger/Hangout and send an Invite/Message to the Asst. Chief Human Resources OfficerMARK TAYLOR on his ID at (hrmdesktaylor@gmail.com). An interview tag identification number has been assigned to you ***ZPRTR11680***. Introduce yourself to him and indicate your interview reference code.
Thus began a two-day odyssey that nearly ended with my new “employers” draining the contents of my bank account.
The hook
Per the email’s instructions, I hopped onto Google Hangouts and reached out to “Mark Taylor,” the person who would be interviewing me. His voice channel did not seem to be active so we messaged back and forth and set up a time to chat the following day.
During our exchange, I noticed that his replies contained some subtle grammatical irregularities that were very similar to the ones I’d seen in the first email. Wanting desperately to believe that this interview would be my ticket to a steady paycheck, I told myself that the recruiter’s odd turns of phrase were probably due to the fact that he was working at some sort of offshore service center.
Any lingering concerns I had were put to rest after a bit of research revealed that the biotech firm the recruiter claimed to represent was a real company. Thus assured, I spent some time gathering information from the company’s website to prep for the upcoming interview.
The following day, I logged onto Google Hangouts, properly dressed and groomed for the video chat I’d been preparing for. To my surprise, I learned that the interview would be conducted using Hangouts’ text messaging service. Here is an excerpt of the conversation:
Me: Hi Mark—it’s Lee. I’m on Hangouts and trying to confirm that the application will default to my external microphone instead of the one in my laptop. I’ll call in a couple of minutes and if we have difficulty I’ll run the call through my phone.
“Mark Taylor”: Hello Lee, we can conduct the interview via text.
Sure—that would be fine too. If it’s OK with you, I’ll try the voice link and default to text if that doesn’t work.
(After unsuccessfully trying to establish a voice link for a few minutes, Mark broke in again)
Are you ready to proceed with the interview now?
Yes. Let’s rock!
The interview consist of three phases i.e ” Introduction to the Company, Questionnaire Phase, Job Briefings, Description and Pay scale” So I’ll begin by introducing you properly to the Company, provide you with the necessary information/details you need to know about us after which we would proceed with the questionnaire and job briefings OK.
Sounds great! Thanks—I’m ready
After a long briefing about the company, its research, and the oncology treatments it was developing, Mark began the formal part of the interview by introducing himself as the assistant chief human resources officer of the company and describing the duties I’d be expected to fulfill.
After reviewing my qualifications, he asked me several of the questions I’ve frequently encountered at conventional interviews over the years, including the ever-popular “what can you describe as the most difficult challenge you have faced in your career thus far and what methods did you apply to get it solved?“
I think I remember noticing that some of the questions I was answering had the same verbal tics I’d seen in the earlier emails, but, even if I did, I was too busy typing my replies to allow it to be a concern.
This was followed by a series of shorter questions that seemed at first to be mostly a professional skills assessment that included:
- Explain in details the 3(three) major qualities of a good proofreader?
- As a technical proofreader what would be your approach to problem solving when editing a write up?
- Give three expectations of a creative copywriter?
But there were two questions that seemed out of place. They wanted to know which bank I used and whether it supported electronic deposits, a process in which you deposit checks by taking pictures of them with your Smartphone. It seemed like an odd thing to ask, but I told them that my bank did accept electronic deposits and moved on to the next question.
Within a few minutes of submitting my answers, Mark informed me that I’d passed the interview and would receive a formal offer to work from my home as a copywriter/proofreader. My pay would be $45/hour during my one-week training and evaluation period, stepping up to $50/hour when I became an employee.
After months of living on unemployment checks, those were the words I’d longed to see.
I was elated as we settled into what I was told would be the first part of the company’s onboarding process. Mark explained that, following my training period, I’d meet with a company representative who would help me complete the last of the HR paperwork and verify that my home office was properly equipped with a top-line Mac Book, a pricey color laser printer, and a few other pieces of expensive tech the company deemed necessary.
Elation turned to panic because it wasn’t clear whether the company would supply the equipment or if I’d have to pony up for it myself. To my relief, he told me that the company would send me a check that I’d use to buy the equipment from one of the company’s preferred vendors.
I’d been online for most of the day, and it was getting late. We agreed to reconnect the following morning to complete the on-boarding and begin the training I’d have to take before beginning my actual work.
Before I signed off, Mark said that he’d send me a check so I could start purchasing my new office equipment as soon as possible. Life was good.
Enlarge / Wait a second… how did a school get involved?Photo by: Lee Goldberg
The sting
The next morning, I checked my email and found the sign-on documents I’d been told to print out, sign, scan and return to the company. When I logged in to Google Hangouts, Mark told me that I’d begin my training period by editing a monograph on cancer treatment protocols using the company style guide. The files arrived, and I had been working for an hour or so when Mark informed me that the check for the equipment would be sent out via email shortly. Once it arrived, I’d need to print it out and then use my electronic deposit service to put it into my account.
Until this point, the prospect of regular, good-paying work had overcome the quiet suspicions that had been accumulating in the back of my brain. Now, being asked to print and deposit a large check from an unknown individual who exhibited some very peculiar linguistic quirks gave my brain the dope-slap needed to persuade it to pay full attention to the situation.
When the email with the check arrived it contained two image files. The image of the front of the check was in .jpg format, and the image of the other side was in .png. Upon inspection, the check was issued to me from St. Joseph’s High School, which turned out to be a private Catholic girl’s school, located in Southern California, a few miles from the biotech firm I was “working” for.
This was getting stranger by the minute, and I needed to buy myself some time to sort things out.
To avoid depositing the check as instructed, I told Mark I was having problems with my printer. He was not pleased when I told him my efforts to clean the print head had failed and that I’d have to go out to the office supply store for a replacement. While supposedly on my way to Staples, I used the borrowed time to call the bank that “issued” the check and spoke with a representative who seemed distracted, disinterested, and possibly even a little annoyed at the news I’d brought her. After informing me that they could not share any account information with non-authorized persons, she declined to take any information about the apparently fraudulent check that had been issued in its name.
Inquiries with the school listed as the check’s account holder were much more warmly welcomed. I managed to reach the business manager who confirmed that they didn’t have an account at the bank the check had been issued against and that they had no connection to the biotech company I’d been supposedly hired by. After forwarding the email containing the check images to her, we agreed to share any new information that either of us might uncover.
Before I got back to Mark, I decided to contact the FBI and report the crime in progress. After calling the local field office, I was somewhat disappointed to learn that the agent on duty didn’t consider the situation worth investigating directly. He explained that one of the reasons this type of scam is so popular is that it’s fairly hard to track down the perpetrator of a single incident. The odds change however, when investigators can collect data on many similar crimes and sift it for patterns that might provide deeper clues about the scammer’s methods, location, and identity. I thanked the agent and promised to visit the FBI’s online reporting page and to submit what I’d learned about the operation.
You know, Mark, it really is a shame but I’m having continual trouble with my printer…Photo by: Image courtesy of Twentieth Century Fox
The Mark turns on Mark
Now that I’d confirmed that the job I’d been offered was indeed simply the bait for either laundering money or emptying the contents of my account, I considered my next move. The logical thing to do would be to simply break contact with Mark and use what was left of the day to resume my job hunt. I was preparing a nasty, albeit impotent, farewell email to my tormentors when my sense of outrage teamed up with my curiosity to sideline that plan.
I had no way of directly paying back Mark and his buddies for the trouble they caused me, but I wondered if I could somehow extract a few clues from them to share with the FBI. I decided to play along with their plan a little while longer to see what else I could learn that would improve the odds for their eventual prosecution.
Back on Google Hangouts, I told Mark I had a new print head and to hang on tight while I installed it. His reply was polite but impatient so I enjoyed taking a longer-than-necessary pause before informing him I’d printed out the check successfully. His anticipation was clear as he urged me to make the deposit. I relaxed and lingered over another cup of coffee before telling him that my phone app had failed to work properly. Before he could reply, I mentioned that I’d called my bank and that the manager had offered to help. I said that she had suggested that I drive over to her branch in the morning so she could take a look at the problem herself.
I had barely hit the Send key when Mark replied, urging me to sit tight and wait for a paper check that the company would be sending to me via overnight FedEx. It felt good to sense a hint of panic in his messages, as he repeated his instructions to destroy the check I’d supposedly printed several times during the conversation. I assured Mark the first check had been destroyed, confirmed the tracking number for the overnight envelope, and signed off for the evening.
The next morning, I allowed Mark to stew for a couple of hours before confirming that the envelope had arrived with a check for $3,620 inside. This time, the check was supposedly issued by a propane distributor located in Lee, Massachusetts, and from a bank in nearby Pittsfield. I called the distributor and alerted the company’s owner to the problem before hopping back on Hangouts.
I now felt I had about as much additional information as I felt I could coax out of my tormentors. It was time to have a little fun.
When I finally contacted Mark again, he urged me to take the check to the bank as soon as possible and make the deposit via the ATM. Once I’d done that, I was to scan the deposit receipt and send the image to him for their records. I reassured him that I would go to the bank shortly and contact him via my phone’s browser as soon as I got there.
I got up, poured myself another cup of coffee, and settled down for the Grand Finale. I wish we’d had a video connection to see his face when he realized things had gone sideways, but, as you can see from the excerpt of our conversation that follows, his rising sense of frustration and corresponding panic were pretty amusing.
Me: Hi Mark, I finally made it to the bank!
I discovered that my phone doesn’t have the Google Hangout app but fortunately I was able to connect my tablet to their guest Wi-Fi network.
“Mark Taylor”: Deposit completed right?
Yup – I’ll have the image of the slip and do the check shortly. I gave it to the teller a minute ago.
OK
I’ll be back to you soon.
Ok, let me know when it’s done.
Of all the stupid luck, I picked a slow teller
That’s why I asked you to make deposit at the ATM. Is the deposit done now?
Slow teller, and then she got called into the manager’s office for some kind of meeting. She said it shouldn’t be very long though.
But I asked you to use the ATM Machine.
Sorry I didn’t see your note about the ATM.
How can you say you didnt see the note when I specifically told you to follow the instructions CORRECTLY
OK, I’ll get the check back and do it that way if I can. The teller just stepped out of the managers office and I’ll ask for it back as soon as she’s done talking with the police officer who just showed up.
Ok
(At this point, I stepped back and let the conversation go silent and let “Mark’s” imagination fill in the blanks. About five hours later, I got the last message I’d ever receive from the scammer)
WHAT HAPPENED????
???
Enlarge / Alright, time to let the pros take this one over.Photo by: Al Drago/Bloomberg via Getty Images
The wrap-up
In addition to having a little fun at my assailant’s expense, my efforts yielded some new information that might eventually prove useful to the authorities. The tracking number from the Fedex shipment offered up some new information about the scammer’s actual whereabouts and possibly their identity. The sender’s name on the envelope was “Steven Kim,” which, while certainly false, may be a clue to their ethnic background. The return address and FedEx depot from where the envelope was sent are both in San Mateo, California, only a few miles from the high school listed on the original check.
Meanwhile, the FBI might be able to tease some information, and possibly a fingerprint or two, from the shipping label and the physical check I’d been sent. I’ve also extracted the full header and routing information from the email they first contacted me with. The electronic trail it traces is pretty convoluted, but I’ve been assured a reasonably knowledgeable IT person will be able to decode it. I shared everything that would fit within the format of the FBI’s website and let them know I’m still holding on to the FedEx envelope and other physical evidence in case they are interested.
Once the dust settled, eventually I set out to learn a little more about what had happened and how best to guard against similar attacks. I checked in with the FBI again, but unfortunately no one I contacted was willing to speak on record about any aspect of the case or anything else related to similar cyber-scams.
My inquiries at ZipRecruiter were equally disappointing. I received a pro-forma email from Hillary Hafke, who declined to share her title or phone number with me. Her brief reply included a pre-prepared statement from Scott Garner, the company’s senior corporate communications manager that enumerated ZipRecruiter’s efforts to combat fraud. They also provided an address where such incidents could be reported. Hafke declined to explain why that address was not more prominently displayed on their site, and she said that there was no one available at ZipRecruiter for further discussions. (Needless to say, ZipRecruiter is no longer one of the sites I use during my job search.)
After some more digging, it quickly became apparent that the False Flag Employer scam I nearly fell for is an increasingly common type of cybercrime. If you are on the job market, Alison Doyle’s “List of Fake Job Scam Examples,” published in TheBalanceCareers.com, should be on your must-read list.
In her article, Doyle notes that most job fraudsters rely on a tactic commonly known as “Remote Deposit Capture (RDC) Fraud.” RDC scams are variations of an old-school confidence scheme that uses a fraudulent check and the victim’s unwitting cooperation to access their bank account. The objective is to either draw cash against a fraudulent check, extract money from the victim’s account, or both in many cases.
One of the best reports on these types of activities is Fraudulent Checks Meet Remote Deposit Capture, written by Guardian Analytics in 2016 [PDF]. It provides a detailed breakdown of two of the most common variations of these scams. And although the report’s tips for detecting and preventing possible fraud are aimed at banks, not consumers, they do provide some helpful insights for the tech-savvy account holder.
Finally, if you want a more consumer-oriented perspective, the National Consumers League’s post on fake check scams offers a pithy set of bullet points that detail the signature behaviors of e-check fraudsters along with tips on how to recognize them. And if you made it this far, of course, hopefully hearing a firsthand account of how such scams can be executed in 2019 can serve as warning enough.
Lee Goldberg is a Sci-Tech journalist who’s spent 25 years writing love letters to engineers, tech enthusiasts, Makers, Burners, and dreamers. A self-described “recovering electrical engineer” who worked on integrated circuits, embedded systems, and the occasional interplanetary spacecraft in his former career, Lee specializes in exploring the issues that emerge from the messy intersection where technology, society, the environment, and the economy meet. Lee, his wife, and their half-Klingon daughter live on the outskirts of Princeton, New Jersey, where they masquerade as a typical suburban family.
All Rights Reserved for Lee H. Goldberg
Productivity Hub 