From fake Marriott recruiters to state-sponsored LinkedIn schemes, employers face growing threat
“Beware! Someone is out there using my name and Marriott's brand to scam or phish job seekers. Ugh… please don’t follow the links. Our cyber team has been made aware.”
So wrote Jessica Lee, global talent acquisition and associate development executive at Marriott International, in a recent LinkedIn post warning her network that fraudsters had cloned her identity to run a phishing operation targeting job applicants.
“PS - shame on whoever you are out there running this! Preying on job seekers is about as bad as preying on the elderly,” she wrote.
The warning is far from isolated. Canadians reported losing over $49 million to job and employment scams in 2024 — a quadrupling of losses since 2022, when the total was closer to $7 million, according to the Canadian Anti-Fraud Centre (CAFC). The rapid rise of artificial intelligence has made it easier for fraudsters to identify potential targets, create more convincing scams and reach larger numbers of people more quickly, it says.
State-sponsored recruitment fraud
Just recently, the Canadian Security Intelligence Service (CSIS), together with its Five Eyes intelligence partners — including Australia's ASIO, New Zealand's intelligence community, the U.K.'s MI5 and the FBI — issued a joint alert warning that China's military intelligence services are using professional networking sites and online job platforms to target current and former government and military personnel, as well as others with access to classified or privileged information.
Intelligence officers or their affiliates pose as employees of private consultancies, think tanks or human resources firms and place job ads for foreign policy and defence analysts. Successful candidates are then pressured to provide "non-public" information — including unclassified details on government policy, military strategy, capabilities and installations — for clients associated with the Chinese government.
Even a small piece of information, CSIS notes, can be combined with more sensitive reporting to undermine Canada's interests.
CSIS is actively working to “build the resilience of Canadians to threats, including aggressive online recruitment strategies," said Dan Rogers, director of CSIS. "By providing this security alert, we are helping Canadians to remain vigilant in order to protect our national institutions and safeguard our secrets."
How job scams work
The mechanics are well-established, according to the Competition Bureau of Canada. Scammers post an ad or contact targets via spam email or other means, offering a great job or business opportunity. The target is then told they must pay a fee, provide banking or personal information, or cash a cheque — a portion of which they are instructed to transfer back via a money-transfer service. The cheque later bounces, and the victim absorbs the loss.
Common variants include offers of guaranteed income for little or no effort, job postings requiring upfront fees for business plans or start-up materials, and roles described as "secret shopper" positions at cheque-cashing or money-transfer businesses, according to the Competition Bureau. Some arrangements can constitute money laundering.
The CAFC has flagged a specific and growing variant in which fraudsters, using the names of real Canadian companies, offer victims freelance jobs "boosting" products, apps or videos through software the fraudsters themselves have created. After the victim installs the software and sets up an account, they receive tasks to complete and may even receive a small initial payment to make the job seem legitimate, according to the CAFC.
Some victims are also asked to recruit others in exchange for higher earnings — which constitutes pyramid selling, a criminal offence in Canada, according to the CAFC
Fraudsters build trust
“This has become much worse with the proliferation of remote working because now people interact much less face to face,” says Martin Poduska, editor-in-chief of Kickresume.com. “And online, it is much easier to fish for information and spoof — which I think is the correct cybersecurity term — and impersonate other companies or other people."
AI has since accelerated the problem further, he says: "We have seen that in some cases they created entire false companies… we are seeing entire fake websites with fake LinkedIn profiles."
Kickresume itself attempted to create a fake LinkedIn profile, just to test the process. "It's not entirely easy, but it can be done still if you have a telephone number," says Poduska.
Fraudsters build a relationship of trust, often by borrowing the credibility of a well-known brand, then use that trust to extract personal information, banking details or payments, he says.
"Usually, they use excuses like [saying] it is to cover expenditures connected to the hiring process and so on."
The scammers don't need a bulletproof story, says Poduska — “What's important for them is to find a small number of people who will be trusting enough,” such as younger or older people who are not as computer-literate.
The challenge for HR is many employers don’t find out about the fraud until victims come forward, says Poduska. "Companies, if they fall victim to this kind of scamming behaviour, they're usually the last ones to know.”
Kickresume itself has dealt with the problem directly.
"We had… multiple cases when somebody was acting like a member of our team on LinkedIn," says Poduska. The company alerted staff, made a public announcement and reported the fake profile to LinkedIn. "After a while, they removed the fake profile… they’ll get to it but it can take a while.”
WhatsApp has emerged as a particularly popular channel, with fraudsters using AI to contact large numbers of people simultaneously, according to Scotiabank. Cryptocurrency-based variants have also grown, with scammers directing targets to convert e-transferred funds into crypto to "pay a client" — funds that typically originate from other fraud victims, it says.
Building early warning system
One of the most important and cost-effective steps is setting up some kind of early warning system, says Poduska.
“This can be done, very often, quite cheaply and very easily, just by training your HR team to understand that there is a possibility that someone might impersonate the company or even impersonate themselves and act in their name,” he says.
"Once you know to look for this, you can start noticing the suspicious behaviours connected to this quite often."
Scammers typically ask for personal information too quickly and conduct poorly run interviews, he notes — and there is a reasonable chance a vigilant candidate will reach out to the real company to verify the process or report the potential scam.
On the technical side, employers should ensure their email servers are configured so that no one can send messages that appear to originate from their domain, says Poduska.
“You don’t want to lave old accounts on job boards unattended. Always delete them because old passwords are notoriously, easily misused.”
And regular web monitoring — even a simple Google search combining the company name with terms like "jobs" or "vacancies" — can surface unauthorized postings with minimal effort, he says.
For larger organizations, brand-protection firms specialize in identifying fraudulent job postings, says Poduska. For smaller ones, setting up a Google Alert for brand-related terms is a practical starting point, he adds.
Cross-functional collaboration matters too, says Poduska — HR, cybersecurity and communications teams should be sharing information rather than working in silos: "We have to be careful, use common sense and be very proactive about fighting these people."
Transparency as a defense
Publishing a clear, public description of the company's hiring process is one of the easiest and most effective countermeasures available, says Poduska.
"Just put up a single landing page, be very transparent about your entire hiring process,” he says. “Not every candidate will read this, but some will, and it gives you almost an alibi. You look like someone who is actively fighting this misuse of your brand and reputation… The worst thing you can do is just do nothing."
The good news, he adds, is that such a page only needs to be created once. "You don't have to touch it for… many years."
Montreal-based CGI, for example, has a page dedicated to combatting such fraud:
“In the cases of fraudulent job offers, organizations purporting to either work for or be affiliated with CGI, notify individuals that their qualifications were found suitable to work for CGI and solicit the transfer of money to pay for job applications, work permits, insurance policies and so on. Please note that CGI never asks any individuals to send money for a job offer. If you are contacted by a proposed representative of CGI via email, telephone, text or other communication method requesting money, please do not respond.
“It is prudent to be wary of unsolicited offers with requests to provide personal information and payments. Be cautious of unsolicited or unexpected communications, especially those from unfamiliar names, websites, email addresses and free email accounts such as Gmail, Yahoo or Hotmail.”
Anti-scam strategies need both a reactive and a proactive component, says Tina Rahman, founder and director of London-based HR consultancy HR Habitat, in an article published by ADP. Making recruitment policies publicly available — including which platforms the company uses, what email addresses it communicates from and what the real process looks like — is a step that remains underused, she says.
"Imagine applying for a job, and you're faced with a con artist. It's almost too easy, because the agenda is to get this person in and get what you need from them. So making public the proper selection process policy lets candidates know what an authentic process looks like."
Despite the scale of the problem, Poduska remains cautiously optimistic.
"Fortunately, they're not very smart. So, we can stay ahead of them despite all the miraculous technology they have at their disposal."
