Finding a new job is tough enough without cyber criminals trying to cash in on your effort, it’s definitely something I’m seeing more of. And the types of scam are becoming harder to spot and more humanistic, as cyber criminals leverage AI to craft compelling communication.
I’ve had clients who have paid for fake ‘expert CV formatting to help them tackle ATS and get shortlisted for roles’, and people who have applied for fake jobs only to get their personal data stolen.
As the job search moves almost entirely online, scammers are getting more sophisticated and preying on vulnerable job seekers. I often support people already at their lowest ebb, desperately looking for work, attempting to keep their head above water in what can feel like a painful and frustrating period of their life, only to get sucker-punched by a recruitment scam. The impact can be significant in terms of mental health, battering motivation and trust in human nature.
Cyber criminals are smart and not just casting wide nets; they’re targeting you directly with attacks that can steal your money, your personal data, and identity.
So, as October has been coined Cybersecurity Awareness Month, here’s my guide to shine the light on the top job seeker cyber threats right now, along with a few practical tips to help keep your job search safer.
1. Phishing and the Malicious ‘Job Offer’
This is the number one threat. Scammers impersonate recruiters from well known companies to scupper you into revealing sensitive information or, worse, paying a fee.
| Threats can look like: | Tips to protect yourself: |
| Fake Fees: You’re asked to pay an upfront fee for training, equipment, background checks, or even CV formatting. | Never Pay for a Job. A legitimate employer will never ask you to pay money to get hired or start work. If they ask for cash, it’s a scam. |
| Money Mule Traps: You’re offered an ‘easy, high-paying’ remote job (e.g., liking social posts or reviewing products) that is actually a front to trick you into laundering money through your bank account. | Watch for ‘Too Good to Be True’ Offers. If a job promises high pay for minimal, simple effort and asks you to process payments, you are being targeted by criminals. |
| Malware Attachments: You’re sent an email with an attachment disguised as an ‘interview brief’ or job description’ that contains malware designed to steal your data or lock your computer. | Verify Before Clicking. Exercise extreme caution with unexpected files. If the email is unsolicited, contact the company directly using their official phone number, not the one in the email. |
2. Identity Theft via Data Harvesting
Your CV and applications contain a goldmine of Personally Identifiable Information (PII) for criminals. When stolen, this data is used for identity fraud.
| Threats can look like: | Tips to protect yourself: |
| Oversharing: Scammers create fake application forms to collect all your data at once: full name, address, employment history, and sometimes even copies of ID or passport. | Limit Initial Sharing. Never provide your bank details, National Insurance number, or passport until you have a signed contract and have verified the company is 100% legitimate. |
| Breached Portals: A lesser-known jobs board could suffer a data breach, exposing your personal details to be sold on the dark web. | Stick to Trusted Sites. Use official company career portals or well known, reputable UK job boards. Avoid uploading sensitive data to obscure or generic websites. |
3. Social Media and Fake Recruiter Profiles
Job hunters are often found on LinkedIn and WhatsApp. Scammers exploit these platforms by creating highly convincing fake profiles.
| Threats can look like: | Tips to protect yourself: |
| Impersonation: A criminal creates a profile impersonating a real recruiter from a known company. They build trust, then direct you to a phishing site or ask for money or gift cards via chat. | Do Your Due Diligence. Check the recruiter’s profile for red flags: a small number of connections, little activity, poor grammar, or a generic photo. Always verify the job is real if you can. |
| Casual Contact for Sensitive Info: The fake recruiter insists on conducting the entire process or sharing documents via an insecure app like WhatsApp or Telegram. | Keep it Professional. Legitimate HR processes primarily use professional email and official video platforms. Be wary of anyone rushing you to share sensitive information on a casual messaging app. |
4. Weak Password Practices (Credential Stuffing)
Using the same simple password for multiple job boards and accounts is an open invitation for trouble.
| Threats can look like: | Tips to protect yourself: |
| Reusing Passwords: If one of the dozens of websites you use is breached, criminals will take your email/password combination and “stuff” it into your bank, Amazon, and email accounts. If it works, they’re in. | Get a Password Manager. Use a reputable password manager (like 1Password or LastPass) to generate and store strong, unique passwords for every single job site and service you use. |
| Email Hijacking: If your personal email is hacked, a criminal can instantly gain access to all your stored CVs, applications, login links, and sensitive correspondence. | Enable MFA on Your Email. Turn on Multi-Factor Authentication (MFA) for your primary email account immediately. This means anyone trying to log in needs a second code, usually sent to your mobile phone. |
5. Unsolicited Communication and Social Engineering
Social engineering is the art of manipulating people to give up information. Job seekers are especially vulnerable because they are actively looking to establish a relationship with a potential employer.
| Threats can look like: | Tips to protect yourself: |
| Urgency and Flattery: Scammers pressure you to act fast with phrases like ‘limited opportunity’ or flatter you with ‘your profile is a perfect, unique match for this role’ | Stop, Challenge, Protect (The NCSC Approach). Stop and take time to think. Challenge if it could be fake, it’s perfectly fine to refuse or ignore a request. Protect yourself by contacting the company directly. |
| Fake Background Checks: After a ‘successful interview’ you are urgently asked for personal details or a small fee for a background check through a non-standard third-party link. | Trust Official Processes. Legitimate background checks are either handled by the hiring company (and paid for by them) or conducted by an accredited, verified third-party firm with clear processes. |
Final thoughts
Vigilance is your best tool. It can be easy in the midst of a stressful job search to grab quickly at every opportunity. My advice is to slow down and take a beat when you see something that looks too good to be true, question everything, and treat every unsolicited job offer, unexpected request for payment, or sensitive data as a red flag.
If you’ve experienced a scam or want more information here are some helpful organisations;
National Cyber Security Centre
Want more job search advice & interview tips?
I share weekly interview tips and insight in my WorkClever newsletter. Subscribe for all the good stuff straight to your inbox ๐
Iโm Zoe, Master Career Coach and Interview Specialist at WorkClever Careers. I coach to create success in the job search space, and I love to teach people how to interview really well, so they can get offers for the jobs they really want. I share knowledge and guidance through coaching and digital courses, and lots of freebie tips & hacks, all designed to give you real-world, transformative support so you know how to get the job you deserve.
