Scam Alert: Telegram, Signal, and other Remote Job Scams on the Rise

Cyber criminals have the world at their fingertips thanks to the technology we use every day. But as consumers and business users become more informed, especially through the growing prevalance of Security Awareness Training Programs, the "easy" and well-known scam tactics of years past are becoming less effective.

In today's fast-paced digital environment, criminals are forced to become more creative as their pool of "easy targets" and "low-hanging fruit" begins to shrink.

Why Hiring Scams Became Popular on Telegram, Signal, and other Messaging Apps

Private messaging apps have been around for several years, but these key players have been on the rise since 2020. In addition to the need for digital connectivity that arose as a result of the pandemic, concerns about data privacy have also led millions of people worldwide to adopt the use of private messaging apps like Signal and Telegram in lieu of traditional texting and calling, due in part to the advanced encryption and privacy features these apps provide.

The problem? These apps have become a breeding ground for misinformation, scams, and cyber criminal activity thanks to these same encryption and privacy features. Signal and Telegram specifically have laid out protections for users in their privacy statements preventing law enforcement agencies from accessing message content and user data, even in many forms of criminal investigations. While privacy-concerned users appreciate these protections for personal use, criminals are particularly drawn to these benefits as they minimize the risk of being caught running scams and facing repercussions.

Hiring scams are a popular choice for scammers. With unemployment rates at a record low after the Great Resignation (or Great Reshuffle), today's job seekers are finding fewer opportunities now that a large percentage of those earlier job seekers have settled into their roles. Preying on the desperation and anxiety of today's job seekers, scammers find success in communicating with "applicants" over encrypted messaging apps.

How Do Hiring Scams Work?

Like in traditional phishing and other social engineering tactics, the cyber criminal on the other side of the screen is driven by a simple mission: convince their victim to follow an instruction or take an action that will ultimately provide access to data or funds.

1. Job Post

In a hiring scam, this process starts with a simple job post. Sites like ZipRecruiter and Indeed offer options to post a job listing with the start of a free trial account, which cyber criminals look to as a zero-investment entry point for their scam. At the time of this article, ZipRecruiter does not require any employer verification to post a job listing. Similarly, job search groups on social media platforms like Facebook offer another free-of-charge venue for scammers to advertise their false job openings.

The job opening might be written simply — something punchy and eye-catching, with few concrete details about the position — or it may be copied from a legitimate job listing from a real company. The most successful social engineering scammers do their research, utilizing resources available to them online to craft a realistic-looking offer.

2. Contact Candidates

When using a hiring site, the scammers will receive applicants' contact information through the in-platform application process. On other sites, they might include instructions within the job listing such as "To Apply, contact ___". Ultimately, their goal is to get in touch with a potential victim and direct them to an encrypted messaging app or another platform in order to conduct their "interview".

3. Job Offer

After briefly interacting with their victims via message, the scammer will graciously offer them the job — often complete with an offer letter and other "official"-looking documentation. With a job offer in place, the next steps are simple: inform the candidate of the "process" to start the job, such as a direct deposit form for payment or other paperwork to obtain personal information and/or bank accounts.

Though the steps are simple, recognize that scammers will often conduct these operations as a full-time commitment and are willing to spend the time (whether it be a few hours or a few days) building rapport with their targets in order to make the scam successful.

How to Tell if a Job Interview is a Scam

If you find yourself interviewing for a position remotely, here are some quick and easy ways to distinguish legitimate recruiters from scammers:

Contact Method & Interview Platform
Whether you applied through a hiring platform, a company's website, or submitted your resume directly to an individual point of contact, keep an eye on the method the company uses to get in touch with you in return. If you're contacted through one of the aforementioned platforms, only to be advised to continue the conversation on an encrypted messaging app*, chances are you're communicating with a scammer.
Conducting an interview over text only is a clear red flag for the legitimacy of the job.
*Note that this does not apply to recruiters inviting you to a call on a business communication platform such as Microsoft Teams calls, Zoom, or Webex.

Mismatched Information
Verify that the data your interviewer is referencing continues to match the data provided in the job posting. Company name, job title, and other discrepancies may be a sign of trouble. Especially note the name and job role of the person contacting you — scammers have access to Linkedin and company websites the same as you do, but they may choose to pose as a person in a higher role than necessary in order to provide a false sense of legitimacy. For example, you can see that the company has a recruiting or HR team, but your initial interviewer claims to be a C-Level executive when a first contact would likely be handled by the HR team leader or a recruiting professional.
Typos, Grammar Errors, or Unusual Writing
This common indicator of phishing can be used to vet other types of scams as well. Although scammers have access to the benefits of today's technology just like the rest of us, Grammarly and spell check can only take them so far. Cyber criminals targeting US Residents are still commonly located outside of the US, often operating these scams in their second or third learned language. Keep an eye out for typos beyond the kind that a native speaker would make (keyboard slips or common grammar faux pas), something that would indicate a lack of proofreading or communication oversight that would be present within an established company.
Repetitive Confirmations of Information
Sort of like a vampire in classic literature, a scammer won't proceed unless they are invited. In a text interview scam, the criminal on the other side of the screen will likely check in with you throughout the process to confirm interest & understanding before proceeding. The reason for this is simple: these individuals are seeking responses to keep the conversation going, operating under the fear that sending too much information to you upfront may inadvertently give themselves up. Of course, they want to move things along and give you the instructions so they can get your money — but they know the importance of making you believe it was a naturally-flowing conversation and a real interview.

Can I come in? Vampire Invitation

Identifying Scam Job Listings on Indeed, ZipRecruiter, and More

Identifying a scam at the source may not be as straightforward as identifying a scammer in conversation, but there are still some common signs to be on the lookout for. Here's how to tell if a remote job or job listing is a scam:

Typos, Grammar Errors, or Unusual Writing
Just like in interviews, this common indicator of phishing may be present in a job listing as well. Keep an eye out for typos or mistakes that would indicate a lack of proofreading or communication oversight that would typically be present within an established company. In larger organizations, a job post typically passes under several sets of eyes before it is published.
Vague or Incomplete Data
If it seems too good to be true, it might just be. If the post includes some flashy, attention-grabbing phrases but not a lot of details, it may be a fraudulent post meant to entice you to apply.

Mismatched Company Information
The job post may not always be vague — in fact, many scammers will copy legitimate job listings and company descriptions from real organizations. In these cases, you'll need to do a bit more digging. Does the location listed match the headquarters or other office locations of the company? Check the organization's website (navigating manually, not by clicking links in the job post!) including the About and Careers pages to confirm the details provided in the listing. If the company hosts its own job listings on its website, it's best to complete the application right there at the source, using the tools & forms provided instead of applying on a 3rd-party hiring platform.

Example Fraudulent Job Post

Interviews on Signal, Telegram, or WhatsApp — are they ever legit?

In many cases, no — most reputable companies, especially larger US-based organizations, will not conduct written-only job interviews over an encrypted messaging platform. Established organizations hiring remotely will use a business video conferencing platform to conduct calls and interviews (Microsoft Teams, Webex, Zoom, etc.), and will not share offer letters or official hiring documentation over a chat app. Learn more about Chat & Video Messaging Scams.

What to Do if You Discover a Hiring Scam

Report the job listing to the site where it is hosted, and report the individual you have been communicating with to the platform the communication took place on. While there may not be a further investigation, especially on an encrypted messaging platform, you can do your part to slow down the individual's next scam by getting their posts removed or accounts restricted.

Unfortunately, there is not much that can be done when these fraudulent operations take place on an encrypted messaging app. Still, you can report the scam to the FBI if you have screenshots or other evidence here.