Last month, I got the invitation of a lifetime in my inbox: Vogue wanted to purchase my freelance writing services to cover a fashion event in Canada. The email, with the subject line “Vogue Talent Recruiting Team,” arrived at a time when I was specifically looking for new assignments to dig into after I finished a six-month research contract. Surprisingly, editor-in-chief of British Vogue Edward Enninful himself was reaching out to me by email to offer me an all-expenses paid trip to Toronto, plus payment for coverage of the event.
When I read the email again, I noticed something was off. Enninful’s email address wasn’t a standard Condé Nast address — it was a Gmail account. His name also didn’t appear on the “From:” space — instead, the email was from “Condé Nast.” There were typos, and the writing was awkward: “Our reps came across your past works online and with interest we thought you might be interested in joining the rest of the team.” It just didn’t sound like someone in charge of a major magazine.
When I asked for more information, I got a PDF full of typos
I knew the job offer was a sham. This was not Edward Enninful from British Vogue. It was someone pretending to be Enninful in order to get something from me. Sure enough, when I asked for more information, I got a PDF full of typos, with a table of costs they would cover for my trip.
Job scams generally consist of bogus employment offers that seek to take advantage of the job seeker somehow. There are many different kinds of job scams, but scammers are generally after two main things: either the job seeker’s personal information or a way to steal the job seeker’s money through bogus offers.
Protecting yourself from job scams is as much about cybersecurity as it is about doing your research and generally being a little skeptical about the company that is trying to hire you. As you’ve heard before, you want to make it as hard as possible for scammers to hack into your accounts by using two-factor authentication and regularly changing your passwords. But making sure you’re not getting scammed also draws on new skills, like spotting the tiny details that show something’s not right. In my case, the Gmail address gave it away.
“They send you a bad check that takes about a week to bounce”
I suspect my own scammer was after one of two things: either spear phishing to gain access to my accounts or sending me a bad check to cover the cost of the trip.
“This is a common scam,” explained Bryan Hornung, CEO of Xact I.T. Solutions. “They send you a bad check that takes about a week to bounce. You pay the ‘travel agent’ for the cost of the ‘trip,’ thinking you are being reimbursed. They take your money for the trip, and eventually, your bank returns the check you deposited from them. You’d be out $3,950 plus any bank fees.”
Ariel Robinson, senior product manager at New Relic Security, was more suspicious about a spear phishing attempt, given the fake PDF that was sent to me. “The scammers are trying to get you as the victim to send them your personal information,” Robinson explained. “I would go through, change all of your passwords, and run a virus scanner or see if you can restore your laptop to before you opened this attachment.”
If the people who targeted me had gotten enough of my personal and financial information, they could have made me into an unwilling money mule by setting up bank accounts and credit cards through identity theft.
Either way, what attracted the scammers to me as a target is that I am a freelance writer who is currently looking for work. I will probably never know how much they actually know about me — did they see me asking for assignments on Twitter? Did they get my email from my Twitter bio or from my website? Did they care that I have never once written about fashion? — but Robinson says how much I share online is key to keeping myself safe.
“I never post about where I am. I never talk about location.”
“This is something that is difficult for freelance writers in particular,” Robinson, who used to be a freelance journalist before pivoting into cybersecurity, explained. “To make our living, we have to put ourselves out there, right? You have a website. You make your contact info readily available. That means that we have to be extra careful and extra judicious because we make ourselves that much easier to find.”
According to the Federal Trade Commission, job scams are on the rise. In 2021, the agency received more than twice the number of job scam reports than in 2020, and in the first quarter of 2022, there were already more than 16,000 complaints filed. And it’s not just freelancers like me who are vulnerable — before the remote work boom, spotting fake opportunities that swindled workers of their money was easy: working from home with flexible hours was what made opportunities suspicious, too good to be true. But now, with more and more employers offering WFH and hybrid arrangements, how can workers tell a scam apart from a good opportunity?
Robinson says that the old “if it’s too good to be true, it’s because it is” rule still stands despite a shift in working culture post-pandemic. Unfortunately, much of the onus to stay safe falls upon the job seeker or gig worker who is simply trying to make a living.
Researching the company to make sure it’s real is essential, as is looking for red flags like typos and researching the person who reached out to you. Not opening any attachments — a mistake I made out of curiosity — until you confirm the opportunity is legitimate is also crucial, as is not sharing your bank information with companies who reach out to you. Observing the email domain, which was ultimately what gave my scammers away for using Gmail rather than the standardized Condé Nast email format, can also reveal the legitimacy of the offer.
“When I was a writer and I needed to be easy to find, I abided by some safety tips to keep myself safe,” Robinson said. “I never post about where I am. I never talk about location. If I talk about location, it’s very broad, and I also turned geolocation off on all of my devices. I check all of my app permissions regularly to make sure it’s still turned off.”
Robinson also flags LinkedIn for being rife with scammers, particularly because it’s a networking-based app where job seekers are eager to meet people who might offer them a job. “Be judicious,” Robinson says. “Actually go to the person’s profile and look at it.”
Encountering a scam I could have fallen for has strengthened my commitment to my own cybersecurity. As Robinson suggested, I changed my passwords and ran an antivirus scan on my laptop — indeed, as she warned me, malware was found and deleted. But Robinson wants internet users to know they can protect themselves from scams if they are alert and set boundaries around the information they share.
“The data economy is huge,” she said. “But users aren’t helpless. We have more agency than we think we do.”
