← Blog

Protect yourselfJuly 18, 20268 min read

How to spot a job scam: fake recruiters, fake postings, and the traps that cost real money

You got a message. The recruiter sounds professional, the company is real, the salary is good, and they are moving fast. Something feels slightly off, and you are here because you want to know if that feeling is right. Short answer: the feeling deserves two minutes of checking before you share anything else. Job scams have become industrial. They run on cloned recruiter profiles, lookalike company domains, and postings that exist only to collect resumes. They target people who are doing everything right: applying widely, answering quickly, staying polite. This guide covers the five families of job scams, the red flags that show up again and again, a verification routine that takes two minutes, and exactly what to do if you already engaged.

Why these scams work

Job scams exploit the shape of the job search itself. When you are applying, you are the one asking, so requests from the other side feel normal. You are trained to respond fast, share personal details, and follow instructions from strangers, because that is what a real hiring process asks of you too. Scammers copy the format of that process and count on urgency and hope to do the rest. Getting targeted indicates nothing about you except that your resume is visible somewhere. Getting caught indicates nothing about your judgment either: these operations are professional, they run scripts refined on thousands of people, and they are good at their job. The defense is not intelligence, it is procedure. A short verification routine, applied every time, catches almost all of it.

The five families of job scams

1. Fake recruiters: the impersonation play

Someone contacts you claiming to recruit for a real, often well-known company. The name is real, the logo is real, sometimes the recruiter's name belongs to a real employee. What is fake is the sender. Look at the actual email domain: impersonators write from a domain one letter away from the real one, from a domain with an extra word in it, from the same name with a different ending, or from a plain personal email address. The conversation is warm and fast, the role is attractive, and the process conveniently skips the company's own application system. The goal is to move you toward one of the other families below: a fee, a check, or a request for personal data, all under a borrowed name.

2. Fake job postings: harvesting your data

Some postings are not bait for money. They are bait for you. The job never existed: the posting exists to collect resumes, phone numbers, addresses, dates of birth, and sometimes answers to screening questions that look a lot like security questions. Signs that suggest a harvesting posting: it stays up or reappears for months, the description is generic enough to fit anyone, the company has no verifiable footprint, and every applicant seems to move forward. On its own, a vague posting indicates nothing. A vague posting that leads to an instant interview invitation and a form asking for your full personal profile is a different story.

3. Pay-to-work: the money moves the wrong way

Every version of this family has the same tell: money leaves your pocket before you have a job. Sometimes it is framed as an onboarding fee, a background check charge, or a certification you must buy. Sometimes it is equipment: they hire you, then instruct you to buy a laptop or a software kit from a specific vendor, which they own. The most expensive version is the check: they send you a check, tell you to deposit it, keep a part, and forward the rest to an equipment vendor or a colleague. Your bank makes the funds available within days, because that is what banks do. The check takes longer to actually clear, and when it bounces, the bank takes the full amount back from you. The money you forwarded is gone, and it was your money all along. That delay between available and cleared is the entire mechanism. A real employer will never ask you to move money. Not once, not in any direction.

4. Data scams: the paperwork that comes too early

A real employer does eventually need sensitive information: tax forms and payroll details require it. The scam version changes only one thing, the timing. If someone asks for your Social Security number, a photo of your ID, or your bank account details before you have a signed offer and a start date, stop. Legitimate onboarding paperwork happens after you are hired, through a payroll or HR system, not over email or chat during screening. The same goes for anything framed as an identity check that wants your full details in a form you have never heard of. Once that data is gone, the scam does not need you anymore, which is why these conversations often end abruptly after you comply.

5. Task scams: paid at first, then the deposit

This one has grown fast. It starts small: rate some apps, boost some listings, complete simple tasks on a platform, and get paid a few dollars, which you actually receive. The early payments are the investment. Once you trust the system, your account shows growing earnings that you cannot withdraw until you make a deposit, unlock the next tier, or complete a batch that requires topping up your balance, often in cryptocurrency. The deposit is the scam. The dashboard numbers were never money, and no legitimate work platform charges you to access your own pay.

Job scam red flags

None of these alone settles the question, but each one should slow you down, and two or more together suggest you walk away:

  • A salary clearly above market for the role and the experience required. Generosity without scrutiny is bait.
  • An offer without a real interview, or after one short chat. Real hiring is slower than you want it to be, and that is oddly protective here.
  • Artificial urgency: accept today, positions are filling now, the fee must be sent tonight. Pressure is a tool, and legitimate employers rarely need it.
  • A generic email address, or a domain registered weeks ago. The sender's domain is the single most checkable fact in the whole conversation.
  • The interview happens entirely in a chat app like Telegram or WhatsApp, with no video, no phone call, and no one whose face or voice you can verify.
  • Bank details requested before a signed contract. Payroll comes after hiring, always.
  • A check to deposit before your first day, for equipment, training, or anything else. This one is not a gray area.

Is this recruiter legitimate? A two-minute verification routine

Run this every time, even when nothing feels wrong. It is fast, and it works precisely because it does not depend on your instincts:

  • Find the company's official website yourself. Type it, search it, but do not click the link you were sent. Compare the domain in the recruiter's email to the official one, letter by letter, including the ending.
  • Look for the person. Real recruiters exist beyond one conversation: on the company site, in a professional profile with history and colleagues. A profile created last month with no connections suggests a mask, not a person.
  • Ask the company directly. Use the contact channel on the official site and ask whether the position and the recruiter exist. Companies that are being impersonated want to know.
  • Check where the process lives. Real companies run their hiring through their own systems. A process that avoids the company's site entirely deserves an explanation.
  • Apply the two money rules. You never pay to get a job: not for training, not for equipment, not for a background check. And you never deposit a check and send money onward, whatever the story attached to it.

If you already engaged

First: it happens to careful people, in numbers that would surprise you. These operations are built by professionals and refined daily. Getting caught indicates nothing about you. What matters now is speed, not self-blame:

  • Stop responding. Do not announce it, do not argue, keep the whole conversation as evidence: addresses, usernames, payment details, everything.
  • If money moved or you shared bank details, call your bank immediately. Flag the transaction as fraud, ask what can be reversed, and follow their instructions on the account itself.
  • If you shared your Social Security number, place a credit freeze with the three credit bureaus (Equifax, Experian, TransUnion). It is free, it is reversible, and it blocks new accounts from being opened in your name. Then follow the recovery steps at identitytheft.gov.
  • Report it, even if you stopped before losing anything: reportfraud.ftc.gov and ic3.gov in the United States. One report feels small; reports in volume are how these operations get mapped and shut down.
  • If a real company was impersonated, tell them too. You will not be the only target, and they can warn others.
  • Outside the United States, report through your national fraud reporting service.

The bottom line

The patterns repeat because they work, and they stop working the moment you check. The sender's domain, the direction the money moves, the timing of the paperwork: three facts, all checkable in minutes, catch nearly everything described here. A tracker helps too: keeping a record of who contacted you, from which address, and when makes inconsistencies easier to spot, and that is part of what your Quaerent tracker is for. One habit worth keeping: a dedicated email address for your job search.