PremiumPREMIUM

WENDY KNOWLER | How about them apples? Fraudsters target new employees

Job seekers and new employees fall for confidence trick but it can be avoided by registering with SAFPS

Wendy Knowler

Wendy Knowler

Consumer journalist

If all you're doing is just sticking a firewall on the edges of the corporate network for cybersecurity, you’re already in trouble.
If all you're doing is just sticking a firewall on the edges of the corporate network for cybersecurity, you’re already in trouble. (123rf)

Bloody fraudsters. Yes, I’m angry and frustrated by the havoc fraudsters wreak on the lives of so many people. Their emails often bring me to tears.

Job seekers are incredibly vulnerable, given the amount of personal information they are required to supply when they apply for jobs.

That’s a lot of at-risk South Africans, given that our unemployment rate has now hit a scarily high record of 34,9% according to Stats SA. Many who’ve applied to major corporates for jobs have become victims of impersonation fraud not long afterwards.

When I began reading Minenhle’s email about being offered the job she’d applied for in the United Arab Emirates, I was expecting her to say she’d been asked to pay an upfront fee.

That’s always a scam, as genuine employment agents get paid by the companies offering the positions — they never ask those candidates for payment.

But Minenhle’s fraudster was after bigger pickings.

“I was too excited to even check if it was a legitimate job or not, and sent them a copy of my ID, qualification, photo, address and phone number,” she said.

I was too excited to even check if it was a legitimate job or not, and sent them a copy of my ID, qualification, photo, address and phone number.

—  Fraud victim Minenhle

“The SA Fraud Prevention Service, which I had registered with before, on your advice, has now confirmed that my identity has already been compromised.” I advised her to acquire an extra layer of protection by signing for an alert with one of the credit bureaus, such as TransUnion, so that if someone applies for credit or a loan in her name, she’ll get an SMS or email informing her of that, so that she can raise the alarm with the company concerned.

Once someone lands a new job, they’re still potentially a target for the “Boss asks newbie to buy gift cards” scam.

Most people can’t resist sharing their good news on social media, and particularly on LinkedIn, and the fraudsters have no trouble tracking down the contact information they need to get in touch.

Cape Town-based Eric — not his real name; he’s too embarrassed to be identified — fell for the scam recently and lost R11,000 before he realised he’d been had.

He’d just landed a new job and was keen to make a good impression.

So when he got an email from “his CEO” asking for a favour, he wasted no time. “Hi Eric, I got a request. Can you handle it discreetly? Let me know if you’re available to help out.”

“Of course,” Eric said. “I’m here to help in any way I can.”

“I’ve attended a dozen ‘Internet Privacy and Security’ conferences over the years. I’ve even hosted a few regarding social media privacy and security for parents and teachers. I read articles about how people are scammed — and always tell myself that I’m too smart for that,” he said. “But this time I wasn’t.”

The follow-up email from “the CEO” went like this: “Here’s what I want you to do for me. I’ve been working on incentives and I aim to surprise some of our staff with gift cards today.”

He began by asking Eric to buy five iTunes gift cards, all $66 (R1,000) in value. That’s how he lost the first R5,000. “To make things easy,” he was told, “scratch off the back of the gift cards, take a clear photo of each gift card showing the pins, and email the images to me here with the receipts for reimbursement. I would like to send them out with personal messages.”

He complied in a flash and was then asked to buy another six cards which he did, maxing out his credit card.

But the fraudster wasn’t done, of course.

“I think we’ll need a few more for our clients. Maybe five will do it.”

That’s when Eric hopped onto WhatsApp to confirm the instruction with his boss.

After no reply for 20 minutes, he sent another email — this time by hitting the “New Message” button in his laptop’s Outlook app. At this point, it’s still not sinking in about a scam. But 20 minutes later the real boss responds via WhatsApp: “It’s a scam. It’s not me. Forward me those mails.”

A staffer on Apple’s support help desk filled Eric in on what became of his R11,000. “The gifts cards were all redeemed within minutes by a single Apple ID. The money was then transferred through a few apps. He wasn’t able to give me specific names on which apps, but he was able to tell me it was used in cryptocurrency apps. Apple can’t trace the money from that point. In their experience, the money usually passes through those crypto apps and is transferred into currency and banked.

“If the gift cards have been redeemed and the money not used, they can reverse that — but not in this case,” Eric said.

The scammer’s Apple ID has been blocked, as has their device, but clearly that won’t stop them.

Eric was told that LinkedIn is the scammers’ favourite source of information. “These guys usually watch and monitor companies for a few weeks or months, before targeting new hires or people who have been in the same role for a few years.” A recently hired colleague of Eric’s was also targeted, but thankfully Eric had alerted the entire staff to the scam before she opened her emails that day.

Eric’s takeout? “Don’t buy gift cards without speaking to the person on the phone or in person.”

• Applying for protective registration with the SAFPS is free, and it can be done on your cellphone in under five minutes.

With your ID book or smart card in hand, go to www.safps.org.za and follow the prompts. And:

  • Don’t share your personal, banking or credit card information with anyone;
  • Check your bank and credit card activity daily;
  • Destroy — shred or rip up — personal documents before throwing them away;
  • Don’t enter online competitions requiring you to provide personal information; and
  • Activate privacy settings on social media sites such as Facebook and be very careful not to post any personal details, and that includes posting photos of statements or your correspondence with companies. 

• Eric has related his story on his company’s website: https://innovationsoftheworld.com/gift-card-scam-from-company-email/

CONTACT WENDY: E-mail: consumer@knowler.co.za; Twitter: @wendyknowler; Facebook: wendyknowlerconsumer

Get the Sunday Times Daily app or daily email newsletter

Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.

Comment icon
Sign UpLog In

Please read our Comment Policy before commenting.

Editor’s Choice

1

Faith, fitness and funding a dream: meet 3 Comrades runners

2

Bafana will ‘fight like lions’ against ‘complete team’ Mexico, says Broos

3

MAHLATSE AT THE WORLD CUP | Bafana to play Mexico in opener

4

Why storms that used to happen every 50 years are hitting more often

Related Articles