Scam of the Week: Good Conduct, Bad Phish

Scam of the Week: Good Conduct, Bad Phish

In this week’s scam, you receive an email that looks like an official message from your organization. The email has an alarming subject line that says, “Reminder: employer opened a non-compliance case log.” It states that a code of conduct review has been opened against you and includes a PDF attachment that contains a link for you to select to review additional documentation.

But this email is actually a phishing scam! If you select the link in the PDF file, you are instructed to complete a series of security checks, which include entering your email address and verifying that you are not a robot. Finally, you are directed to a login page and asked to sign in to your Microsoft account to access the file. But these “security checks” aren’t real, and the login page is fake. If you type your login information, scammers will steal it!

Follow these tips to avoid falling victim to this phishing scam: 

• A legitimate recruiter will never ask you to pay for anything to be eligible for a job opportunity. Being asked for payment as part of the hiring process for a new job is a red flag.
• Check the sender’s email address carefully. Real recruiters will usually contact you from a corporate email address, rather than a personal email account, such as Gmail.
• Remember, scammers often offer something that seems too good to be true as a way to trick you into sending them money or personal data. If an opportunity seems suspicious, trust your instincts!

Stop, Look, and Think. Don't be fooled.