One man's recession is a conman's opportunity. Twenty-two year old Naresh Kothari (name changed), who works for a mid-sized IT firm, learnt this the hard way.
He was desperately seeking a change for the past few months. Having posted his resume on popular job sites like naukri, monster and jobsahead, he hoped to land a new job soon. So, he was elated to get an email from IT services major HCL Technologies stating that his "offer letter" was being dispatched. He was needed in Noida with some documents on August 24, for which an air ticket would be sent.
All he had to do was to deposit a cheque of Rs 5,250 as refundable security in a particular bank by August 12.
Could he have asked for more? He shared the good news with some friends. One of them, who happened to work in HCL Tech smelt a rat since his company had never asked for a deposit.
So he dug deeper, tapping his friends in the HR department and alerted Kothari, who promptly wised up and attempted to verify the email sender's details. He is yet to receive a reply. He may never get one simply because HCL Technologies did not send the email.
Ravi Shankar B, senior VP & HR Head, HCL (India), acknowledges that "such fraudulent mails cheat innocent job aspirants, misleading them into giving money with the promise of providing jobs... ". These activities, he added, also end up tarnishing a company's image, though it plays no part in the scam. HCL Tech is working with the police to curb such malpractices.
Kothari is not a lone case. Earlier this year, some job aspirants had received a similar email, purportedly sent from India's third-largest IT firm Wipro Technologies, too. The IT major also issued a note cautioning aspirants to avoid falling prey to fraudsters.
With rising unemployment prompting more people to apply online for jobs, hackers are targeting corporate job sites and even setting up fake sites to collect applicants' personal information - a process known as phishing.
They are even duping gullible aspirants by asking them to deposit cash in banks as refundable security deposits. But can't the money be traced back to them? It's here that many unemployed people succumb to the lure of ads like "mailto:work@home and earn up to Rs 25,000..." work@home and earn up to Rs 25,000... " and so on.
Work-at-home schemes, notes the US Federal Bureau of Investigation, attract otherwise innocent individuals, causing them to unwittingly become part of criminal schemes.
Victims are often hired to process payments, transfer funds or "reship products". These job scams involve the victims receiving and cashing fraudulent checks, transferring illegally obtained funds for the criminals, or receiving stolen merchandise and shipping it to other criminals.
Related phishing schemes have also been found using keywords like Google Cash Club, Make Money with Google, Google Money Monster, and Google Home Income. Google has issued an advisory on its blog alerting users to this scam.
Most people are smart enough to ignore such emails, naukri.com cofounder and CEO Sanjeev Bikhchandani pointed out. "However, I must clarify that no such emails are sent from naukri.com. Our website has enough filters to identify such emails. In fact, these emails are sent out by using the email IDs that have been misappropriated from our database," he said.
He added that whenever his company sent out emails, it "categorically advises our members in a footnote not to pay any money". In the case of any misuse, the company informs the police as a general practice. "Having said that, no system is foolproof. So we advise our members to exercise caution," he pointed out.
Sanjay Modi, managing director, Monster India (SEA, Middle East) concurs: "We maintain a high level of security or we take immediate actions in such cases."
Abhinav Karnwal, product marketing manager, Trend Micro (APAC), noted that such incidents can occur in several ways. Legitimate sites can be hacked by an expert or people can hire hackers (who can be located on the internet and bought for a fee) to steal databases or email IDs from legitimate sites. Alternatively, databases of email IDs can be bought online and offline too through backdoor channels.
Because of the relatively open nature of web technology, it is very easy for criminals to fake web pages with convincing graphics, cautioned Shantanu Ghosh, VP, India Product Operations, Symantec.
He advises users to be suspicious of obvious typos in text, odd words or phrases or the feeling that the site just doesn't look right. It's easy to steal graphics, but thieves are often very clumsy writers, Ghosh noted.
"If you ever see an IP number in a URL, leave the site immediately. It is almost certainly a fraudulent site. Another method to ensure that you are on the correct site is to check if there is an 's' after the 'http' in the URL. This code often appears in e-commerce websites and essentially means that all transactions are secure and the site is legitimate," he adds.
"Such things do not target any particular company. It is easy for spammers to send spam mails and entice people to click on them. These compromise the users specially when there are not many jobs in the economy," said Nitin Jyoti, manager, McAfee Avert Labs.
He advises users to verify the legitimacy of the mail but writing back to the person or meeting the company representative in person to validate the mail.
In short, if something is too good to be true, then it probably is.
