The evolution of the advanced fee scam

As one of Fastmail’s customer support agents, part of my job is making sure that our customers are well-informed about rising trends in fraud so that they can be sure to steer clear of them. While our customers tend to be tech-savvy enough to spot the average scam email from a mile away, online scammers grow increasingly more sophisticated every year.

I recently attended the 62nd General Meeting of the Messaging, Malware, Mobile Anti-Abuse Working Group (M3AAWG) in Toronto. There, I spoke with others in the email and anti-abuse industry about the increase in advanced fee scams they’d observed in the years since the onset of the COVID-19 pandemic.

Advanced fee scams are not a new type of scam, but scammers have begun running a much more sophisticated version of this old-school scam. One that can convince even those who know to be cautious when navigating the internet.

Historically, advanced fee scams involved scammers promising the victim some sort of too-good-to-be-true opportunity or reward. The only catch is that the the victim has to pay a fee before they can receive the promised reward or opportunity. Generally, the scammer claims this fee is just to cover processing fees, background checks, training materials, or some other reasonable sounding expense. They assure the victim that they’ll be reimbursed for this expense down the road. Once the victim pays the fee, the scammer goes silent and the victim realizes that they’ve been conned.

Until recently, advanced fee scams were your garden variety “Nigerian prince” scam that savvy internet users quickly learned to avoid. Someone would offer the victim a large payoff if the victim could just cover the relatively small wire transfer or bank processing fees. For most email users, this type of con was easy to detect and most people knew to watch out for them.

Advanced fee scams have recently evolved to masquerade as hiring and work-from-home opportunities, targeting people who are looking for work in an already highly competitive job market. The scammers will pose as hiring managers or recruiters, and will even go so far as to reach out to victims over legitimate hiring websites, such as LinkedIn.

The victim is led to believe that they are being considered for a job or internship opportunity, but they’ll be asked to pay a fee as part of the hiring process. In some cases, the victim is given a link to the company’s preferred online vendor, where they are told to purchase the items they’ll need for the job. The scammer tells the victim that they’ll be reimbursed for these purchases later. However, the link takes the victim to a fake webstore where the payment is taken, but no goods are ever sent. At this point, the scammer stops responding to the victim.

More frequently, the scammers ask the victim to pay a small fee to cover some other aspect of the hiring process. Generally, the scammer will claim this is an application fee or something similar. Of course, the scammer stops responding to the victim’s messages as soon as they receive the payment.

In some cases, scammers will even conduct actual phone or video interviews with the victim as part of the phony hiring process. There’s no way to know how this data is being used by the attackers without insider knowledge.

This combination of fraudulent hiring and advanced fee scams allows attackers to collect both money and personally identifying information from vulnerable populations.

I recommend the following precautions to avoid becoming the victim of one of these scams:

• Confirm the legitimacy of any jobs you are interested in applying for by verifying that the position is listed on the company’s website.
• Make sure that any emails you receive from a hiring manager are actually coming from the company’s domain or from the domain of a legitimate staffing agency. Double check that there are no typos or look-alike characters in the domain.
• Take the same precautions with any URLs that are shared with you via email or on hiring sites. Scammers can set up convincing look-alike websites, but you can check the URL to verify that you are being directed to the company’s legitimate website.
• Even if a message appears to be sent from a company’s actual domain, there’s a chance that the message could be spoofed, meaning the scammer forged the email’s “From” address to make it look like it came from a certain person or company. Chances are that these messages would get flagged as spam, but it’s still a good idea to confirm that a message hasn’t been spoofed by checking the headers of the message. Fastmail makes it easy to view the full headers of a message. Simply click the Actions drop down and select Show raw message to see the full headers of the message and verify that the message passed sender authentication checks. If you’re not familiar with how to read email headers, you can always reach out to Fastmail’s friendly and knowledgeable support team to help confirm a message’s legitimacy.
• If a job opportunity seems too good to be true, or you’re told that you’ve been accepted for a position almost immediately with little to no interview process, chances are the hiring manager or recruiter that you’re talking with is actually a scammer.
• If at any point in the interview process the recruiter asks to stop communicating via email and asks you to contact them on Telegram, WhatsApp, or any other end-to-end encrypted communication platform, they are almost certainly trying to scam you.
• If the company requires payment from you for a job opportunity, we ultimately recommend that you do not proceed. It’s extraordinarily rare for a legitimate company to require payment from you for a job opportunity.

As these scams become more pervasive, it’s crucial that those on the job market educate themselves on the potential scams that are out there. Knowing how to recognize and avoid these fraudulent job listings can ensure you don’t waste your time, lose money, or divulge your personal data to scammers.