According to a poll by a local university, about 66% of Malaysians are now keen on a hybrid working environment due to pandemic-related concerns over health and safety. For online scammers, this is a goldmine.

Personal information such as one’s full name, birthday, phone number or email address is valuable – each single item of info able to derive up to US$10 (RM44) on the dark web. Closer to home, a seller was recently reported to be in possession of a dataset belonging to the national registration department with an asking price of almost RM44,000.

Once in the hands of cybercriminals, this data can be sold or traded to other unscrupulous parties. Scammers might als use it to commit other crimes such as identity theft, or to infect your device with malicious software to steal even more data.

Cybercriminals also prey on a job seeker’s desperation to make quick money. In Malaysia, most job scams include having the victim send money to the fake recruiter to pay for “investment fees”, or to get “commissions” or “bonuses” with higher returns.

These days, scammers have also changed their delivery mode to text/SMS messages. “There is lowered expectation of danger in such text messages, meaning the scam is more likely to succeed,” according to a spokesperson at online security company Kaspersky.

Companies, therefore, are advised to take necessary measures to protect their brand and reputation from scammers who exploit their corporate identity and information for fake job offers. Possible reputational losses can be avoided by having the company website, which lists contact details (such as for HR), audited for vulnerabilities.

As for individuals, here are some tips to help you avoid falling victim to this kind of scam:

• Limit job searches to official sources.
• Do not respond or click on links if they come from people or organisations you don’t know. Replying confirms to the sender that your contact details are up-to-date.
• Install a trusted security solution with fraud and phishing protection and follow its recommendations. This will solve most of the problems automatically and alert you if necessary. Remember, personal vigilance is not enough when dealing with the sophisticated scam methods used by cybercriminals.
• Use multi-factor authentication. A common variant is two-factor authentication (2FA), which often uses a text-message verification code; while a stronger variant includes using a dedicated app for verification, such as Google Authenticator.
• Always check the company’s official website for open vacancies matching your job skills.
• Check contact information on companies’ official websites. If needed, send an email to the company to verify if the person who contacted you actually works there.
• Be wary of offers to discuss a job. Hold interviews via platforms where messages are encrypted and cannot be forwarded, and which alerts participants if anyone takes a screenshot.
• Make an additional phone call to the company to ensure the job offer is legitimate.
• Review your job offer for possible mistakes; carefully check the company name or job title and responsibilities.
• Report all SMS phishing attempts to the designated authorities.

What should you do if you become a victim? Limit the damage with these important steps:

• Report the incident to the authorities and/or institutions that can assist.
• Change all passwords and account PINs where possible.
• Monitor your finances, credit, and other online accounts for strange login locations and other activities.