As the end-of-year break approaches, we begin to wind down, finalise recruitment rounds, and prepare for a fresh start in the new year. Unfortunately, cybercriminals see this period as an opportunity to exploit reduced vigilance and increased online activity. Recruitment scams – particularly those targeting LinkedIn – are on the rise, and HR teams are increasingly vulnerable.
Why HR Professionals are a target
HR professionals manage sensitive data, oversee recruitment processes, and often have public-facing profiles. This makes them attractive targets for scammers who impersonate legitimate recruiters or create fake job ads to lure candidates. These scams can damage organisational reputation, compromise data security, and mislead job seekers.
Common recruitment scam tactics
During the holiday period, scammers often:
- Pose as recruiters offering high-paying, remote roles with minimal requirements. These messages may seem legitimate but are designed to steal personal information or money.
- Create fake LinkedIn profiles mimicking HR staff or agencies.
- Send fraudulent job offers or interview invitations via email or LinkedIn messaging.
- Request personal information or upfront payments for fake job placements.
- Use cloned job ads that appear to be from reputable government departments or APS agencies.
These scams are often sophisticated, using real names, logos, and job titles to appear credible. The Australian Public Service Commission (APSC) circular on the Commissioner's role in SES recruitment emphasises the importance of maintaining integrity in recruitment processes, particularly at the SES level, where transparency and trust are paramount.
LinkedIn-specific risks
LinkedIn is a valuable tool for public servants to network, share insights and explore opportunities – but that visibility can also make us targets. Even casual chats can be a cover for gathering sensitive intel.
HR professionals should regularly review their LinkedIn privacy settings, avoid sharing sensitive recruitment details publicly, and be cautious when accepting connection requests from unfamiliar accounts. Look at job titles, email addresses, locations, follower counts and how long the account has been active.
If you don’t know someone, consider not accepting their connection.
If you have concerns regarding suspicious or unusual activity related to espionage, sabotage or foreign interference, please contact your agency’s security manager or advisor in the first instance. If you don’t have a suitable security contact, or if your concern is not resolved, you can report your concerns directly to the Australian Security Intelligence Organisation (ASIO) via the Notifiable Incidents, Threats or Reportable Observations (NITRO) portal.
When you’re updating your profile or building connections, remember:
- Use your personal email for your LinkedIn account. There are exceptions in place for those in specialist positions that require them to represent the APS publicly as a part of their role, such as some SES.
- Don’t disclose sensitive details such as your security clearance level in your profile or in messages.
- Keep titles generic where possible and review team names – they may unintentionally reveal government priorities or capabilities. And avoid sharing details of sensitive roles or work you are undertaking.
- Use a strong and unique password – at least 8 characters, with letters, numbers and special characters, and never reuse passwords or store them in obvious places.
- Change your password regularly.
- Enable 2-step or Multi-factor verification.
Protecting your team and candidates
To safeguard against recruitment scams:
- Educate candidates about your department’s legitimate recruitment practices.
- Include scam warnings in job ads and application portals.
- Collaborate with IT and cybersecurity teams to monitor for impersonation attempts.
- Report suspicious activity to LinkedIn and internal security contacts.
Looking ahead
As AI tools become more common in recruitment, HR professionals should also be aware of how technology is changing the landscape. The APSC’s article on How to Spot an AI Applicant offers insights into emerging trends and how to maintain fairness and integrity in selection processes.
Cyber scams don’t take holidays. By staying informed and proactive, HR professionals can protect themselves, their organisations, and the candidates they serve.