In just one month, Fahad, a 23-year-old resident of Delhi who is keen to enter the banking industry, has applied to over 80 jobs. But his LinkedIn inbox is still empty. Every now and then, he gets offers that seem good, but there's a catch: in order to get hired, Fahad has to finish an upskilling course, which costs ₹45,000, which he cannot afford.
Despite Fahad’s luck in dodging scammy offers, he’s part of a larger wave of job seekers struggling to navigate LinkedIn’s murky waters.
The hustle unfolds in sundry ways. It can be anything from an innocuous resume review from a sham professional that costs less than an espresso to multi-brand HR experts selling upskilling courses and charging for bogus referrals at top-tier companies.
Despite red flags, many job seekers find themselves ensnared in the deceit, their hopes dashed and wallets emptied.
During our investigation, we discovered a LinkedIn profile with over 107,910 followers. The owner claims to be an “Ethical Hacker,” “Android App Developer” and “Bug Bounty Hunter”. The profile frequently advertises job openings at prestigious companies like Deloitte, McKinsey, IBM and Barclays, advertising referrals for these seemingly lucrative positions.
The ask is deceptively simple: comment “interested,” receive a quick “Inbox me,” and the conversation shifts to private messages. The scammer then proposes a resume review for a Rs 1,000 fee, paid through UPI leaving barely any digital footprint. The UPI method of payment means that they don’t need to share identifiable details that are needed for a conventional NEFT or IMPS bank transfer.
Fahad, who graduated from a reputed college in Delhi, was fortunate to avoid these traps, but many aren’t as lucky. Often, the promised “expert-curated” resume never arrives, or what does come is an AI-generated document or simply a copy-pasted template hackjob that does nothing more than reorder blocks of text. And those coveted referrals? They’re usually just empty promises.
"If you are going to use a resume writer, ask for a referral or check the person's LinkedIn profile," Adam Yamada, founder and CEO of GreenJobs told Decode. "Look for endorsements regarding a person’s skills before trusting them with a paid resume analysis or writing gig."
A Deloitte employee confirmed that they are aware of the LinkedIn recruitment scams, adding that the company doesn’t reach out to candidates via text for recruitment unless they’ve been already shortlisted and that no fee is ever asked of candidates, local or overseas.
A LinkedIn spokesperson told Decode that their policies are clear - “Every LinkedIn profile must represent a real person and fraudulent activity, including job scams, is not allowed on our platform.” However, it is amply evident that LinkedIn, once the epitome of the professional network, is now full of fraudsters.
The Rise of LinkedIn Job Scams
Despite being frequently flagged, these fraudulent profiles continue to flourish on LinkedIn, unchecked and unverified. Many of these accounts do not list any actual employment history with the companies they claim to have connections with. Nevertheless, their posts garner hundreds of comments from eager job seekers.
"LinkedIn is simply too big for its boots," said Geoffrey Scott, Senior Content Manager & Hiring Manager at Resume Genius. “Scammers have become increasingly adept at mimicking legitimate content and skirting guidelines on what can and can't be posted on the site,” he told Decode.
“Congratulations! Your Profile Has Been Shortlisted". That’s usually how one of the fake job offer communiques begins. A few victims pointed out that despite applying to just one company, they got offers, often with identical scripts.
Another variety of hoax recruiters is the one that barely ever posts to dodge attention, but comments regularly underneath the response of folks showing interest in a role. Such accounts usually ask a person to text on WhatsApp, where the whole money-grab scheme unfolds predictably.
A bunch of LinkedIn scams involves direct advertisements of job posts, seemingly at renowned companies from “recruitment experts,” often leading applicants to shady websites. The candidate’s data is collected, leaving them exposed to calls and WhatsApp texts from scammers.
One of those agencies, Decode identified, is RecruitmentHub Agency. Their LinkedIn page, which has over 191,000 followers, often redirects the job listings to a Telegram group and a website but doesn’t offer a single detail about the company that owns it, the founders, or clients. Despite being feverishly promoted by fake recruitment professionals in India with tens of thousands of followers, the website’s domain database links it to a registrar in Arizona and a US-based mobile number.
The scams take a more sinister form when the candidate is asked to click on a link which takes them to communication platforms like WhatsApp or Telegram. That’s because once an individual reaches these messaging platforms, it becomes even more difficult to sniff out a scam using internet-based verification tools.
In at least two communications with fraudsters on WhatsApp, they asked Decode to watch a video, which itself sold a course for Rs. 199, with the added convenience of quick UPI payments and tall promises of changing one’s life forever. One of these videos has well over a million views on YouTube, and it asks the user to revert with the requisite details to “whoever sent the recruitment message” on WhatsApp.
Scammers Preying on Desperate Job Seekers
The stories of scam victims are all too familiar. Sumaiyya (name changed), a 28-year-old from Lucknow, encountered a recruiter on LinkedIn who promised her a work-from-home SEO content job. To secure the role, she was asked to pay ₹5,000 to confirm her position. When she sent the money, the recruiter claimed she had wired it to the wrong account and coaxed her into paying again. The recruiter disappeared after pocketing her entire savings.
“I lost my entire savings, but I could never tell my parents that I was scammed,” Sumaiyya said. “My brother tried on his end, but we couldn't recover the lost money.”
Adding to the problem is LinkedIn’s insufficient reporting system. Users can only select from a set list of categories like harassment, abuse, or fraud when reporting suspicious posts, and there is no way to provide detailed evidence or speak directly with a support executive.
“LinkedIn needs to step up by improving its verification processes for employers and service providers, tightening its policies against scams, and giving users better tools to report suspicious activity,” said Matthew Warzel, a North Carolina-based career coach and recruitment expert with over two decades of experience.
The flaw also has to do with the sheer scale of the platform. All the experts Decode spoke to flagged the massive reach and content scale as one of the key challenges of the Microsoft-owned platform that boasts over a billion members.
Impersonation is another problem plaguing LinkedIn. There is no dearth of reports where an individual has complained about a trickster using their name to generate social clout or pull their next con. “There are LinkedIn users pretending to be me! Despite reporting it to LinkedIn several times, no action has been taken,” Newman told Decode.
In their response to Decode, LinkedIn said that “scammers are constantly becoming more sophisticated and evolving their tactics, that’s why we use technology and teams of experts to find and remove unsafe jobs”
Jobs That Don’t Exist
Bengaluru-based software engineer, Vishnu Nair, got a whiff of a job scam as soon as the recruiter asked for money after taking details like resume, Aadhaar ID, and college marksheet. When Nair confronted the con artist behind the whole ordeal, he was sent a barrage of abusive messages and threats.
“There are many who lost money. For some of them, it is Rs. 1,550 or Rs. 1,650,” Vishnu told Decode, referring to fellow jobseekers who confided in him about their experience, after he called out the grifters on LinkedIn.
While recruitment mountebanks run wild on LinkedIn, legitimate companies are also helping exacerbate the situation. According to cybersecurity firm NordLayer, fake job offers emerged as one of the most common forms of a LinkedIn-native scam, while fake profiles impersonating a well-known company or affiliated professional came in a close second.
NordLayer’s research found that half of the respondents working across different industries in respectable roles had run into scammy job offers and swindlers acting as legitimate hiring professionals. However, fake job offers are not exactly a new phenomenon.
Late last year, WithSecure identified a campaign where Vietnamese bad actors deployed fake LinkedIn posts to advertise job offers at the renowned PC brand, Corsair. The campaign targeted users based in India, as well, to push DarkGate and RedLine info-stealing malware. KrebsOnSecurity also highlighted a plague of fake LinkedIn profiles purportedly associated with top brands like HP and Chevron.
The most well-known example is, perhaps, the Lazarus group. The North Korean hacker syndicate has also abused LinkedIn as a prowling ground for crypto-related malware attacks by targeting candidates with fake job offers.
The current wave of sham job offers targeting Indian LinkedIn users is not as sophisticated, yet, the financial implications are still dire and the whole ordeal is quite disheartening.
LinkedIn responded saying that it has strengthened its defenses by investing in advanced technologies, including network algorithms that identify communities of fake accounts through similar content and behavior patterns. The company spokesperson said that they also use computer vision and natural language processing algorithms to detect AI-generated elements in fake profiles, alongside anomaly detection for risky behaviors and deep learning models that recognize activity sequences linked to abusive automation.
According to LinkedIn’s latest Transparency Report, “90.5% of fake accounts we stopped were blocked by our automated defenses between July-December 2023,” while the remaining 9.5% were intercepted through manual investigations and restrictions. They said that 99.6% of these fake accounts were detected proactively, before any member reported them.
For scam or spam content, LinkedIn claims that their automated systems stopped 99.4% of the posts flagged, with the rest being removed by manual review teams.
However, fake job postings are becoming a norm even at esteemed companies. According to a survey by Resume Builder (via CNBC), four out of ten recruiters shared a non-existing profile on platforms like LinkedIn, with nearly 70% of them viewing it as “morally acceptable.”
Such dummy listings don’t generate any response for candidate applications, which makes them even more prone to fraudulent opportunities. Once again, the onus falls on candidates to find the legitimate listings in a sea of false posts.
“They should look at the scammers as thieves committing an Internet cybercrime, not just an inconvenience the users must learn to navigate,” said Mark Anthony Dyson, who writes “The Job Scam Report” newsletter and also hosts the “Voice of Job Seekers” podcast.
Fake Internships And Certifications
The deceit extends beyond job offers.
A software development and consultancy company, Encryptix, which boasts over 21,000 followers and promotes itself as a “one-stop internship program” doesn’t list any identifiable customers despite claiming to have worked with over 330 clients on more than eight hundred projects. The “Why choose us” microsite mentions “10+ glorious years of service,” but a domain lookup reveals their website was only created in April earlier this year.
The company claims to be based in Delhi, while the registrant details for the website trace their roots to West Bengal. When Decode contacted the official phone number listed on their website, the company declined to provide details about their founders or clients. Requests to visit their office in Delhi were also denied.
Notably, Encryptix features a dedicated verification tool on its website for checking the authenticity of certificates it has issued so far. Decode checked at least a dozen Encryptix certificates out there in the public domain, but the verification tool flagged every “C. ID” and “ID” number as “Not Verified” and “Invalid Certificate Number.”
On its website, the company has three articles, all published on the same date, with the generic “ankitgangwar.cloud” author byline. Checking one of the articles for content authenticity, a huge block of text returns “100% AI-generated” warning on an online plagiarism checker tool.
The name tracks back to a LinkedIn profile of the same name, which lists Ankit Gangwar simultaneously as the CEO of Encryptix and a Cyber Security Officer for the Haryana Police. Notably, the official directory of officers and employees maintained by Haryana Police doesn’t mention Gangwar’s name.
“It’s like they’re holding our futures hostage over pocket change,” said a student who fell for a scam. These companies capitalise on desperation, targeting fresh graduates who are eager to add certifications and skills to their LinkedIn profiles. For a small fee, they issue low-quality certificates that do little to advance a candidate’s career.
Another name that frequently pops up as part of an internship scam is CodeAlpha, which also has a “code verification” tool on its website, but it flags every unique number on the certificates it has issued as “not verified.”
CodeAlpha has over 195,000 followers on LinkedIn and appears to be dishing out certificates by the bucketloads.
Companies like CodeAlpha and Encryptix usually require only a Google Form submission, and extend internship opportunities where the selected candidates are remotely asked to complete low-skill programming tasks like creating a survey form or making a to-do list.
When candidates have completed the task, they are asked to pay an amount to obtain the certificate. The fee varies dramatically and could be as low as Rs. 50 or 100 per certificate issued, according to one of the victims who talked to Decode on conditions of anonymity.
“You're wrapping up your internship with a sense of accomplishment, and that’s when they start demanding a fee. A majority of my colleagues in the BTech CSE class are stuck in this fake internship mess,” the student told Decode.
These companies pass themselves off as MSME-certified on the internship certificates they issue to sell the aura of legitimacy without any fears of legal repercussions or punitive action. But despite a flood of posts warning about these scams, young job seekers, armed with graduate degrees, are desperate to make an impression with their resumes. So, many willingly embrace these blatantly suspicious internships.
The companies are also engaged in engagement farming. As part of their project “task,” the “selected” candidates are also asked to follow the social pages on platforms like LinkedIn, Instagram, and Telegram. These impressions are used to buff up the engagement metrics and conjure an illusion of credibility.
Legitimacy and anonymity play a tricky game on LinkedIn. “The anonymity of online interactions facilitates the activities of scammers. Scammers can create fake profiles and job postings with minimal effort, often using details that seem legitimate at first glance,” said Jon Morgan, CEO & Editor-in-Chief of VentureSmarter. “This anonymity allows them to operate with relative impunity.”
Recruitment expert Mark Anthony Dyson pointed out that LinkedIn needs to see these scammers as “thieves committing an internet cybercrime,” not just an inconvenience. Yet, the platform’s current verification processes are inadequate, allowing scammers to evolve their tactics and continue exploiting vulnerable job seekers.
In a market where youth unemployment is so acute that tens of thousands of graduates and post graduates are applying for sanitation worker roles, the desperation is palpable. Meanwhile, the $26.2 billion company isn’t doing enough to prevent the growing epidemic of scams on its platform.
LinkedIn, in its response to Decode, highlighted recent efforts to enhance user trust and authenticity on the platform, including the introduction of free verification features for members. These allow users to verify their identity information, which LinkedIn said creates a “more authentic and trusted experience.” The platform said it introduced verification badges on job postings, as well as on job seeker and recruiter profiles.
The company spokesperson said that these updates “can help members make more informed decisions about who to interact with on LinkedIn.”