Shawn Freeman
CEO

The phone rings. Someone asks about the remote administrative role your company posted last week. The problem is, you didn't post one. Then another call. Then an email from someone who says they've already been "interviewed" and wants to know when they start.
This is what it looks like when scammers borrow your business. Fraudsters copy the names, logos, and job descriptions of real companies to post fake ads on Indeed, LinkedIn, Facebook, and other platforms. The goal is to use the trust you've built to collect money and personal information from job seekers. Fake job posting scams have become one of the fastest-growing fraud categories in Canada, and small and mid-sized businesses are attractive targets precisely because they're less likely to have monitoring in place.
The damage lands on two doorsteps. Job seekers lose money and personal data. Your business loses something slower to rebuild: trust. In this post, we'll cover how these scams work, the early warning signs that your name is being used, and the exact steps to shut it down and keep it from coming back.
The scam is simple and cheap to run. Fraudsters scrape a real company's website and social profiles, copy legitimate job descriptions, and republish them with their own contact details. Some register lookalike domains (yourcompany-careers.com instead of yourcompany.com) and build convincing careers pages. Others impersonate actual employees, using names and photos pulled from LinkedIn to run fake "interviews" over text or chat.
Once an applicant bites, the asks begin. Pay for equipment or training upfront. Deposit this cheque and send back the difference. Share your banking details and Social Insurance Number so we can "set up payroll." The Canadian Anti-Fraud Centre reports that over 2,300 Canadians lost more than $49 million to employment scams in 2024, with a median loss of $1,500 per victim (CAFC, 2024). And because fraud reporting in Canada is estimated at only 5 to 10 percent of actual incidents, the real number is much higher.
None of this requires breaking into your systems. Everything a scammer needs is publicly visible. That's an important point: being impersonated doesn't mean you've been hacked. But it does mean your name is out there doing damage, and only you can pull it back.
🚨 A job seeker who gets scammed rarely blames a faceless criminal. They blame the name on the posting: yours. That shows up as angry calls, negative reviews on job boards, and good candidates who quietly avoid your real openings.
Most businesses find out from confused strangers rather than from the platforms. Watch for these patterns:
💡 Treat the first confused applicant call as a gift. Every early report gives you evidence and a head start. Make sure whoever answers your phones knows to collect details (where they saw the posting, who contacted them, from what address) instead of just saying "that wasn't us."
Scammers keep a scheme running while it works and move on when a company pushes back. Speed and visibility are most of the battle. Here's the sequence:
⚠️ If the victims contacting you are primarily based in the United States, the fraud can also be reported to the FBI's Internet Crime Complaint Center (IC3). This applies to US-involved cases only; for Canadian victims, the CAFC is the right channel.
Where to Report What: A Quick Reference
Different fakes get reported to different places. Use this table as your checklist:
While the takedowns work through the system, real people are still encountering the fake postings. How you treat them determines whether this episode costs you reputation or earns you some.
✅ Standing language on your careers page does permanent work: "We never ask for payment or banking details during hiring, and we never hire through text or chat alone." It costs nothing and gives every applicant a simple test that instantly fails the scammers.
Once the immediate fires are out, a few permanent habits keep your name from being easy material:
For persistent or large-scale campaigns, dedicated brand-protection and takedown firms can find and remove fake listings, profiles, and domains at scale. That's a specialized service outside what an IT provider delivers, but Always Beyond can point you to reputable reputation management and registrar takedown firms and help you evaluate which one fits your situation.
Does being impersonated mean my systems were hacked?
Usually not. These scams are built entirely from public information: your website, your logo, your job descriptions, your team's LinkedIn profiles. That said, discovering an impersonation campaign is a sensible moment to review your overall security posture, because businesses being actively targeted for one kind of fraud are often probed for others.
Why would scammers pick my small business instead of a big brand?
Recognizable local names with active hiring make ideal cover, and smaller businesses are less likely to have brand monitoring, a communications team, or takedown processes ready. From a scammer's perspective, that means the fake postings stay up longer. That's exactly why early detection matters more for a 30-person company than for a national brand.
Am I liable if a job seeker loses money to a scam using our name?
The scammer committed the fraud, not you. But this isn't legal advice, and the reputational exposure is real regardless of liability, which is why documenting everything and responding publicly matters. If victims suffered significant losses or the campaign is large, it's worth a conversation with your lawyer.
How long does it take to get fake postings taken down?
It varies by channel. Major job boards often remove reported fraudulent postings within days. Fake social profiles can take longer. Lookalike domains depend on the registrar; some act within days of an abuse complaint, others need persistence or legal pressure. Expect to re-check weekly, because scammers frequently repost after a takedown.
Should I warn my clients and staff too?
Yes. Staff should know because victims will call them, and because scammers sometimes impersonate specific employees. Clients should know because a public, proactive warning from you reads as a company on top of the situation, while silence reads as indifference if they hear about it elsewhere.
Worried your business name could be borrowed next? Always Beyond can help you put the habits in place that make impersonation hard: one source of truth for job postings, standing careers-page language, and a team that knows what to do when the first confused call comes in. For brand monitoring and takedown services, which catch fake postings and lookalike domains early, we're happy to refer you to reputable firms and help you pick the right fit. Reach out to start the conversation.
See exactly how your current IT setup measures up to our Hack Free standards. Enter your business email to receive: