Always Beyond White Icon Logo Small
Is Your Business Secure?
Take our FREE 2-minute IT Security Scorecard and get instant insights—no strings attached.
👉 Start Assessment
Insights & Guides
Cybersecurity & Risk
Eleanor’s Favourite

Fake Job Posting Scams: When the Company Being Impersonated Is Yours

Protect your business from fake job posting scams by learning how to spot impersonation early, respond quickly, and safeguard your brand’s reputation.
Jul 09, 2026
12 min read

The phone rings. Someone asks about the remote administrative role your company posted last week. The problem is, you didn't post one. Then another call. Then an email from someone who says they've already been "interviewed" and wants to know when they start.


This is what it looks like when scammers borrow your business. Fraudsters copy the names, logos, and job descriptions of real companies to post fake ads on Indeed, LinkedIn, Facebook, and other platforms. The goal is to use the trust you've built to collect money and personal information from job seekers. Fake job posting scams have become one of the fastest-growing fraud categories in Canada, and small and mid-sized businesses are attractive targets precisely because they're less likely to have monitoring in place.


The damage lands on two doorsteps. Job seekers lose money and personal data. Your business loses something slower to rebuild: trust. In this post, we'll cover how these scams work, the early warning signs that your name is being used, and the exact steps to shut it down and keep it from coming back.

StatisticDescription
$49M+Lost by Canadians to job scams in 2024 (CAFC).
Growth in reported losses from 2022 to 2024 (CAFC).
64%Of consumers trust a brand less after fraud in its name (Telesign, 2024).
5–10%Of fraud incidents actually get reported (CAFC estimate).


How Fake Job Posting Scams Work

The scam is simple and cheap to run. Fraudsters scrape a real company's website and social profiles, copy legitimate job descriptions, and republish them with their own contact details. Some register lookalike domains (yourcompany-careers.com instead of yourcompany.com) and build convincing careers pages. Others impersonate actual employees, using names and photos pulled from LinkedIn to run fake "interviews" over text or chat.

Once an applicant bites, the asks begin. Pay for equipment or training upfront. Deposit this cheque and send back the difference. Share your banking details and Social Insurance Number so we can "set up payroll." The Canadian Anti-Fraud Centre reports that over 2,300 Canadians lost more than $49 million to employment scams in 2024, with a median loss of $1,500 per victim (CAFC, 2024). And because fraud reporting in Canada is estimated at only 5 to 10 percent of actual incidents, the real number is much higher.

None of this requires breaking into your systems. Everything a scammer needs is publicly visible. That's an important point: being impersonated doesn't mean you've been hacked. But it does mean your name is out there doing damage, and only you can pull it back.

🚨  A job seeker who gets scammed rarely blames a faceless criminal. They blame the name on the posting: yours. That shows up as angry calls, negative reviews on job boards, and good candidates who quietly avoid your real openings.

Warning Signs Your Business Is Being Impersonated

Most businesses find out from confused strangers rather than from the platforms. Watch for these patterns:

  • Applicant calls that don't add up. People phoning or emailing about roles you never posted, or asking to confirm interview times that were never scheduled.
  • A wave of unexpected resumes. A sudden spike in applications for positions your company hasn't advertised.
  • People claiming they've been hired. Contacts insisting they've completed interviews or received offers from someone using your company name.
  • Lookalike websites. Domains with slight misspellings of your name, or your name with "careers" or "hiring" bolted on.
  • Fake employee profiles. LinkedIn accounts impersonating your actual staff, sometimes connected to your real employees to look authentic.
💡  Treat the first confused applicant call as a gift. Every early report gives you evidence and a head start. Make sure whoever answers your phones knows to collect details (where they saw the posting, who contacted them, from what address) instead of just saying "that wasn't us."

Your First 48 Hours: Document, Warn, Report

Scammers keep a scheme running while it works and move on when a company pushes back. Speed and visibility are most of the battle. Here's the sequence:

  1. Capture the evidence. Screenshot every fake posting, profile, email, and website, with URLs and dates. Fake postings vanish fast, and you'll need this record for every report that follows. Keep a running log of where each fake appeared, when you reported it, and when it came down.
  2. Post a public warning. Add a prominent notice to your website (or a dedicated careers page) stating that all legitimate openings are posted there, and that you never ask applicants for money for equipment, training, or background checks. Push the same warning out on your official LinkedIn, Facebook, and X accounts, and pin it while the scam is active.
  3. Report every fake posting to the platforms. Search Indeed, LinkedIn, ZipRecruiter, and any board relevant to your industry for your company name, and use each platform's reporting channel. If scammers are impersonating your staff, ask your team to report those profiles too.
  4. Report the fraud to the Canadian Anti-Fraud Centre. File online through the CAFC's reporting system or call 1-888-495-8501. This documents the scam officially and helps investigators connect it to wider campaigns. If the scam uses localized details like a fake address in your city, file with your local police service as well.
  5. Go after the infrastructure. For lookalike domains, a WHOIS lookup identifies the registrar, and an abuse complaint will often get the domain pulled because impersonation violates the registrar's terms of service. If the "recruiter" operates from a Gmail or Outlook address, report it through the provider's abuse form.
⚠️  If the victims contacting you are primarily based in the United States, the fraud can also be reported to the FBI's Internet Crime Complaint Center (IC3). This applies to US-involved cases only; for Canadian victims, the CAFC is the right channel.
Where to Report What: A Quick Reference

Different fakes get reported to different places. Use this table as your checklist:

What you foundWhere to report itWhat to include
Fake posting on a job boardThe platform's own reporting channel (Indeed, LinkedIn, ZipRecruiter)Screenshot, URL, date found
Fake recruiter or employee profileThe social platform's impersonation report, plus reports from your own staffProfile URL, name of the person being impersonated
Any scam using your business nameCanadian Anti-Fraud Centre, online or 1-888-495-8501Your full evidence log
Localized details (fake local address or phone)Your local police serviceEvidence log; record the file number
Lookalike domain or spoofed websiteThe registrar's abuse contact (found via WHOIS lookup) and the web hostDomain name, screenshots, your legal business name
Free email "recruiter" addressThe provider's abuse reporting form (Google, Microsoft, Yahoo)The address plus sample messages
Victims primarily in the USFBI IC3 at ic3.gov (US-involved cases only)Same evidence log

Protecting Job Seekers While the Scam Is Active

While the takedowns work through the system, real people are still encountering the fake postings. How you treat them determines whether this episode costs you reputation or earns you some.

  • Give confused applicants a front door. Designate one official address, something like hr@yourcompany.com, where anyone can verify a posting or report a suspicious contact. Publish it on your careers page.
  • Tell candidates how to spot the real you. State plainly what your genuine hiring process looks like: the email domain you hire from, that you always hold a phone or video interview, and that offers come in writing from your domain.
  • Respond kindly. The people contacting you were targeted using your name. A considerate response and a pointer to the CAFC turns a bad experience into a story about how well your company handled it.
  • Brief your team. Everyone who answers phones or shared inboxes should know the scam exists, have a short prepared response, and know where reported details go.
✅  Standing language on your careers page does permanent work: "We never ask for payment or banking details during hiring, and we never hire through text or chat alone." It costs nothing and gives every applicant a simple test that instantly fails the scammers.

How to Make Your Business a Harder Target

Once the immediate fires are out, a few permanent habits keep your name from being easy material:

  • Set up alerts on your own name. Google Alerts for your business name and the job titles you commonly hire for will surface new fake postings quickly.
  • Watch for lookalike domains. Brand monitoring services flag new domain registrations that include your company name, so a spoofed careers site gets caught in days instead of months.
  • Keep one source of truth for openings. Post every legitimate job on your own website, even when you also use job boards, so applicants always have a place to verify.
  • Keep your hiring contacts verifiable. A named person, on your real domain, listed publicly. Scammers rely on ambiguity about who actually does your hiring.

For persistent or large-scale campaigns, dedicated brand-protection and takedown firms can find and remove fake listings, profiles, and domains at scale. That's a specialized service outside what an IT provider delivers, but Always Beyond can point you to reputable reputation management and registrar takedown firms and help you evaluate which one fits your situation.

Frequently Asked Questions

Does being impersonated mean my systems were hacked?

Usually not. These scams are built entirely from public information: your website, your logo, your job descriptions, your team's LinkedIn profiles. That said, discovering an impersonation campaign is a sensible moment to review your overall security posture, because businesses being actively targeted for one kind of fraud are often probed for others.

Why would scammers pick my small business instead of a big brand?

Recognizable local names with active hiring make ideal cover, and smaller businesses are less likely to have brand monitoring, a communications team, or takedown processes ready. From a scammer's perspective, that means the fake postings stay up longer. That's exactly why early detection matters more for a 30-person company than for a national brand.

Am I liable if a job seeker loses money to a scam using our name?

The scammer committed the fraud, not you. But this isn't legal advice, and the reputational exposure is real regardless of liability, which is why documenting everything and responding publicly matters. If victims suffered significant losses or the campaign is large, it's worth a conversation with your lawyer.

How long does it take to get fake postings taken down?

It varies by channel. Major job boards often remove reported fraudulent postings within days. Fake social profiles can take longer. Lookalike domains depend on the registrar; some act within days of an abuse complaint, others need persistence or legal pressure. Expect to re-check weekly, because scammers frequently repost after a takedown.

Should I warn my clients and staff too?

Yes. Staff should know because victims will call them, and because scammers sometimes impersonate specific employees. Clients should know because a public, proactive warning from you reads as a company on top of the situation, while silence reads as indifference if they hear about it elsewhere.

Worried your business name could be borrowed next? Always Beyond can help you put the habits in place that make impersonation hard: one source of truth for job postings, standing careers-page language, and a team that knows what to do when the first confused call comes in. For brand monitoring and takedown services, which catch fake postings and lookalike domains early, we're happy to refer you to reputable firms and help you pick the right fit. Reach out to start the conversation.
On this page

Ready to Make IT One Less Thing to Worry About?

Book a no-pressure consultation to see how Always Beyond can help you simplify, secure, and future-proof your IT.

See exactly how your current IT setup measures up to our Hack Free standards. Enter your business email to receive:

  • Free 10-point security scorecard for your business
  • Complete Hack Free Guarantee eligibility checklist
  • Exclusive case studies from our protected clients