Phishing Scams on Job Boards
Fake job listings and recruiter messages on employment platforms direct users to credential-harvesting pages designed to steal account logins.
Part of: Phishing
Last reviewed: 1 June 2026
Job boards present a natural phishing environment: users are actively engaged, expecting to click links and submit information, and often using the same email address and password combination across multiple services. Fraudsters exploit this by posting fake listings or sending messages as fake recruiters, directing targets to login pages that mimic the job board or connected services.
A stolen job-board login can yield a profile full of personal information useful for identity theft, as well as access to any stored payment details for premium subscriptions.
How this scam works on Job Boards
A notification-style message arrives on the job board claiming a recruiter has viewed the victim's profile and inviting them to 'log in to see their message'. The link leads to a convincing fake login page that captures email and password combinations. Some attacks send follow-on phishing to the email address on file, using the job-board context to make the message feel relevant.
Attackers also post listings that direct applicants to external 'company portals' — actually phishing sites — where they are asked to create an account using their existing email and a chosen password, banking on widespread password reuse.
Common red flags
- Unexpected login prompt accessed through an email or in-platform message link
- Login page URL does not exactly match the job board's official domain
- Message about a recruiter viewing your profile that requires re-authentication to read
- Application portal on an unfamiliar domain that looks like the job board's own interface
- Request to 'verify' your account by re-entering credentials
How to protect yourself
- Always access your job board account by typing the URL directly, not through message links
- Use a unique password for your job board account
- Enable MFA on job board accounts where the platform supports it
- Hover over any link in job-board messages to check the real destination URL
How to report it
- Report phishing listings and messages to the job board's safety team
- Forward phishing URLs to your national cyber authority
- Change your job board password immediately if credentials were entered on a suspicious page
Frequently asked questions
I entered my login on a page I now suspect was fake — what do I do?
Change your job-board password immediately and enable MFA. If you used the same password elsewhere, change it on those services too. Check your job-board profile for any unauthorised changes and notify the platform.