How to Spot Fake Job Postings on Indeed

How to Spot Fake Job Postings on Indeed

Job seekers beware! Cyber criminals are now posting fake job postings on Indeed and other job boards in an attempt to steal your personal information. They may even ask you to send them your resume and other personal information, which they will then use to commit identity theft.

Be very careful when applying for jobs online, and make sure that the job posting is legitimate before providing any of your personal information.

What are fake job postings on Indeed and how do they work?

Job seekers are often targets of social engineering scams, and Indeed is no exception. Scammers will create fake job postings in an attempt to collect personal information from job seekers, such as their Social Security number or bank account information.

The scammer may pose as a potential employer, or they may set up a fake Indeed account and use it to post the fake job listing. In either case, the goal is the same: to trick job seekers into giving up personal information that can be used to steal their identity or commit fraud.

Fortunately, there are a few things you can do to protect yourself from fake job postings on Indeed. First, be sure to verify the identity of anyone you communicate with about a job listing. If you’re unsure about someone, you can always reach out to Indeed customer service for help.

Second, never give out personal information until you’re sure you’re dealing with a legitimate employer. And finally, if something seems too good to be true, it probably is. If a job listing seems too good to be true, there’s a good chance it’s a scam. By being aware of these red flags, you can help protect yourself from becoming a victim of fraud.

How can you tell if a job posting is legitimate

There are a few things you can look for to help determine if a job posting is legitimate. First, check the employer’s website to see if they have an active career page. If they don’t, that’s a red flag.

You should also be wary of any listing that asks you to provide personal information upfront, such as your Social Security number or bank account information.

If you still aren’t sure if you’re looking at a fake job posting or not you can also try and verify that it is legitimate by attempting to contact the company directly from their website, NOT the contact information from the job posting itself.

Next, take a close look at the language used in the job posting. If it seems overly promotional or too good to be true, it’s likely a scam.

Some of the most common red flags include:

  • The employer is not listed on the job posting
  • The job listing asks for personal information upfront
  • The language in the job listing is too good to be true
  • You can’t verify that the company exists

If you encounter any of these signs, it’s best to avoid applying for the position.

example of fake job ads

Source: Automatic Detection of Online Recruitment Frauds: Characteristics, Methods, and a Public Dataset

The two job ads above are real examples of what one of these fake job postings might look like.

What to do if you think you’ve been scammed by a fake job posting

If you think you have been the victim of a job scam, there are a few things you can do to protect yourself and your information. First, contact the company that supposedly posted the job and ask if the posting is real. If it is not, they may be able to take down the fake posting and warn other potential victims.

Next, report the scam to any job boards or websites where you found the posting. This will help to prevent others from falling victim to the same scam.

Finally, if you have already given out personal information such as your Social Security number or bank account information, contact your financial institution immediately and let them know what has happened.

Not all fake job postings are malicious

It’s important to note that not all fake job postings are malicious. Many recruiters use fake job postings as a way to research the job market or to build up a database of potential candidates for future openings. Although this practice may not be ethical, it is not necessarily malicious.

In many cases, recruiters will use fictitious job postings to gauge interest in a particular role or to assess the skills and qualifications of candidates.

In other cases, they may use fake job postings as a way to attract talented individuals who might not otherwise consider applying for a position. While there is no doubt that this practice can be misleading, it is important to remember that not all fake job postings are created with malicious intent.

You should still be cautious though, and it is best not to apply to these types of jobs if you are suspicious about a listing.

Final thoughts

Fake job postings on Indeed and other job boards are becoming increasingly common, so it’s important to be aware of the signs of a scam. By following the tips above, you can help protect yourself from becoming a victim of fraud.

If you think you may have been scammed, don’t wait, make sure you immediately start doing what you can to minimize the damage that a bad actor can cause.

If you are an employer reading this, make sure to offer cybersecurity awareness training to your staff so that they can be prepared for different types of social engineering attacks.

Watch our On-Demand Cybersecurity Webinar

Google Ad Grant Guide 2022

Google Ad Grant Guide 2022

Andrew Wirtz, Search Nonprofit

Search Nonprofit has created a guide on the Google Grant Program, a Google Ads program for registered 501c3 nonprofit organizations, from how to qualify to ad guidelines for 2022.

What Is The Google Ad Grant?

The Google Ad Grants Program is an amazing opportunity for all nonprofits, as it requires very little to acquire, and qualify for the grant. This program gives qualified organizations $10,000 per month in in-kind credit within Google Ads to be used to promote their vision and mission within the Google search engine.

To qualify, companies must go through the application process and maintain grant requirements to avoid termination of the grant. The qualifications are:

To be eligible for Google Grant an organization must:

  1. Hold current and valid charity status (for example, in the US you must have a current 501(c)(3) status). If you’re not in the US, you still qualify! Check your country’s definition of charity status.
  2. Acknowledge and agree to Google Grant’s required terms regarding how to receive and use donations obtained from the grant.
  3. Have a secure website (https) that is both functioning and provides adequate detail on your nonprofit.

The following organizations are not eligible for Google Ad Grants:

  • Governmental entities and organizations
  • Hospitals and medical groups
  • Schools, childcare centers, academic institutions, and universities

How to Maintain Your Google Ad Grant

Once you’ve scored a Google grant, the tricky part is maintaining it. Below are some of the basic requirements to maintain eligibility.

  • Maintain a 5% account CTR.
  • Keyword quality scores cannot be below 2.
  • There must be at least 2 active ad groups per campaign.
  • There must be at least 2 sitelink ad extensions.
  • Account must have specific geo-targeting.
  • No using single-word keywords, except for those on this list, and no using overly generic words.
  • Automated bidding strategies can break the $2.00 bid maximum.
  • An account must be logged in at least monthly and have one or more changes implemented every 90 days. If you don’t display active management, Google will suspend your account and you’ll have to request to be reinstated.

All the ads in your account must link to the nonprofit URL that was approved in your application process. Search Nonprofit can also help you get websites approved that aid your nonprofit’s mission. These are domains that are different from the approved URL in your application. This could be a website for an annual conference, a fundraiser, or even a project!

The key to Google Ads management is making sure you don’t fall out of compliance. Logging in to the account weekly and checking all of these requirements is recommended. If a nonprofit advertiser does not log into their Google Ads account for an extended period of time, the account may be terminated without notice.

The ads you are promoting must reflect the mission of your nonprofit. You can advertise to sell products as long as 100% of the proceeds are going to support your program. The ads you create cannot point to pages that are used to primarily send visitors to other websites.

Your ads cannot offer financial products, such as mortgages or credit cards. Your ads also cannot be asking for donations in the form of large goods such as cars, boats or property donations. Keywords related to this activity are also not allowed.
Your website cannot display ads from Google AdSense or other affiliate advertising links while participating in Google Grants.

Google states that any violation of these guidelines is subject to removal from the program. They also reserve the right to supplement or amend these eligibility guidelines at any time.

Google Grant Maintenance

To keep the Ad Grant requirements met, daily budget will need to be set at $329 ($10,000 per month) and you cannot have keywords with a Max CPC of over $2.00. This is not the case if you are using a smart bidding strategy such as Max Conversions, tCPA, or Max Clicks. Your ads can also only appear on Google search results page – you cannot enable Search Partners and unfortunately, you are not eligible for the Display Network either. The Google Ad Grant only works with search text ads.

With the basics out of the way, we have included 5 key components to Google Ad Grant management.

1. Conversions Are Key

Google Ads has evolved to focus on higher conversion rates rather than focusing on how much an advertiser is bidding on a given keyword. Whatever your CTA (Call to Action) is – donation, newsletter sign up, volunteer application – Google will push you towards smart bidding strategies like Target CPA, Maximize Conversions, and Maximize Conversions with a tCPA to see what keywords are

Together with your team, Search Nonprofit can help pin down which actions you want to see made on your site and what keywords will help get them there!

The next step is to set up conversion tracking. You’ll be able to see and measure the visitor’s journey from the moment they click on your ad to when they convert! This can be done through tags on your website, Google Analytics conversions, or Google Tag Manager which Search Nonprofit can implement from start to finish.

2. Careful Keyword Selection

Keyword research is the foundation to a strong Google Ad account. When crafting your keywords by ad group, you want to make sure to use high volume keywords with lower competition. Start by looking at the terms you use on your site in SEO pages, and use an SEM keyword research tool like Google’s Keyword Planner to find the volume of each keyword. You can also use tools like SEM Rush, Keyword Tool, etc. There is no use creating ad groups for keywords with zero search volume per month, and while it may be relevant to your nonprofit, you have to verify it’s what the public is searching for!

Broad keywords like “donation to nonprofit” “nonprofits near me” or “events in my area” are not going to be effective ways to get conversions. If you use keywords like this, it’s likely that your ad won’t be shown and your CTR may drop below 5%!

Because so much of the Quality Score and CTR is determined by the relationship between keywords, ads themselves and the content on the landing page, it’s essential that you create highly specific campaigns that utilize long-tail keywords with a clear landing page in mind.

3. Landing Pages From Google’s Perspective

Sending your ads to a landing page that matches the keyword and ad copy you create is essential. In other words: it must accurately reflect what is promised in your ad. Sending your ads to your homepage is not effective, as you need the keywords you’re serving to be on the page multiple times. Ensure your landing pages are fast, functional, and relevant. Test ad copy to improve your expected click-through rates and aim for Excellent Responsive Search ads when crafting your campaigns. These steps will ensure your keywords have a Quality Score of 2 or better.

Using a landing page with only a video, calendar, PDF file link or embedded widget on it is also not effective. Google has to crawl your site to ensure relevancy to the keywords being served. This is done only through reading the copy that is on that page. If you don’t have writing with that keyword on the page, Google cannot watch a video to see that it is related!

A good rule of thumb is to have these elements:

  • Have one strong call to action with the button or form to fill out.
  • Have no links or buttons to other pages.
  • Have a clear and compelling title and your logo.
  • Include images or videos
  • Use the keyword and variations on that keyword 3-5 times

4. Organize Campaigns and Ad Groups

Campaigns are the top level of organization of your ads. Under campaigns you have ad groups which house keywords and ads. A rule to follow is that all of the ad groups within a campaign should lead to the same landing page. Ad groups should also only have a maximum of a dozen keywords in them. Any more, and you likely can split these out into separate ad groups with greater focus!

For regional focused nonprofits, creating a campaign with geo-targeting around that region is key! Your overall budget, bidding strategy, geotargeting, and start and end dates are all set at the campaign level, not the ad group level.

The final thing to avoid is overlapping keywords. You don’t want the same keywords in different campaigns or ad groups. Having duplicates confuses Google and hurts your overall account performance.

5. Measure Google Ad Success and Grow

Great campaigns are built on analyzing data and making changes over time. Link your Google Ads account to Google Analytics so you can analyze which campaigns and keywords are performing the best.

Pause keywords with low conversion rates and high spend. Look at Search Terms and add relevant or high-performers queries (high CTR or conversions) as keywords. Build landing pages around these search terms that may be missing from your website!

Regularly evaluate the effectiveness of your campaigns and find the time to update your site. If you follow these steps you will be spending your maximum $10,000 in no time and seeing your conversions grow!

Phishing: Protect Yourself from a Social Engineering Attack

Phishing: Protect Yourself from a Social Engineering Attack

Phishing is one of the most common and well-known social engineering techniques. It’s the process of sending emails (or texts, which is known as smishing) appearing to be from reputable sources in an attempt to get someone to reveal personal information.

These can take the form of emails seeming to come from coworkers, or impersonating reputable brands such as Google and Microsoft or government institutions such as the IRS. The idea is that you will see something familiar and won’t look too closely.

phishing example 1
Source: Phishing Examples | Phishing.org

What is phishing and how does it work

Phishing is a type of social engineering attack that seeks to collect personal information such as login credentials or credit card numbers by pretending to be a trustworthy entity. The attacker will typically send an email or message that appears to come from a reputable source, such as a financial institution or popular online service.

The message will often include a link that leads to a fake website that looks identical to the real thing. The user is then prompted to enter sensitive information, which is then collected by the attacker.

Phishing attacks can be difficult to detect, but there are several warning signs to look out for, such as suspicious links or email addresses, grammatical errors, and unexpected requests for personal information.

phishing example 3
Source: The Most Common Examples Of A Phishing Email | uSecure

If you suspect that you may be the target of a phishing attack, do not respond to the message and immediately report it to your IT department or security team.

The most common types of phishing attacks

There are a few different types of phishing attacks, but the most common ones include:

  • Spear phishing: This type of attack is targeted at a specific individual or organization. The attacker will often do research to collect personal information about the target before sending the email.
  • Whaling: This type of attack targets high-profile individuals within an organization, such as executives or CEOs. The attacker will typically send a spear phishing email that appears to be from a trusted source, such as a government agency or well-known company.
  • Clone phishing: This type of attack involves cloning an existing email that was previously sent by the target. The attacker will then replace any links in the email with their own malicious version.
  • Phishing kits: This type of attack uses pre-made templates and scripts that can be easily customized. The attacker will often host the kit on a server and send out mass emails in an attempt to infect as many people as possible.

How to protect yourself from phishing attacks

There are several steps you can take to protect yourself from phishing attacks, including:

  • Be aware of the signs of a phishing email. Suspicious links, grammatical errors, and unexpected requests for personal information are all red flags.
  • Do not click on links or open attachments from unknown sources. If you’re unsure about the sender, confirm their identity by independently contacting them.
  • Keep your software and antivirus up to date. Outdated software can have security vulnerabilities that can be exploited by attackers.
  • Be cautious of public Wi-Fi. Hackers can set up fake Wi-Fi networks in public places in order to collect login credentials and other sensitive information.
  • Report any suspicious emails or messages to your IT department or security team. They will be able to determine if it’s a real phishing attack and take appropriate action.

What to do if you fall for a phishing attack

If you think you may have responded to a phishing email or clicked on a malicious link, there are a few steps you should take:

  • The very first thing you should do… TAKE ACTION! Do not be embarrassed or afraid to tell your IT department, they can’t take action to help you if they are unaware of the issue. 
  • Change your passwords immediately. If you used the same password for other accounts, be sure to change those as well.
  • Run a virus scan on your computer. This will help identify any malware that may have been installed without your knowledge.
  • Enable two-factor authentication (if available). This adds an extra layer of security to your account and makes it more difficult for attackers to gain access.
  • Keep an eye on your credit report and financial statements. Watch for any unusual activity that could indicate fraud or identity theft.

How to report a phishing attack

If you receive a phishing email or text, do not respond to it! You should report it to your IT department or security team immediately.

You can also report phishing emails to the FTC at ftc.gov/complaint. And if you get a text message that looks like phishing, forward it to SPAM (7726).

When in doubt, throw it out! If you’re unsure about an email or text, don’t take any chances. Delete it and move on. After all, it’s just a message.

By being aware of the signs of phishing and taking steps to protect yourself, you can help keep your personal information safe from criminals.

Resources on further reading and training

Wrap Up

Phishing is a well-known social engineering technique that uses emails (or texts) to try and get someone to reveal personal information. The goal of a phishing attack can be anything from getting you to open a malicious attachment, stealing your login credentials, to just plain stealing.

phishing example 2
Source: Phishing Examples | Phishing.org

There are several steps you can take to protect yourself from phishing attacks, including keeping your software and antivirus up-to-date, being aware of the signs of a phishing email, and reporting any suspicious messages immediately.

If you think you may have responded to a phishing email or clicked on a malicious link, there are some things you should do immediately, such as changing your passwords and running a virus scan. It’s important to remember that taking action is the best way to protect yourself from these types of attacks.

While phishing attacks are the most well-known type of social engineering attack, it’s important to be aware of the other types of attacks that exist. By being informed and taking steps to protect yourself, you can help keep your personal information safe from criminals.

If you are interested in cybersecurity awareness training for your nonprofit organization, or would like to speak to our cybersecurity experts about your security, contact us here.

Watch our On-Demand Cybersecurity Webinar

How Often Should You Restart Your Computer?

How Often Should You Restart Your Computer?

There is no one-size-fits-all answer to the question of how often you should restart your computer. It depends on a variety of factors, including what type of work you do on your computer, how many programs you have running at once, and how long it’s been since your last restart. In this blog post, we will discuss the benefits of restarting your computer regularly, and offer some tips on when to do it.

The benefits of restarting your computer regularly

Despite being a relatively simple task, restarting your computer on a regular basis can have a number of benefits. For one, it can help to improve the performance of your computer. Over time, your computer can start to slow down as programs and files build up in the background.

Restarting gives your computer a chance to clear out these unnecessary files and start fresh. Additionally, restarting can also help to fix any glitches or bugs that may have developed. If you’ve been experiencing odd behavior from your computer, a restart may be all that’s needed to get things back on track.

Finally, restarting can also help to ensure that updates are properly installed. Whether it’s a security patch or a new version of your favorite software, restarting ensures that the update is applied correctly and doesn’t cause any conflicts. So next time you’re feeling frustrated with your computer, remember that a simple reboot could be the solution.

When to restart your computer for the best results

Computers are now an essential part of daily life, and most people use them for a variety of tasks every day. However, like all machines, computers require regular maintenance to keep them running smoothly. One important task is restarting your computer on a regular basis. Wondering when the best time to restart your computer is? Here are a few guidelines to help you out.

If you’re noticing that your computer is running slower than usual, or if it’s having trouble opening programs, restarting it can often help. This is because restarting clears out any excess files or programs that may be taking up space in your computer’s memory. Additionally, if you install a new program or update, it’s always a good idea to restart your computer to ensure that the changes take effect.

In general, you should aim to restart your computer at least once every week.

If you use your computer for more resource-intensive tasks, such as video editing or gaming, you may want to restart it more frequently. However, if you typically only use your computer for basic tasks like browsing the web or checking email, once a week should be sufficient.

By following these guidelines, you can help keep your computer running smoothly for years to come.