In the August 30, 2016 Ask The Headhunter Newsletter, a reader cautions you to think twice before sending your information to “headhunters” you don’t know. They’re likely scammers.


scammersI recently had an experience with a headhunter(?) I do not know who sent me an unsolicited pitch to look at a job listing in my field in my city. The pitch was sent via LinkedIn with an attachment. I do not open attachments from people I do not know. This brings up the issue of cyber security in dealing with any kind of pitch about a job.

To confirm who I was dealing with, I called the main office of the headhunter’s firm. I got an answering service. Then I called the number the headhunter posted on LinkedIn, but got a vanilla message which did not identify the headhunter or the firm.

A reputable headhunter:

  • will have a voicemail message that clearly identifies the office and the person.
  • will not send an unsolicited attachment via LinkedIn.

Social media has been used successfully by hackers and scammers to mimic real identities to get unsuspecting people to open attachments that contain malware. For high-tech firms, like the one I work at, these kinds of threats are well understood.

However, with the rise of ransom-ware and other forms of hacking for profit (e.g., stealing bank and credit card account information) the use of social media for social engineering is a real threat.

I suggest you post some advice for your readers about cyber security and how to avoid being taken in by scammers.

By the way: LinkedIn is a good vector for this type of social engineering attack because many people access it from work. If they open a malware-infested attachment, it could compromise a work computer along with its intellectual property secrets. So far, there has been no response to my voice mail replies to the headhunter, and I never touched the file attachment on LinkedIn.

Some headhunters who send unsolicited attachments might just be clueless. On the other hand, my experience is most recruiters send the job description after they’ve qualified the prospect as being interested, available, and a possible match for the job, not before. Do you agree?

Nick’s Reply

I agree, and you just wrote the warning you’ve asked me to give about e-mails soliciting you for anything. It’s all the more important when a scammer is connecting via LinkedIn to imply credibility.

Most likely, that’s not a headhunter at all, but a phishing expedition. It’s how scammers obtain personal information they can use to steal your identity. We can’t blame headhunters for something like this, because such scams routinely mimic anything that might lead a sucker to open an e-mail and an attachment.

(Let’s not leave the HR bogeyman out of this nightmare. See Big Brother & The Employment Industry: “All your employment are belong to us!”)

However, because the cost of entry to the headhunting business is virtually zero, we’re faced with loads of stupid, inept, and sometimes unsavory “headhunters.” I’d say 95% of those purporting to be headhunters are not. The most common among these are idiots dialing for dollars. (See Why do recruiters suck so bad?) They will solicit thousands of people they know nothing about via mailing lists. As you’ve noted, any good headhunter will know quite a bit about you prior to making first contact, or why would they bother spending their precious time?

2 rules of thumb

I think there are two cautionary notes here — call them rules of thumb to keep you out of trouble. First, assume any e-mail or attachment is a phishing tool. I think that’s a reasonable rule because most e-mail is junk of one sort or other. Very few mails constitute “signal.” Most are noise. So, be skeptical all the time and be very careful.

Second, if it’s a real headhunter, apply basic common sense and business standards. If the mail is from a headhunter you don’t know who clearly doesn’t know you, it’s probably a waste of time. Just because you really, really want a headhunter to find you a job doesn’t make it so. It just ups the odds that you’ll get suckered.

Drop this bomb on the headhunter

To test the sender, simply ask one of the many qualifying questions I list in How to Work With Headhunters… and how to make headhunters work for you. For example, drop this bomb:

“Please give me the names and contact information of 3 people you’ve placed and 3 managers who have hired through you.”

A good headhunter knows how to instantly defuse it by gaining your respect. He’ll ping you back to make sure you’re not going to waste his clients’ time — then he’ll give you his references. The rest aren’t worth dealing with — your question is like a bomb going off on their party. They know it’s all over.

If you’re considering doing something silly just because someone told you to — like clicking on an unknown attachment — ask yourself whether you’d do it in any other business context. If not, then don’t do it. (Would you hire a contractor to remodel your kitchen without checking some references first?)

Beware of fools

Of course, there’s another category of scoundrel — the naïve headhunter who doesn’t consider the risks she asks prospective candidates to take when she sends them solicitations. She’s not worth dealing with, either, because she’s the fool who will accidentally contact your current employer and present your resume for an open position — and possibly get you fired.

How to test for scammers

What you did to test for a scam is what I suggest in HTWWH:

  • Google the name of the person who solicited you. Is there evidence the person is affiliated with the firm?
  • Google the firm. Is the headhunter that contacted you listed on its roster?
  • On the firm’s website, look for names of the owners and for a bricks and mortar address.
  • Look up the individuals named, and find the address on Google Maps.

Then ask, does it all add up?

  • If there’s no connection between the headhunter and the firm evidenced online, don’t respond.
  • If the firm’s website does not list any names, or a street address, or any contact information that you can verify through an independent source, run. (If you do find an address on Google, there should be multiple references to it, or it’s probably phony.)
  • While some good headhunters work out of their homes and prefer not to list an address for privacy reasons, they should at least have a verifiable post office box.
  • Any real headhunter will have a verifiable phone number and friendly voicemail. Only a scammer doesn’t want to take your call!

referencesDid I say check references?

As you found, in most cases there’s no “there” there. If the headhunter fails these tests, checking those references is absolutely critical.

These tests are not sufficient, but they are necessary and they’re a good start when performing due diligence. It’s not hard to determine whether someone is legit, but it’s very easy to be gullible and to get suckered. In this case, a fraud has contacted you — but people should expect that most e-mail solicitations are frauds. The trouble is, most people rationalize: “Hey, I don’t want to miss an opportunity! Besides, this was through LinkedIn.”

Wishful thinking and the pain of job hunting turn people into suckers. (LinkedIn does not confer legitimacy.) “Headhunter” is just another mask scammers wear because they know you’d love a new job. And random job solicitations are just another sign of lousy headhunters that aren’t worth your time or consideration.

(For more on this topic, see How to work with headhunters.)

Did you ever get scammed by a headhunter? Was it even a real headhunter? How do you vet job solicitations?

: :

  1. Nick,

    I have another kind of filter I use when I sometimes get a call or emails from recruiters. My rule of thumb is not to respond. If they are truly serious, they will try back again. That is when I would begin to put your suggestions into place.

    • Tony: That’s a great test. Any legit headhunter who is really interested in you will not stop with just one call if you don’t respond. They will try contact you again because you could be a valuable placement for them. I like that. Most people are just so excited when a headhunter gets in touch that they can’t control themselves. Just shows you how desperate many people are — not just for a job, but for someone else to get it for them!

      • Nick and Tony – while that may be a great test, I disagree that it’s THE great test. If candidates want to vet me after I’ve contacted them, they simply need to scope out my recommendations on LinkedIn and that should tell them I’m legit. Bigger firms and sometimes more desperate headhunters might, just might be the ones who strongly pursue – like dialing for dollars. Instead I’d suggest evaluating their messaging to you and following more of Nick’s guidelines. For me, I sometimes feel like I want to be persistent but not pushy – and so don’t want to contact too much. This does enlighten me also – as I will consider doing both!

  2. I always asked the headhunter to tell me what field I was in. One did, and I got a job through him. But most had no clue. Even if they were legit they were lazy (I was very easy to Google) and who wants a lazy headhunter.
    Those who did know I asked to mail me information, and I built a list in case I ever wanted another job.

    • Scott: I used your tip at a workshop I did last night. An IT guy loved it, got it instantly. Thanks. It’s hard for people to understand that a legit recruiter will jump through a few hoops to get to you. Those are the only ones you want to talk to. Setting a bar like that raises your chances of a win dramatically. The problem is, job seekers lower their standards when employers do.

  3. Agree with comments so far.

    One can usually tell how much homework one has done based on their initial communications – if it looks like a standard form letter it usually goes into the “Ignore” pile. Sometimes, I do reply (if it’s non-Indian), just to get some intelligence – If I haven’t heard of the person/company, I’ll ask some very specific questions like pay rate, telecommuting, contract vs. perm and so on.

    • Dave: That’s a great way to get a little something from those calls. If they name the comapny, try telling the recruiter you know some people there, then ask who the manager is. Most won’t tell you, but hey, if they’re fishing, you can fish, too. Sometimes you’ll get a bite.

    • Dave, you and I use some of the same filters. One of the first is English spelling, punctuation and syntax. You are going to pick at my resume with a fine-tooth comb, I’m going to review your email with the critical eye of a native English speaker who has gotten a grade or two in composition courses. (There is a coffee cup somewhere that would be a good guide to start with, and I can’t post it here unfortunately. For starters, let’s keep the polar bear off the rifle range, keep grandma alive, and keep Uncle Jack out of jail.)

      I’m dong fine today, thank you.
      No, I’m not interested in your “priority-necessary” 2-week assignment in Kaktovik, Alaska in December.
      No, I can’t be “flexible” at less than what I’m making now. I’m likely being paid less than market rate, and no, you don’t need to know what that is.

      … and pretty soon I have hit the delete button.

      I have yet to hear from a real headhunter. Most of what I see are from recruiters who haven’t placed anyone in living memory. I figure if I’m lucky before I retire I’ll hear from some headhunter who had a directive to “get that sarcastic S.O.B. in here now!!” Or not.

      • L.T.: Wish I had a client for you. Somebody would love you for the S.O.B. you are and pay for it happily :-)

  4. I don’t think the “recruiters” who appear through StinkedIn are necessarily “scammers,” they’re just useless idiots trying to look like they’re working so they can collect a paycheck. I got this email thru StinkedIn a few months back: “Are you in the job market and can we schedule a time to speak about a Senior Interaction Designer/UX Designer opportunities in Boston, MA that appears to be a great fit with your background and experience? I have a full job descriptions I can share with you but I am not able to attach it to this message on LinkedIn. If you would like to learn more please reply to [email] or you can call me directly at [number]” Based on how poorly worded it was I’m guessing it was one of those “mad libs” type of form emails generated by our friend the algorithm. Here’s how I replied: “Thank you for your email, unfortunately my background is not in UX design. I am a graphic designer with an emphasis on motion/video and presentations. As my LinkedIn profile has no viewers today, I’m curious as to where you reviewed my background/experience…” I received no reply (was tempted to leave her name/info in the above paste).

    • “As my LinkedIn profile has no viewers today, I’m curious as to where you reviewed my background/experience…”

      Of course not.

      Sometimes it is fun to ask these sorts of questions to “rate” the recruiter/company.

      For example, the most recent one I tried this on, was a generic posting probably spammed to several people. To his credit he called and then sent an email. As the position is 70 miles away from me, I shot him back 3 questions that the job positing did not address – Perm/Contract position, Pay rate and telecommuting. He only answered the first one (perm/contract). I followed up with him asking about the other two and explicitly stated that I am about 70 miles away from the town. I haven’t heard anything since I sent that follow up.

    • sighmaster: I don’t think MadLibs are programmed to respond…

  5. Everything said is pretty much right on and yes, there are legitimate ‘recruiters’ who lack the experience/sophistication to know how to ‘professionally’ approach a target recruit. All you can do is take those one step at a time to see if they are, in fact, representing an actual client opportunity that may suit you.

    Only one point:

    “While some good headhunters work out of their homes and prefer not to list an address for privacy reasons, they should at least have a verifiable post office box.”

    Prior to 9/11, any Post Office box number described in an advertising in the public domain could be ‘verified’ simply by asking the Box Supervisor for that zip code’s post office to give you the name and address of the Box Holder. (On occasion, especially in NY, they would balk and it would take citing the appropriate P.O. Rule and/or Administrative Order to remind them they ‘must’ give out this information.)

    Unfortunately, since 9/11, and although there may be exceptions, the Post Office will no longer routinely agree to give this information out over the phone. You may have to actually drive to that post office or, if that is not possible, explain to the Box Supervisor what you are trying to confirm and perhaps they will do the best they can to assist you. But as I said, this is no longer something you can rely on.

  6. I’ll try my best to contain my cynicism toward headhunters. When I was unemployed I got lots of cold calls and emails from headhunters in and out of LinkedIn. But I never heard from them again. They just wanted to add my resume to my inventory.

    When I applied to a job advertised by a headhunter, I rarely heard back from them. And if I did, it was always the same, rehearsed shpiel that I’m one of their top candidates, etc. And that was the last I heard from them. Again, just adding my resume to their inventory.

    Sometimes they would call me to ask if I knew someone who could be good for an open position they had – asking me to help them do their jobs.

    So if you ask me, most headhunters are scammers whether you find them on LinkedIn or not. I’m sure there must be some truly good ones out there, but the effort needed to find them is not an efficient use of time. The real way to find work is through personal connections. That’s the best way to find a job you love. I’m not talking about shallow hellos you say at networking groups.

    No headhunter will do for you what a personal relationship will do. Get out there and meet people. Be yourself, be genuine and make those connections. It worked for me. And I do apologize if I sounded cynical.

    • Bulldog: As I pointed out, the cost of entry to the “headhunting” business is virtually zero. Hence it attracts anyone who thinks they can make a fast buck. Many of these people run “firms” that hire bullpens of untrained telemarketers who use e-mail more than the phone. In some cases, they’re really just phishing for as much personal info as they can get about you. Added to their other “big data,” it becomes valuable. In other cases, they actually submit you en masse to their “client.” That e-mail exchange merely serves to establish that they “represent” you and have a claim on a fee if you get hired. Keep in mind that in the bulk-mail marketing biz, a 1% hit rate is considered good. This is no different. They’re playing the numbers.

  7. It happened to me. About a year ago I got an “invitation to join the recruiter’s network” from a company in Japan, I was very excited as I was actively looking for a job…I checked the company in Google and turned to be legit then I assumed the recruiter was legit as well. I got suspicious when I requested more info about the position and was not given a straight answer except an urge to get my personal information…I went back to google, did a deeper search and found the company’s warning note in that regard, luckily I got it on time and no harm was done except my bruised ego and indignation.
    After that I opened a ticket to LinkedIn customer support briefing them on the incident, as a fake profile is a violation of the site’s policies. They asked me to give full disclosure and I submitted every single email and explained in detailed; after a couple days I went back to the ticket asking for any outcomes on the “investigation” and just got nothing from them, just brushed me off, I was expecting an answer stating if they closed the account, but just got silence… If LinkedIn keeps sending me solicitation emails to buy the premium subscription, why can’t they send informative emails to raise awareness on cyber security? Needless to say I quit it and I can assure you they won’t get a single penny from me ever.

  8. I wasn’t scammed exactly, but a headhunter called me, interviewed me, asked for my references, and immediately called them to solicit business. This was about 20 years ago. I found out by one of my references informing me.

    Since then, I never give out my references unless I have an interview with the hiring manager. I tell the recruiter that I’ll supply them directly to that person. I also don’t enter the information on online applications. If I can’t apply for the job online without giving that information, I don’t apply.

    • Susan: That a caution I offer frequently here. In a rush to please a headhunter they don’t know, people quickly fork over all kinds of information that they should withhold until they vet the headhunter. A hh that’s seriously interested in you will give YOU references from his or her clients, and will not be in a huge rush. So check them out.

      And that’s just one “gotcha” about working with headhunters. There’s lots more in my PDF book, “How to Work With Headhunters… and how to make headhunters work for you.”

      Thanks for sharing that story!