Identifying Job Red Flags

McDonald's trusted an AI chatbot with 64 million job applications. Hackers needed just six keystrokes to access them all. ➡️ I've seen plenty of security failures, but this one takes the McFlurry. Security researchers just exposed how McDonald's AI hiring platform left millions of job seekers' data vulnerable—protected by a password that would embarrass a middle schooler: '123456'. ➡️ The platform, built by Paradox.ai, features an AI chatbot named Olivia that screens applicants through McHire.com. Researchers Ian Carroll and Sam Curry discovered they could access 64 million application records simply by guessing administrator credentials. ➡️ No multifactor authentication. No security checks. Just instant access to names, emails, phone numbers—everything applicants shared while desperately trying to explain their job experience to a confused chatbot. ➡️ The breach reveals a darker pattern in our rush to automate everything. We're handing over sensitive human moments, like job applications, to AI systems secured with less care than your Netflix account.This incident crystallizes three uncomfortable truths about our AI-powered future: 👉 Companies deploy AI for efficiency but forget basic security fundamentals 👉 The most vulnerable data often belongs to those seeking entry-level work 👉 Human oversight remains critical when machines handle human dignity ❓ When we delegate human processes to machines, we inherit new responsibilities, not shed them. As we accelerate toward AI-mediated everything, here's my question: Should companies be required to match their security investment to their automation ambitions? Read the full article on WIRED: https://lnkd.in/g8sB7xnT #Cybersecurity #AIEthics #DataBreach #FutureOfWork #Privacy #Automation ---- 💡 𝗪𝗲’𝗿𝗲 𝗲𝗻𝘁𝗲𝗿𝗶𝗻𝗴 𝗮 𝘄𝗼𝗿𝗹𝗱 𝘄𝗵𝗲𝗿𝗲 𝗶𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝗶𝘀 𝘀𝘆𝗻𝘁𝗵𝗲𝘁𝗶𝗰, 𝗿𝗲𝗮𝗹𝗶𝘁𝘆 𝗶𝘀 𝗮𝘂𝗴𝗺𝗲𝗻𝘁𝗲𝗱, 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗿𝘂𝗹𝗲𝘀 𝗮𝗿𝗲 𝗯𝗲𝗶𝗻𝗴 𝗿𝗲𝘄𝗿𝗶𝘁𝘁𝗲𝗻 𝗶𝗻 𝗳𝗿𝗼𝗻𝘁 𝗼𝗳 𝗼𝘂𝗿 𝗲𝘆𝗲𝘀. I dive deep into these shifts, and I can bring these thought-provoking insights and actionable strategies to your next event. If you enjoyed this content, I help audiences think bigger, adapt faster, and embrace the future with confidence. Let’s connect and talk. 🚀

If you looked at this email fast, you’d swear it came from Microsoft. Same logo, layout, tone - everything checks out. Except for one thing: The sender’s domain was rnicrosoft(.)com instead of microsoft(.)com That tiny swap of “rn” instead of “m” is what’s called typosquatting. Attackers register near-identical domains to catch people who skim their inbox too fast. What makes this effective is how subtle it is. On mobile, you barely see the full address. On desktop, your brain autocorrects it. It feels right and that’s all they need. These kinds of tricks are showing up more often in credential phishing, vendor invoice scams, even internal HR impersonations. How to handle these cleanly (real, practical steps): - Expand the full sender address every time before you click. - Hover the link to view the real href, or long-press the link on mobile to reveal the URL. - Check the Reply-To header -- scammers often route replies elsewhere. - If it’s a password reset you didn’t request, open a new tab and log in from the official site rather than clicking the email. - Forward the phish to your security team or report it (company phishing inbox / your provider’s report feature). Examples of look-alikes to watch for: swapped letters (rn → m), zero for o (micros0ft), added hyphens or extra subdomains (microsoft-support[.]com). Small habit change, big payoff. Teams that rehearse these scenarios stop reflexively clicking.

“I’m a CEO too, you know.” A friend once told me this with a wry smile. He was CEO of his 10-person startup. Then he paused: “But let’s be real - I’m not the CEO of DBS Bank.” That conversation stuck with me. Because not all titles are created equal. Singapore is drowning in inflated job titles. Recent data shows “Lead” titles jumped 38%, “Manager” postings up 24%. Salaries? Flat. One woman’s story: “Senior Manager” at 32, salary $4,200, taking meeting minutes. Her late-20s colleague? “Chief Operations Officer.” Fresh grad? “Manager.” This isn’t career progression. This is career fiction. I know a recruitment firm where everyone with 2-3 years becomes “Director of Talent Acquisition.” Sounds impressive until they try to move. A 28-year-old “Director” with 3 years experience? Hiring managers immediately know: small company, inflated title, coordinator-level work. The title becomes a liability, not an asset. Here’s what nobody warns you: In outplacement, inflated titles kill your chances. You get rejected because the title seems too junior, too inflated, or creates red flags. I’ve watched people explain their dotcom-era “Marketing Wizard” title for 25 years. Companies hand out fancy titles because it’s cheaper than raises. But it costs YOU. Future employers lowball you. You can’t take “lower” titles without looking like you’re moving backward. Your age, title, and experience don’t match up. You become unmarketable for legitimate senior roles. That “VP” title at a 15-person company just boxed you out of actual VP positions at real companies. My advice: Be cautious of small companies with big titles. Ask yourself: Will this title help or hurt me in 3 years? Would you rather be a “Director” at a startup making $5,000/month with no team, or a “Senior Executive” at an MNC making $7,000/month with actual leadership experience? The second option will always age better. Negotiate for substance, not style. Push for salary, scope, and actual reports over fancy titles. Document your real responsibilities. Be ready to “translate” your title in future interviews. And if title inflation is rampant, get your experience and leave. To fresh grads: If a small company offers you a “manager” or “senior” title straight out of school, be very careful. Your next job search will be exponentially harder when you’re 25 trying to explain why you’re a “Director” applying for mid-level roles. We need to stop pretending that inflating titles is harmless. It’s creating a generation with impressive LinkedIn profiles and unemployable resumes. Choose substance over style. Your future self will thank you. Yours sincerely, Supreme Commander of LinkedIn Hot Takes & Chief Evangelist of Calling Out BS

WORD OF WARNING JOB SEEKERS! A dear friend of mine was recently contacted by someone presenting as a recruiter about a role with a well-known software company. He provided very specific details — the role, company, salary, and benefits. He even boasted that the candidates he puts forward “always get interviews” because he prescreens their references and submits both the resume and the references to the client. Trusting the process, she provided several references. Soon after, all of those contacts received calls — not about her candidacy, but with sales pitches for the recruiter’s services. Here’s what she uncovered: there was no job. When she called the company directly, they confirmed they weren’t hiring for that role and had never heard of his recruiting firm. She documented everything with screenshots and reported him to LinkedIn. Red flags to watch for: • Requests for multiple references before you’ve had any interview or confirmation of candidacy. • A recruiter who emphasizes “prescreening” or “special access” to gain your trust. The job market is challenging enough without tactics like this. Sharing this as a reminder to all candidates: protect your network, and trust your instincts.

I'm seeing multiple posts today from full-time staffers at PEOPLE Magazine | PEOPLE.com promoting freelance jobs that require 35-40 hours/week and set hours of 9:30am-5pm. Many freelancers, including me, are rightly pointing out that these requirements are for a W-2 employee, not a freelancer. This is an example of a company misclassifying workers – basically hiring a FT employee without offering any benefits or protections and putting the tax burden on the freelancer. It's great that many of us recognize the difference and avoid these job listings, but there are also MANY writers in the comments excited for the opportunity and expressing interest. Freelancers are taken advantage of far too often by companies (sometimes unintentionally!) and pushed too far into the requirements of an employee. If you're new to freelancing, please take time to educate yourself on employee status.

He's going to quit... For the sake of privacy let's call this employee Joe. Joe was a top performer—engaged, positive, and someone his peers confided in. Management labeled him a "complainer". He’d point out how overrun meetings were unproductive, how the CEO’s morning rants were dragging down morale, and how management needed to step in because he didn’t want to be the team’s emotional sounding board. His feedback was always constructive, not complaining. He wanted things to improve. But over time, something changed... The feedback slowed. He stopped volunteering for projects. He wasn’t in my office anymore, sharing ideas. When I finally asked, “Hey, are you okay? I haven’t seen you around,” he replied: “Oh, yeah. Just been busy trying to keep my nose clean.” I flagged it to his manager, but nothing changed. Two weeks later, he resigned. Our COO asked him, “Please, tell us how we can make this work. We’ll do whatever it takes.” His answer was devastatingly clear: “I already did. You weren’t willing.” This was years ago and I still think about what I learned that day: 1️⃣ Feedback needs action. When someone takes the time to point out what’s wrong, you owe them a response—action, or at least acknowledgment. 2️⃣ Disengagement is a warning sign. When an engaged employee starts pulling back, it’s not just busyness. It’s a signal, and ignoring it is a mistake.

Job Scam Alert: My Experience in Dubai Hi everyone, I wanted to share an experience I had while job hunting in Dubai to help others avoid similar scams. Recently, I started applying for jobs using platforms like LinkedIn, Indeed, Naukrigulf, and Dubizzle. While navigating this stressful process, I encountered serious issues with Dubizzle. After creating an account, I received emails claiming I was shortlisted, but I couldn’t identify which platform the jobs came from. Following instructions in some job postings, I shared my CV via WhatsApp with 15–20 contacts. By noon, I started receiving interview invites. One interview stood out as suspicious. The office was small with 5–6 staff. The HR Manager barely reviewed my CV before explaining the role, timings, and benefits. She asked me to pay AED 500 for “documentation” and sign an agreement immediately, claiming I’d start work in February. Feeling uneasy, I called my sister. She questioned the company name, but the HR refused to disclose it until I signed. At this point, I realized it was a scam. Later, I noticed many job postings shared similar interview addresses, confirming this. Tips to Avoid Job Scams: Verify Companies: Ensure the company is legitimate and that the interview location matches its registered address. Avoid Payments: Genuine companies don’t ask for money during recruitment. Watch Communication: Startups may call first, and larger companies typically email professionally. Spot Red Flags: Be cautious of spelling errors, vague descriptions, or unprofessional messages. Trust Your Instincts: If something feels off, don’t proceed. Addresses to Avoid: M09, Abu Baker Siddique Metro Station Exit 1, Speedex Centre, Al Khabaisi, Dubai Office 418, 4th Floor, City Bay Business Centre, Near Abu Hail Metro Station Exit 2, Dubai Backside of Al Qiyadh Metro Station, in front of Al Nahda Restaurant, RKM Building M05 Office 501, Block C, Dubai Islamic Bank, Al Qasimia, Sharjah A Request to Dubizzle: Please ensure job ads on your platform are authentic, as these scams exploit people under pressure and damage trust. To Job Seekers: If you or someone you know is job hunting in the UAE, please share this message. Stay cautious, verify opportunities, and follow your instincts. Let’s look out for each other! 😊 #dubai #uae #hiring #scam #job #scamalert

One of the ways people are taking advantage of jobseekers excitement in this tough job market is through scams that appear to be legitimate jobs - we've seen this happen quite a bit at Zapier, and have had folks contact us about this issue again this week. Often, they will go to great lengths to impersonate the real company, using real employee names and a similar domain. So here are some ⛳️ to look out for - please remember them, and share with your friends if you think they may be falling for a scam! 1. The domain the email comes from does not match the company's actual domain. For example, instead of zapier dot com, the email comes from zapier dot mobi or zappier dot com or something like that. 2. You are contacted about an interview for a job you didn't apply for. If you didn't apply and they claim you did, it's a scam. 3. You are contacted about a job that's a stretch or seems to good to be true. When recruiters source, they are generally looking for people that meet all the many qualifications a hiring manager has so it's unlikely they will contact someone without really relevant experience. Companies are not paying $70 an hour for someone to do data entry work from home. If it sounds too good to be true, it is. 4. The interview process takes place via skype, whatsapp, telegram, etc. and you never actually talk to anyone live before receiving an offer. Companies are not hiring people to do important work and have access to their systems without meeting them live and thoroughly vetting their qualifications. 5. Communication is coming at odd times. The person is supposedly based in the US, but is responding to your messages at midnight as an example. I've seen these scammers go to significant lengths to appear legitimate: - create LinkedIn accounts and connect with current employees so they appear to be real employees - use the names of actual employees in their communications - create websites to increase the appearance of legitimacy I think in most cases, jobseekers who fall for these scams know something is off. But they want to believe it because they are so hungry for an opportunity. My suggestion however is to take a few minutes to do some research. When in doubt, email the company (for most companies, this will be something like "jobs" or "recruiting" at company domain), or submit a concern to the company's support page so they can look into it. And if you do end up the victim of one of these scams: 1. If you set up some sort of account or gave them a password, change all your passwords. 2. If you provided any bank account or identity information, contact your bank, freeze your credit, and consider identity theft protection. 3. Contact the company being impersonated - we can at least take steps to get the fraudulent domain shut down and remove the impersonator. I really hate that this is even something jobseekers are dealing but hopefully these tips help you avoid falling victim to these scams!

Last week, a job seeker told me: “Sneha, I paid for ‘training material’ and never heard back from the recruiter.” Unfortunately, her story isn’t unique. I hear versions of this every single week. The reality is, fake job offers are on the rise. And scammers don’t prey on intelligence. They prey on desperation. Even the smartest professionals can get trapped if they don’t know the red flags. Here’s how to protect yourself 👇 🚩 Red Flags of Fake Job Offers 1️⃣ Unrealistic Salary → If it sounds too good to be true, it probably is. 2️⃣ Upfront Payment → No legitimate company asks you to pay for training, equipment, or background checks. 3️⃣ Suspicious Email IDs → Look for mismatched or fake domains (e.g., @company-careers.com instead of @company.com). 4️⃣ Vague Job Descriptions → Full of errors and no clear responsibilities. 5️⃣ Pressure Tactics → “Offer expires today.” Real employers give you time to decide. 6️⃣ Early Personal Data Requests → No company asks for bank details or SSN before interviews. 7️⃣ Text-Only Interviews → Legitimate employers conduct face-to-face or video interviews. 8️⃣ No Digital Footprint → A company with no LinkedIn presence or a website created last month? ✅ Quick Safety Checklist Before Accepting Any Offer ✔ Google the company & recruiter name. ✔ Cross-check salary ranges on Glassdoor, LinkedIn, or Naukri. ✔ Verify the recruiter on LinkedIn. ✔ Ask for an official offer letter on company letterhead. ✔ Never share sensitive details until an official process is in place. Job hunting is stressful enough. Don’t let scammers take your hope or your money. Stay vigilant. Protect your time, energy, and future. 👉 Have you or someone you know ever received a fake job offer? Share your experience, it might save someone else. P.S. Your job search should feel empowering, not risky. For more updated insights, strategies, and step-by-step frameworks to stay safe while growing your career. 📌 Join my Career Spotlight Group - https://lnkd.in/gB22r3_b

I've been freelancing here and there, and I'm grateful for every small opportunity that comes my way. However, I feel it's my responsibility to warn you about certain things you might encounter during this "drought season." Maybe my prolonged situation happened for a reason—so I could warn others about the real potential dangers out there for artists in general. Here are some of them: 1) Recruiter Scammers These people appear on LinkedIn the very second you post your availability for work. Ignore them at all costs. They don’t know you. Use your judgment—if they don’t come from the industry you’re looking to work in, they’re not legitimate. 2) "Draw My Husband" Scammers These scammers typically reach out via email, asking for a commissioned artwork to "surprise their husband" (or wife) and offering payment in advance. Don't fall for this! It’s a scam. No one offers money upfront like this. These schemes often lead to money laundering. 3) Fake Interviews from Scammers (A newer scam in the community!) They set up an interview that leads nowhere, often using Zoom filters to hide their background. In my case, I could see through the filter—the guy was in a run-down apartment with a single flood lamp, meaning he likely had no electricity. Again, they’ll offer money in advance, which will eventually turn into a money laundering scheme. Use your judgment—research their company on Google and verify if their email is from a real studio. 4) “Everyone Has an Animation Studio Now!” With major studios in an inexplicable hiatus, smaller studios are searching for talent everywhere. Now, not all small studios are bad or unprofessional—I’ve worked with fantastic ones run by wonderful people. However, I’ve also encountered so-called "studios" that are just one person with little to no budget. So, be wary of "John Doe Studios" talent-seeking ads—they're not always what they seem. Always verify the legitimacy of a studio before accepting a job. 5) People Who Send Unsolicited Scripts These are everywhere. They email you a script and ask you to read it to see if you're interested. CAREFUL! NEVER read or accept unsolicited material. It can put you in legal trouble. 6) "Dreamy" Commissions A fantastic commission suddenly appears—one that will definitely pay the bills. And they’ll pay via PayPal! Sounds great, right? Wrong. If you don’t personally know and trust the client, do NOT accept payments directly to your PayPal account. Here’s why: The scammer pays you a large amount from their credit card, then reports the transaction as fraudulent, and PayPal reverses the payment—leaving you with nothing. To protect yourself, use a PayPal Business account and offer a protected payment link or an official PayPal invoice. This way, there’s evidence of the transaction. There are many more scams out there, but these are some of the most common. Stay cautious, stay informed, and above all—value your work!