Identifying Job Red Flags

McDonald's trusted an AI chatbot with 64 million job applications. Hackers needed just six keystrokes to access them all. ➡️ I've seen plenty of security failures, but this one takes the McFlurry. Security researchers just exposed how McDonald's AI hiring platform left millions of job seekers' data vulnerable—protected by a password that would embarrass a middle schooler: '123456'. ➡️ The platform, built by Paradox.ai, features an AI chatbot named Olivia that screens applicants through McHire.com. Researchers Ian Carroll and Sam Curry discovered they could access 64 million application records simply by guessing administrator credentials. ➡️ No multifactor authentication. No security checks. Just instant access to names, emails, phone numbers—everything applicants shared while desperately trying to explain their job experience to a confused chatbot. ➡️ The breach reveals a darker pattern in our rush to automate everything. We're handing over sensitive human moments, like job applications, to AI systems secured with less care than your Netflix account.This incident crystallizes three uncomfortable truths about our AI-powered future: 👉 Companies deploy AI for efficiency but forget basic security fundamentals 👉 The most vulnerable data often belongs to those seeking entry-level work 👉 Human oversight remains critical when machines handle human dignity ❓ When we delegate human processes to machines, we inherit new responsibilities, not shed them. As we accelerate toward AI-mediated everything, here's my question: Should companies be required to match their security investment to their automation ambitions? Read the full article on WIRED: https://lnkd.in/g8sB7xnT #Cybersecurity #AIEthics #DataBreach #FutureOfWork #Privacy #Automation ---- 💡 𝗪𝗲’𝗿𝗲 𝗲𝗻𝘁𝗲𝗿𝗶𝗻𝗴 𝗮 𝘄𝗼𝗿𝗹𝗱 𝘄𝗵𝗲𝗿𝗲 𝗶𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝗶𝘀 𝘀𝘆𝗻𝘁𝗵𝗲𝘁𝗶𝗰, 𝗿𝗲𝗮𝗹𝗶𝘁𝘆 𝗶𝘀 𝗮𝘂𝗴𝗺𝗲𝗻𝘁𝗲𝗱, 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗿𝘂𝗹𝗲𝘀 𝗮𝗿𝗲 𝗯𝗲𝗶𝗻𝗴 𝗿𝗲𝘄𝗿𝗶𝘁𝘁𝗲𝗻 𝗶𝗻 𝗳𝗿𝗼𝗻𝘁 𝗼𝗳 𝗼𝘂𝗿 𝗲𝘆𝗲𝘀. I dive deep into these shifts, and I can bring these thought-provoking insights and actionable strategies to your next event. If you enjoyed this content, I help audiences think bigger, adapt faster, and embrace the future with confidence. Let’s connect and talk. 🚀

WORD OF WARNING JOB SEEKERS! A dear friend of mine was recently contacted by someone presenting as a recruiter about a role with a well-known software company. He provided very specific details — the role, company, salary, and benefits. He even boasted that the candidates he puts forward “always get interviews” because he prescreens their references and submits both the resume and the references to the client. Trusting the process, she provided several references. Soon after, all of those contacts received calls — not about her candidacy, but with sales pitches for the recruiter’s services. Here’s what she uncovered: there was no job. When she called the company directly, they confirmed they weren’t hiring for that role and had never heard of his recruiting firm. She documented everything with screenshots and reported him to LinkedIn. Red flags to watch for: • Requests for multiple references before you’ve had any interview or confirmation of candidacy. • A recruiter who emphasizes “prescreening” or “special access” to gain your trust. The job market is challenging enough without tactics like this. Sharing this as a reminder to all candidates: protect your network, and trust your instincts.

⚠️ Recruiters and hiring managers: be careful out there. Mesh recently extended a verbal offer to a candidate who seemed to tick all the boxes: driven, articulate, and technically sharp. On paper, he looked like a great fit. The interview started strong. He was confident, thoughtful, and handled technical questions well. But then small details started to feel… off. → He crushed the virtual interview but had unusually modest compensation expectations → He said he was completely open to relocating, but only six months after starting → He had a seemingly valid medical reason for needing to skip an in-person meeting None of this alone was a dealbreaker, but something still didn’t sit right. Then came the moment that tipped the balance. The candidate listed 3+ years at Coinbase, which overlapped with my own time there. So I asked a few simple questions about the team he worked on and the people he collaborated with. He couldn’t answer them. He couldn’t describe his team, name any colleagues, or provide any real details about his time at Coinbase. At this point, the unsettling realization was that he had already made it extremely far in our process. We were even preparing a formal offer. What’s more concerning: the traditional safeguards didn’t catch anything. Standard background checks (including SSN verification, education checks, and screening through platforms like Checkr) all came back clean. So we dug deeper. After additional vetting, we confirmed the candidate was an impersonator attempting to infiltrate our company. Unfortunately, this is becoming more common. Remote hiring creates incredible opportunities for global talent, but it has also opened the door to highly sophisticated impersonation attempts that disproportionately target web3 companies. Fraudsters are getting better at forging W2s and paystubs, building convincing professional footprints, and even using AI to conduct deepfake video interviews. Trust your instincts and verify aggressively. Every hire is part of your company’s security perimeter, so screening processes should be rigorous and layered with multiple cross-checks. Diligence today can prevent disaster tomorrow. 🛡️ [Image source: CoinDesk] #CryptoSecurity #BlockchainBuilders #TrustInCrypto

Jobseekers, this one’s for you. If you’re applying to every job that says We’re hiring, stop right now. Because sending your CV everywhere doesn’t increase your chances. It just increases your frustration. Let me tell you about one candidate. He was excited when a reputed tech firm called after he applied through a job portal. Two quick interview rounds, lots of praise for his portfolio, and a verbal offer. He told his family, stopped attending other interviews, and waited for the email that would change his life. Weeks passed. Then silence. No offer letter. No replies. No updates. When he finally checked online ❌ The company had no website. ❌ No real LinkedIn presence. ❌ The HR email was from Gmail, No proper domain. It was all fake. A data scam. He didn’t just lose time, he lost his confidence too. That’s why, before applying anywhere, do these 5 checks: 1️⃣ Google the company. No real presence? Big red flag. 2️⃣ Check LinkedIn. Real people or fake accounts? 3️⃣ Verify the email domain. Legit companies rarely use Gmail for HR. 4️⃣ Ask for a written offer letter before resigning anywhere. 5️⃣ Trust your gut. If it feels off, it probably is. Remember,  The goal isn’t to get a job. It’s to get the right job safely, smartly, and confidently. Have you ever come across a fake job posting? Share your experience, it could save someone else’s time and trust. #jobsearch #career #corporateworld #hiring #fraudalert #jobseekers #company

These days, we see many cases where employees receive late-night messages from their managers. A ping at 11:30 PM: “Quick call?” A text on Sunday afternoon: “Need this by today.” This has become normal. But it should not be. I have seen people being asked to log in even on sick leave. Some are told to attend calls while officially on leave. Someone recovering from fever is asked: “At least be available on phone.” This is not okay. Many of these stories are coming from India. In several other countries, work-life balance is treated as a basic rule, not a privilege. Managers avoid contacting employees outside working hours unless it is a genuine emergency. We need to move in that direction too. Healthy boundaries matter. A simple truth: Better boundaries mean better productivity. Better boundaries mean better mental health. Better boundaries build better teams. Work should stay in working hours. Rest should stay in personal hours. As Simon Sinek said: “When people are financially invested, they want a return. When people are emotionally invested, they want to contribute.” Employees contribute more when they feel respected. Let us build a culture where employees are trusted, valued, and given the space to rest, recover, and live their lives. Work-life balance is not a luxury. It is a professional necessity. #WorkLifeBalance #workculture

Newly published research shows that taking calls & answering emails during “non-work” time can have negative consequences for people. When people use work-related technology in the evening (even by choice) they struggle to mentally switch off from work, which negatively affects their wellbeing both that night & the next morning. Evening work-related technology use depletes people’s “self-regulatory resources” - the mental energy needed to redirect attention away from work. Without these resources, people cannot mentally disengage from work, which impairs their ability to repair their mood & maintain emotional wellbeing. It creates measurable reductions in positive affect (feeling enthusiastic, relaxed) & increases in negative affect (feeling anxious, dejected). This negative effect carries over to the next day, creating a downward spiral of loss of resources. However, two factors can break this cycle: feeling in control of how evening time is spent & getting good quality sleep. The authors describe a "double-edged sword" situation - evening technology use may help with work goals in the short term but comes at a cost to recovery & ongoing wellbeing. Actions for leaders based on this research: 1) Discuss how to contain the work to the working day with the team & problem solve: don't encourage "going the extra mile at night" or "always-on" behaviours. 2) Model the boundaries we expect from others: if we want people in our teams to respect their evening time, demonstrate it ourselves by not sending late-night emails or messages. When leaders reply to emails at midnight, team members feel they should too. 2) Make our own boundaries visible & talk about them openly: the research emphasises that perceived control is protective, & when leaders talk openly about their own boundaries, it helps team members feel comfortable setting their own without fear of judgment. 3) Include digital boundary training in wellbeing training: encourage people to be more deliberate about when they engage with work technology rather than checking emails out of habit. 4) Act early when we notice patterns of evening work: spot these patterns early & intervene before visible wellbeing problems emerge, enabling workplace cultures where people feel comfortable setting boundaries. https://lnkd.in/e_Eyqi2A By Svenja Schlachter (Ph.D.) & colleagues, via John Whitfield MBA. Graphic by Work Chronicles.

One of the ways people are taking advantage of jobseekers excitement in this tough job market is through scams that appear to be legitimate jobs - we've seen this happen quite a bit at Zapier, and have had folks contact us about this issue again this week. Often, they will go to great lengths to impersonate the real company, using real employee names and a similar domain. So here are some ⛳️ to look out for - please remember them, and share with your friends if you think they may be falling for a scam! 1. The domain the email comes from does not match the company's actual domain. For example, instead of zapier dot com, the email comes from zapier dot mobi or zappier dot com or something like that. 2. You are contacted about an interview for a job you didn't apply for. If you didn't apply and they claim you did, it's a scam. 3. You are contacted about a job that's a stretch or seems to good to be true. When recruiters source, they are generally looking for people that meet all the many qualifications a hiring manager has so it's unlikely they will contact someone without really relevant experience. Companies are not paying $70 an hour for someone to do data entry work from home. If it sounds too good to be true, it is. 4. The interview process takes place via skype, whatsapp, telegram, etc. and you never actually talk to anyone live before receiving an offer. Companies are not hiring people to do important work and have access to their systems without meeting them live and thoroughly vetting their qualifications. 5. Communication is coming at odd times. The person is supposedly based in the US, but is responding to your messages at midnight as an example. I've seen these scammers go to significant lengths to appear legitimate: - create LinkedIn accounts and connect with current employees so they appear to be real employees - use the names of actual employees in their communications - create websites to increase the appearance of legitimacy I think in most cases, jobseekers who fall for these scams know something is off. But they want to believe it because they are so hungry for an opportunity. My suggestion however is to take a few minutes to do some research. When in doubt, email the company (for most companies, this will be something like "jobs" or "recruiting" at company domain), or submit a concern to the company's support page so they can look into it. And if you do end up the victim of one of these scams: 1. If you set up some sort of account or gave them a password, change all your passwords. 2. If you provided any bank account or identity information, contact your bank, freeze your credit, and consider identity theft protection. 3. Contact the company being impersonated - we can at least take steps to get the fraudulent domain shut down and remove the impersonator. I really hate that this is even something jobseekers are dealing but hopefully these tips help you avoid falling victim to these scams!

7 Resume Red Flags (That Instantly Disqualify You): 1. Generic "Objective" Statements "Seeking to leverage my skills in a challenging environment" makes hiring managers cringe. Replace with specific, results-focused resume bullet points. For example: "Marketing strategist increasing conversion rates by 37% for SaaS companies through data-driven campaigns." This proves your value and shows your fit to the role. 2. Responsibility-Focused Bullets "Responsible for managing social media accounts," says nothing about your impact. Hiring managers want to see results, not job descriptions. Transform every bullet into an achievement using the XYZ formula: Accomplished [X] as measured by [Y], by doing [Z]. Example: "Grew social engagement by 215% in 90 days by implementing a user-generated content strategy”. 3. Unexplained Employment Gaps Gaps aren't disqualifiers, but unexplained ones raise questions. Frame your gaps into assets by framing them honestly and featuring your personal and professional development. For example: “Completed a Google Data Analytics certificate and led a pro-bono project that cut a nonprofit’s reporting time by 40%.” 4. Outdated Technical Skills Listing obsolete software or technologies signals you haven't kept up with industry changes. Regularly audit your skills section to remove outdated tech. Focus on current, in-demand skills relevant to your target role. Pro Tip: Use ResyMatch.io to compare your resume with the target job description, then update your resume with the missing skills you own. 5. Unprofessional Email Address Email addresses using nicknames and packed with numbers (e.g., “nicky1995@email.com”) are instant red flags. Use a simple format. Ex: firstname.lastname@email.com This signals attention to details that matter. 6. Excessive Job-Hopping Without Context Hiring managers calculate the cost of onboarding against your potential flight risk. Multiple jobs under 1 year without explanation raise stability concerns. If that’s your case, don’t showcase every experience, but the most relevant ones in that timeframe. Alternatively, you can briefly explain short tenures with "Company downsized," "Completed project assignment," etc. 7. Formatting Inconsistencies Mixing fonts, inconsistent bullet styles, or erratic spacing screams "low attention to detail." Use a clean, consistent template with uniform formatting throughout. Pro Tip: Resume builders like ResyBuild.io help you quickly design, customize, and format your resume and maintain consistency. 🚨 Want to 3× your interview rate by fixing your resume red flags? 👉 Grab a free 30-min Clarity Call and we’ll walk you through a step-by-step audit: https://lnkd.in/gdysHr-r

I never thought I would be writing this post, but here we are. Some of the client testimonials written about me (straight from my own LinkedIn profile) were recently lifted and repurposed on someone else’s website… as if they were written about them. Screenshots, word for word. In this already difficult job market, the idea that someone would intentionally deceive job seekers like that is not just unethical. It’s dangerous. When someone is out of work or trying to pivot, they’re often at their most vulnerable. They’re trusting. They’re looking for guidance. And unfortunately, there are people out there preying on that. Before you invest time or money in anyone claiming they can support your job search, your LinkedIn presence, your brand, or your strategy, do your homework. ✔️ Look for consistent thought leadership and an actual track record. Does your "LinkedIn expert" get 4 likes on their posts? ✔️ Ask to speak with former clients who have shared testimonials if you feel unsure. ✔️ Trust your gut. ✔️ Don't ignore red flags. The website in question? Grammatical errors, bogus award certificates, and of course, testimonials that don't quite make sense (one even refers to my book). There are incredible coaches, strategists, and advocates out there. But not everyone is who they say they are. And you deserve the real thing.

Last week, a job seeker told me: “Sneha, I paid for ‘training material’ and never heard back from the recruiter.” Unfortunately, her story isn’t unique. I hear versions of this every single week. The reality is, fake job offers are on the rise. And scammers don’t prey on intelligence. They prey on desperation. Even the smartest professionals can get trapped if they don’t know the red flags. Here’s how to protect yourself 👇 🚩 Red Flags of Fake Job Offers 1️⃣ Unrealistic Salary → If it sounds too good to be true, it probably is. 2️⃣ Upfront Payment → No legitimate company asks you to pay for training, equipment, or background checks. 3️⃣ Suspicious Email IDs → Look for mismatched or fake domains (e.g., @company-careers.com instead of @company.com). 4️⃣ Vague Job Descriptions → Full of errors and no clear responsibilities. 5️⃣ Pressure Tactics → “Offer expires today.” Real employers give you time to decide. 6️⃣ Early Personal Data Requests → No company asks for bank details or SSN before interviews. 7️⃣ Text-Only Interviews → Legitimate employers conduct face-to-face or video interviews. 8️⃣ No Digital Footprint → A company with no LinkedIn presence or a website created last month? ✅ Quick Safety Checklist Before Accepting Any Offer ✔ Google the company & recruiter name. ✔ Cross-check salary ranges on Glassdoor, LinkedIn, or Naukri. ✔ Verify the recruiter on LinkedIn. ✔ Ask for an official offer letter on company letterhead. ✔ Never share sensitive details until an official process is in place. Job hunting is stressful enough. Don’t let scammers take your hope or your money. Stay vigilant. Protect your time, energy, and future. 👉 Have you or someone you know ever received a fake job offer? Share your experience, it might save someone else. P.S. Your job search should feel empowering, not risky. For more updated insights, strategies, and step-by-step frameworks to stay safe while growing your career. 📌 Join my Career Spotlight Group - https://lnkd.in/gB22r3_b