The CV scam: here's how to defend yourself

"Hello, we have received your CV". It is the catchphrase of the moment, a message that sounds credible and harmless, when in fact it is the trigger for the CV scam. The call comes from an Italian mobile phone not saved in the address book. A scam that may seem credible to those who are really looking for work and are full of expectations. Psychologically, it is in fact a technique that exploits the expectation of a call from a company, prompting those who are really looking for a job to fall into the trap. Here are the clarifications provided by Martina Di Nanni, Chief Commissioner of the State Police.

The strategies implemented, however, are different. "It is a scam that aims to overcome people's natural mistrust of international numbers that have foreign dialling codes," Di Nanni recalls, "precisely because the phone calls come from an Italian number that has a dialling code, i.e. +39, and therefore the person tends to answer these calls. It all starts with a phone call. "This recorded voice shows up. Then the scammers can use different strategies: presenting themselves as representatives of companies or organisations or associations that in some way invite people to submit CVs for jobs, for job offers, or agency representatives that in some way attract the attention of those who are actually looking for a job, for employment".

"One of the main problems," says Di Nanni, "is that they often ask you to click on fraudulent links to gain access to personal data. What kind of data do cybercriminals want to steal? "The data to be stolen are varied. In any case, the phone call with the recorded voice then proposes to continue the conversation on WhatsApp, then in chat. And for someone who is actually looking for a job, sending a WhatsApp message may seem harmless. But then some task may be indicated, which may be just entering personal data or even downloading a form to be filled in, or sending further data in chat'.

"Often by downloading even a document that is sent on WhatsApp," explains Martina Di Nanni, "malware is installed on the device that then goes on to extrapolate data, including access codes to current accounts or passwords, email addresses. Even documents often. Initially, only data is extracted that can then lead to other platforms, such as accounts linked to current accounts. Personal data of any kind can tend to be extrapolated'.

Who are the fraudsters? Initial investigations, given that this is a recent phenomenon, show that fraudsters can be either individuals whose goal is to obtain money from these types of fraudulent activities on the Internet. "But there can also be more complex organisations. There tend to be organisations located abroad that are dedicated to specific types of fraud. But there can also be complex organisations in Italy that initially carry out social engineering, i.e. they study the profiles of potential victims and then go into action on several fronts, trying to get the attention and data from potential victims.