Company Impersonation: Fake Postings on Real Brand Names

Red flags

• 01Application email goes to a free email service or to a domain that's a near-miss of the company's real one (e.g., google-careers.com instead of google.com)
• 02Job posted on a low-quality aggregator but not on the company's official careers site
• 03Recruiter's LinkedIn profile doesn't match anyone on the company's real team page
• 04Posting recycles a real JD word-for-word but salary, location, or remote policy doesn't match the company's actual practice

Real-world example

A real Stripe Software Engineer JD is reposted on a small job board with contact email "hr.stripe.recruiting@gmail.com" instead of an @stripe.com address. The application form is hosted on a Google Form rather than the Stripe careers portal.

Why this scam works

Brand recognition does the convincing. Applicants assume that if the company name and JD match, the recruiter must be legitimate. The fraud lives in the contact channel, not the posting itself.

What to do

• 01Always cross-check a posting against the company's official careers page (search '[company] careers')
• 02Only apply through the company's own application system
• 03If the role only exists on a third-party aggregator and not on the company's own site, treat it as suspect
• 04Report impersonation to the real company's security or talent team