I had my resume up on several job sites. I got an email using the name (and a plausible email) for a real, quality software company that sent me a list of HR-type questions. I sent some answers (no PII involved), and they told me I had the job and asked for some bank account information.
That obviously set off some alarms, so I followed up with the company and found out that they were being impersonated. I would guess that someone spent 3+ hours just on hustling me - they'd clearly read my resume, which was ironically better than a lot of real interviews.
> and they told me I had the job and asked for some bank account information.
Wow. The worst thing is that collecting this information isn't even a red flag when starting a new job, although it's always been done when I get there in person on day 1 for me.
My current job required mountains of background checks and verification, more than enough to do some thorough identity theft. This was setup through a recruiter I met in person though. Imagine how many people they could get if they opened a legit recruitment office for a month?
I'm fairly sure this would have tipped you off - they made the offer with no technical questions or onsite, after talking to only one person, and asked for bank account info before a start date. A little more effort and they might well have gotten me, though.
I can only imagine what a placement company or recruiter could do, just by doing the real job for a bit then bailing with the personal data obtained. It's not pretty, since job offers are such a standard reason to cough up PII.
