This Job Offer Almost Stole My Identity — Every Red Flag Explained
The email looked completely real. Professional formatting. A named HR director. A salary that matched the market almost perfectly. And a request for personal information that would have handed over everything a scammer needs to steal an identity — buried inside what appeared to be a routine onboarding form.
The Email That Started It All
She had been quietly looking for something new for three months. A remote administrative role. Steady pay. Flexible hours. Nothing dramatic — just a change that made sense for where she was in her career.
Then the email arrived on a Tuesday afternoon. Subject line: Congratulations — You've Been Selected for Our Remote Administrative Coordinator Role. The sender was Jennifer Walsh, HR Director at Apex Business Solutions. The salary range was $58,000–$65,000 per year. The job description matched her experience almost perfectly.
She almost filled out the form attached to that email.
Here is what the email actually looked like — and what was hiding inside it.
Dear Candidate,
After reviewing your profile, our team has selected you as a top candidate for our Remote Administrative Coordinator position ($58,000–$65,000/year). This is a fully remote role requiring 3+ years of administrative experience.
To proceed, please complete the attached onboarding form including your background verification information. We look forward to welcoming you to the team.
Fictional composite example — illustrates real scam patterns. Not based on any specific case.
Read it again. Notice what is missing.
There was no interview. No phone screen. No application she submitted to this company. No explanation of how they found her profile. She was simply — selected. And the very next step after that congratulations was a form requesting her personal identifying information.
That is not a hiring process. That is a trap.
Red Flag #1: The Domain Was 11 Days Old
The sender's email address was [email protected]. At first glance, that looks legitimate. A company name, a proper domain, an HR department.
Look closer. The hyphen in apexbusiness-solutions.com is the first signal. Established companies almost never use hyphens in their primary domain — they register their clean name (apexbusiness.com) and hold it. Hyphens typically appear when the clean version was already taken and the scammer chose the next available option that looks plausible.
A WHOIS lookup on apexbusiness-solutions.com showed the domain was registered eleven days prior. A company with a $60,000 salary offering has been online for less than two weeks. No business history. No web presence. No trace in any business registry.
You do not need any technical knowledge to check this. Type the domain into a free WHOIS lookup tool — who.is or icann.org/lookup — and look at the creation date. If a company emailing you about a job was registered within the last 30 to 60 days, treat it as a serious red flag and investigate before responding.
Domain age under 60 days + job offer = high suspicion. Legitimate employers with salaried positions have business history that predates the email they're sending you. New domains are cheap and fast to register — scammers spin up dozens of them per month.
Red Flag #2: The HR Director Did Not Exist
A named HR contact adds credibility to a fake offer. Jennifer Walsh sounds like a real person. The title is specific. There is a last name you could search.
So search it.
A search for Jennifer Walsh at Apex Business Solutions returned one LinkedIn profile, created three weeks before the email was sent. Nine connections. No prior employment listed. No photo that matched any public record. This was not a real person — it was a character built to give the email a human face.
Real HR professionals at companies offering salaried positions have a documented professional history. They have been on LinkedIn for years. They have former colleagues who can verify their existence. A profile created days or weeks before the outreach, with no history and a handful of connections, is a fabrication.
"Scammers know that a name makes an email feel personal. They build just enough of a person to get you to respond — and nothing more."
Red Flag #3: They Asked for Your SSN Before Any Interview
This is the one that matters most — and the one that most people miss because it is framed as a routine next step.
The form attached to the email asked for her Social Security number. For a background check. Before any phone screen. Before any interview. Before any formal offer had been made or accepted. Before she had spoken to a single person at the company.
No legitimate employer requests a Social Security number at this stage. Background checks requiring your SSN happen after an offer has been extended and accepted, during formal onboarding — not on a form attached to a congratulatory email you received without applying. This is not an onboarding form. It is an identity theft form.
With a Social Security number, date of birth, and home address, a scammer can open credit cards in your name, take out personal loans, file fraudulent tax returns to claim your refund, and sell your information on dark web marketplaces. The damage from a single form submission can take years to fully resolve.
No legitimate employer — at any level, in any industry — requires your Social Security number before conducting at least one interview. If a job offer asks for this information at this stage, it is a scam. Full stop.
Why This Works on Smart, Experienced People
Before the red flags, there is something important to name.
The people who almost fall for job offer scams are not careless. They are not unsophisticated. They are people in a specific emotional state — hoping for something — being targeted by professionals who study that exact state for a living.
Scammers who build employment fraud operations understand the job market. They know what salary gets attention without triggering suspicion. They know that remote work carries real appeal. They know that if someone has been searching for three months and this email arrives with the right title, the right pay, and the right timing, a part of that person wants to believe it is real.
They engineered every element of that email around hope. That is not a character flaw in the recipient. That is the entire business model of the scammer.
Knowing how it works is the first thing that stops it.
The 30-Second Check That Changes Everything
Three red flags. Any one of them — alone — is enough to stop and verify. All three together is a near-certain scam. And the check that surfaces all three takes less time than reading the email twice.
Paste the job offer into Scamanot's Job Offer Checker. Describe what the email said, who it was from, and what it's asking for. In seconds, you get a risk verdict, the specific flags that triggered it, and the recommended next step.
In the case above: High Risk. Identity theft — fake employment offer. Three flags surfaced. Clear action. A direct link to report to the FTC.
Twelve seconds.
That is what it costs to know for certain — versus what it costs not to know.
Watch the full email breakdown at 0:40, the red flag cascade starting at 1:20, and the live Scamanot check at 4:10 in the video above.
If You've Already Responded: What to Do Right Now
If you're reading this because you've already submitted information to an offer like this — do not waste time on guilt. Act immediately.
- If you provided your SSN: Place a fraud alert or credit freeze with all three credit bureaus — Equifax, Experian, and TransUnion — right now. Visit IdentityTheft.gov for a personalized recovery plan.
- If you provided banking information: Contact your bank immediately and flag your account for monitoring or temporary freeze.
- If you submitted a password: Change it everywhere you use it, right now. Enable two-factor authentication on every account that allows it.
- Report it: File a report at ReportFraud.ftc.gov and at the FBI's Internet Crime Complaint Center at IC3.gov. Every report filed helps identify patterns and shut down active operations.
Speed matters here. The sooner fraud alerts are placed, the harder it becomes for the scammer to use what they collected.
The Three Questions to Ask Every Time
You do not need to become an expert in employment fraud to protect yourself. You need three questions — asked every time an unsolicited job offer arrives.
- Did I apply to this company? If not, how did they find you — and why is the next step a form, not a conversation?
- How old is this domain? A WHOIS lookup takes thirty seconds. A domain under 60 days old is a serious signal.
- Are they asking for sensitive personal information before any interview? If yes, stop. This is not a job offer.
Three questions. Any one of them answered the wrong way — pause and check before you proceed.
Got a job offer that feels slightly off?
Paste it into Scamanot. Free, instant, and nothing is ever stored.
Check It Now — Free →Unlimited checks. Every day.
Job offers, texts, emails, phone numbers, websites — run as many checks as you need. Guardian gives you unlimited access to every Scamanot tool, every day.
Get Guardian — $9/mo →Cancel anytime. Nothing stored. Ever.