Phishy Smells

One of the things about the job hunt that makes it more daunting is the number of scams. Like a lot of phishing these days, the quality is definitely high. Enough so that my juvenile instinct to put NanoClaw on the case to see how many of the scammers' tokens I can burn is waylaid by a subtle concern that there’s a slight risk I might end up annoying a potential connection.

Ultimately, like most of us, I’m probably going to fall at least partway down one of these rabbit holes, even when there are blatant signs like the CEO of a decent-size company reaching out with an @gmail address. Partly that’s because it’s hard to ignore flattery—especially when it’s subtle. When you’re looking for a job, you intentionally share a lot of information about what you’ve done and what you’d like to do next. This makes a perfect data-rich environment for an AI-generated email to hit you in your feels.

There are a few guides out there—and Reddit, of course: PSA: How to spot scam job recruiters and stop them—but for me I think it comes down to this list:

• Sender domain - If their email domain doesn’t match the company they claim to represent, that’s bad.
• Company job board - Look on the actual company job board to see if there’s a position that sounds close to the one being described.
• Social proof - If the email comes from a platform, check to see if the sender actually has followers/content/digital presence.

If all of those check out, then I probably shouldn’t use that email chain as a champion/challenger test. Fortunately, as mentioned above, there are a lot of definitely phishy recruiting emails that I can play around with to see whether Gemma or Qwen or {insert model here} is the best at drawing out an email thread.