In the 17 months between October 2024 and the end of Q1 2026, we reviewed 145 reports of recruiter impersonation scams sent to security@emersonsearch.com. The reports came from candidates we’d worked with, from candidates we’d never met, and in a handful of cases from companies whose names had been used in the scams. The volume tripled compared to the prior 18-month window. The complexity of the scams — particularly the AI-generated content used to make them convincing — grew faster than the volume.

This analysis stems from reviewing every one of those 145 reports, plus what we have gathered from working with the FBI’s Internet Crime Complaint Center (IC3) on a small number of investigations where the scams escalated to identity theft or financial fraud. The patterns are consistent enough that a 12-flag taxonomy captures the vast majority of what we have observed.

I oversee our investment banking practice from our New York office, and the candidates I work with day-to-day are exactly the demographic these scams target most aggressively: senior US professionals with strong public profiles, high-value LinkedIn networks, and the kind of comp ranges that make data exfiltration valuable on illicit markets. The guidance that follows is what I tell candidates I work with directly. It’s also what we tell anyone who emails us about a suspicious outreach — whether or not they’re an active Emerson Search candidate.

The cardinal rule If anyone claiming to represent Emerson Search emails from anything other than @emersonsearch.com, asks for money, or pushes you to share banking or government ID information before a executed offer document exists, it’s a scam. Verify against our team directory and report to security@emersonsearch.com. We respond to every report within two business days.

The 2025 numbers, in context

The recruitment-scam ecosystem grew faster than any other category of professional-services fraud tracked by US law enforcement in 2025. The numbers below are from the FBI’s IC3 annual reports plus aggregated industry data.

RECRUITMENT SCAM TRENDS · 2024 vs 2025
YoY growth in IC3 reports
+47%
Median financial loss per victim
$4,800
Scams using AI-generated profiles
38%
Scams targeting senior professionals
61%
Reports involving identity theft
24%
Emerson Search impersonation reports
145 in 18mo
Sources: FBI Internet Crime Complaint Center (IC3) 2025 annual report; Emerson Search internal security ticket data Oct 2024–Apr 2026

Three findings from that data are worth pulling out.

First, senior professionals are now the principal target. Half a decade ago, recruitment scams predominantly targeted junior candidates with too-good-to-be-true entry-level offers. Today, 61% of recruitment scam reports involve senior professionals. The scammers have recognized that senior candidates’ data is more valuable (for identity theft, social engineering, or sale on illicit data markets) and that senior professionals are sometimes more vulnerable than juniors precisely because they assume their seniority makes them harder to target.

Second, AI tools have changed the economics of the scam. The 38% of scams involving AI-generated profiles is up from less than 5% in 2022. ChatGPT-class language models, voice cloning, and AI-generated headshots have declined sharply the expense of producing convincing initial outreach. The visual heuristics that used to detect scams — broken English, obviously stolen photos — no longer function. A scammer in 2026 may yield a polished, personalized, professionally-formatted recruiting email in under five minutes.

Third, the financial-loss numbers understate the harm. The $4,800 median financial loss is real but misleading. The bigger harm from senior-professional recruitment scams is generally not direct theft — it’s identity theft (24% of reports), social-engineering enablement for subsequent attacks, and reputational damage from data exfiltration to illicit markets. These secondary harms are harder to quantify but often more impactful than the top-line financial loss.

How modern recruiter scams actually work

Before we get to the red flags, a quick anatomy of what these scams actually try to accomplish. Understanding the goal helps see the tactics more clearly.

From the 145 reports we have examined, modern recruiter scams have one of four objectives, sometimes in combination:

One: direct financial fraud. The scammer extracts money from the victim — usually through an upfront fee for "training," "certification," equipment purchase, or a fake background-check service. The amounts are generally small ($300 to $5,000) precisely so victims don’t escalate. The classic version of recruitment fraud.

Two: data harvesting for resale. The scammer extracts résumés, contact information, work history, and references — not for fraud purposes, but to package and sell the data to other scammers or data brokers. This category is growing fastest because there’s no immediate financial harm to detect, the scam can run for months before anyone notices, and the resale market for senior-professional data is considerable.

Three: identity theft setup. The scammer collects enough personal data — SSN, date of birth, address history, government ID images, banking information — to open credit accounts or commit tax fraud in the victim’s name. The "background check" or "direct deposit setup" framings are the typical vectors.

Four: social engineering enablement. The scammer uses the recruitment conversation as a beachhead to subsequently impersonate the victim to colleagues, family, or other professional contacts. The victim’s real LinkedIn or email is then used in subsequent attacks where the scammer knows the victim’s actual professional context. This is the rarest category but the most damaging when it occurs.

The 12 red flags that follow are designed to detect any of these four objectives early in the conversation, before the scammer has extracted what they came for.

1. The domain doesn’t match

The foremost reliable red flag, by an order of magnitude over any other signal. From our 145 reports, 92% involved an email domain that did not match the recruiter’s real corporate domain. The variations we have observed:

Free email providers. No credible executive search firm uses @gmail.com, @yahoo.com, @outlook.com, or @hotmail.com for client work. If a "recruiter" reaches out from any free email provider claiming to represent a tangible firm, it’s a scam. Full stop.

Look-alike domains. The most advanced category. We have observed all of these targeting Emerson Search in particular:

  • emersonseareh.com (capital "I" instead of lowercase "l")
  • emerson-search.com (added hyphen)
  • emersonsearch.co (different TLD)
  • emers0nsearch.com (zero instead of letter "o")
  • emersonsearchs.com (plural)
  • emersonsearch-llc.com (added entity descriptor)

Subdomain misdirection. A scammer may use an email like info@emersonsearch.recruiting-jobs.com. The true domain is the part right before the final .com or .net — in this case, recruiting-jobs.com, not emersonsearch. Always read the domain right-to-left to identify the true sender.

If you’re unsure, hover over the sender’s name in your email client to see the full address. Don’t click anything in the email until you’ve confirmed the domain is exactly correct. Better yet: open a new browser tab, go to the company’s real website, and find a verified contact method there.

2. They’re asking for money

This is the universal disqualifier. Credible recruiting firms are paid by employers, not candidates. If anyone claiming to represent any recruiter asks you for any of the following, it is a scam:

  • An application fee
  • A résumé review or rewrite fee
  • A "training," "certification," or "onboarding" payment
  • Money to purchase laptop, monitor, or other equipment
  • A background-check fee
  • A "tax processing" or "payroll setup" fee
  • Cryptocurrency payment for anything

There is one narrow exception worth grasping: paid career coaching is a credible service offered by some recruiting firms (we offer it ourselves). But it is always presented as a separate, optional service with a clear engagement letter, never as a precondition to being considered for a role. If "career coaching" is being framed as something you must pay for before you can apply or interview, it’s the scam framing, not the credible version.

3. The remuneration is too good

Scam roles regularly offer remuneration that’s 30% to 50% above market for the same role. The high comp is intentional — it’s designed to overcome candidates’ usual skepticism. If a "Senior Software Engineer" role is being pitched at $380K base salary, full remote, no interviews, and a fast start date, it’s almost certainly fake.

Reality check: published remuneration benchmarks like Levels.fyi, the BLS Occupational Employment Statistics, and our own salary reports mirror actual paid amounts. A tangible role might be at the top of those published ranges, but it won’t be considerably above the highest data points. For senior US professionals, this is particularly worth grasping because the credible market is well-documented: see our 2026 Executive Remuneration Report or CFO remuneration analysis for specific market ranges. If an offer is well outside those ranges, that’s a signal worth paying attention to.

A particular variant worth highlighting: too-high remuneration with too-low requirements. A role offering $300K for a position that a credible company would normally pay $143K, with no specialized skill requirement and no clear technical evaluation, is the most prevalent scam comp pattern. The tendency works because the implausible offer attracts candidates who would otherwise be skeptical of the rest of the process.

4. The process is unusually fast

Credible senior-level interview processes generally involve at least 3 to 5 rounds, often more, spread across 4 to 8 weeks. Scammers compress everything because they need to close fast before the victim grows suspicious or has time to verify.

Watch for:

  • An offer extended after a single 30-minute conversation
  • No technical screening for technical roles
  • No reference checks at all, or fake-sounding references that the recruiter won’t name
  • No HR or people-team conversation as part of the process
  • Skipping the final-round interview with the true hiring manager or executive sponsor
  • An offer issued the same day as the first interview, with same-day signing pressure

The tendency is consistent: scams compress to days because credible processes take weeks. If a senior-role process is moving considerably faster than you’d expect from any company you’ve interviewed with before, slow it down on your end. Ask for additional interview rounds. Ask to speak to people on the team. The credible recruiter will accommodate; the scammer will resist or disappear.

5. The LinkedIn profile is thin

AI-generated LinkedIn profiles are now common, but they still have patterns. A "recruiter" who reaches out on LinkedIn but whose profile shows any of the following signs is very likely fake:

  • Fewer than 100 connections, especially for someone claiming senior tenure (real senior recruiters generally have 500+ connections)
  • No endorsements or recommendations from former colleagues
  • Profile created within the past 6 to 12 months
  • Generic job titles like "Senior Recruiter at Top US Search Firm" without naming the specific firm in the title
  • Stock-photo or AI-generated headshot — run a reverse image search on Google or TinEye to check
  • Work history that doesn’t cross-reference with anyone you actually know, including people you’d expect to overlap with given the claimed tenure
  • Posts or activity that show no signs of professional engagement — just shares of recruiting-industry content without commentary

Real recruiters have years of digital footprint: industry-event speaking, articles, podcast appearances, posts about specific market dynamics. Real recruiters also have connection density in the industries they recruit in — a finance recruiter has many connections at major financial firms, a tech recruiter has many at major tech companies. A "recruiter" with no industry-specific connection density is almost certainly fake.

An AI-generated LinkedIn profile in 2026 can fool the visual heuristics that worked five years ago. What it can’t fake is actual professional history — the colleagues, the references, the digital footprint that accumulates over years.

6. They want banking info before an offer

No credible recruiter or employer needs your bank account number, routing number, or full Social Security Number before a executed offer document exists. If they’re asking for any of these in the early stages:

  • "To set up direct deposit before your start date"
  • "For the payroll system, so payments aren’t delayed"
  • "To verify your identity before the next interview round"
  • "For the background check"
  • "For the IRS W-2 setup"

Stop. Don’t share. Each of these framings has a credible equivalent that doesn’t happen in the early stages. Direct deposit is set up after you sign an offer and start onboarding. Background checks are handled through certified third-party vendors (Checkr, HireRight) who collect this data directly with your express consent, not through a recruiter relay. Payroll setup happens after employment begins. The IRS doesn’t need any of this from anyone other than the employer at year-end.

The straightforward rule: sensitive financial and personal data is shared after you sign, not before. Any reversal of that order is a scam signal.

7. Encrypted-only communication channels

Scammers strongly prefer encrypted, ephemeral channels: Telegram, Signal, WhatsApp, occasionally Discord or Wire. Real recruiters use corporate email and standard video-conferencing tools (Zoom, Google Meet, Microsoft Teams) for the documented conversations that matter, even if SMS or phone calls happen for scheduling.

The rationale scammers prefer encrypted channels is twofold. First, the messages disappear or are harder to recover for evidence in the event of an investigation. Second, encrypted channels obscure the sender’s real identity in ways that make follow-up verification harder. If a "recruiter" insists on moving to Telegram or WhatsApp before any material conversation has happened on the record, that’s a signal something is off.

Note the subtlety: it’s entirely normal for a credible recruiter to text you to confirm a meeting time, share a calendar invite, or send a quick logistical note. The indicator is when the encrypted channel becomes the principal venue for material conversation, particularly conversation involving any of the other red flags in this list.

8. Urgency that doesn’t fit the role

"The hiring manager needs an answer by end of day." "This offer expires at midnight." "We’re extending it to two other candidates and need a decision in 24 hours."

Pressure tactics are designed to short-circuit your judgment. Credible senior offers stay open for days or weeks, with structured negotiation windows. Senior hiring processes involve remuneration committee approvals, reference verification, sometimes board-level sign-off for the most senior roles — none of which happen in 24 hours.

If you’re being told to make an irreversible decision within hours, resist hard. Ask for a written extension. Ask to speak with the hiring manager directly to confirm the timeline. A credible process will accommodate; a scam will either disappear or escalate the pressure.

A particular variant: urgency tied to "discount" or "limited availability" framings. "The company has a special hiring incentive ending Friday." "We have one slot left in this batch hire." Real companies don’t hire that way. Scammers use these framings because they create artificial shortage that pressures decisions.

9. The outreach is generic

Real recruiters specialize. We work on specific kinds of searches in specific industries. Our outreach mirrors that — we’ll mention your specific company, your specific role, your specific skills, your specific career trajectory. The personalization isn’t flattery; it’s evidence that we’ve done the work to understand who you are and why we’re contacting you.

Scam outreach reads like a template that could were sent to anyone:

  • "Your impressive background caught my attention..."
  • "We have a great opportunity that matches your profile..."
  • "You’re a perfect fit for our client..."
  • "I’ve been searching for someone with your skills..."

None of those phrases would survive a basic test: "what in particular about my profile does this opportunity require?" Real outreach can answer that question; scam outreach cannot. If you reply to a recruiter’s outreach with a polite "what in particular about my background indicated this role?" and the response is more generic boilerplate, the outreach is almost certainly automated and likely fraudulent.

10. Equipment shipped before contracts

This is one of the more advanced scams we have observed, and it’s growing. The "employer" offers to ship you a laptop, monitor, or other equipment before your formal start date. They send you a check to cover it. Then they ask you to wire some portion of the check amount to a "vendor" or "supplier" for the equipment.

The check bounces a week later. You’re out the wire money. The "employer" disappears. This pattern has cost individual senior-professional victims $5,000 to $25,000 in our review of the 145 reports we processed.

The architectural test is simple: no credible employer asks you to be the intermediary on equipment purchases. If anyone proposes this, it’s a scam. Equipment for a tangible role is shipped directly to you by the company, paid for by the company, after you’ve signed the offer. You should never be receiving a check from your future employer for equipment they’re shipping to you.

11. References they won’t share

Credible recruiters and employers conduct reference checks they’re willing to discuss with you. Scammers either skip references entirely or claim to have done them and refuse to provide details.

If you ask "who did you speak to among my references?" and the recruiter is vague, evasive, or claims confidentiality reasons for not sharing, that’s a problem. Real reference checks are not confidential from the candidate — you must always be told who was contacted and what was discussed. The "confidentiality" framing is a common scam misdirection.

A connected indicator: references they didn’t actually call. We have encountered several reports from victims who later contacted their listed references to verify the reference checks, only to learn that no one from the "employer" had ever called. The check was characterized as "completed" without ever happening.

12. The job posting is unfamiliar

Established job-listing platforms — LinkedIn Jobs, Indeed, Glassdoor, Built In, Hired — moderate listings actively, with some level of verification of the posting employer. Most senior-level scams either bypass these platforms entirely (operating via direct outreach) or appear on less-moderated job boards that don’t verify employers.

If a recruiter contacts you about a role they say is on a job board you’ve never heard of, search for that board independently before engaging. Many scam job boards are clones or near-clones of credible boards (with names like "JobsForExecutives.net" or "TopTalentBoard.com") designed to look credible at first glance.

The straightforward verification: search the company name + "career" or "jobs" and see if the role is also listed on the true company’s career site. If a senior role exists at a tangible company, it’s almost always also listed on that company’s own career page. If the role exists only on the recruiter’s claimed job board and nowhere else, that’s a strong signal.

What to do if you spot one

If any of the 12 flags above show up in an outreach you receive, here’s the actionable sequence to follow:

  1. Stop responding. Don’t engage further, even to "test" them or try to gather more information. Anything you share may be reused. If you’ve already responded, stop. You don’t owe them a follow-up.
  2. Don’t click any links or open any attachments. Many scam emails carry malware or credential-harvesting links. Even links that look benign may be tracking pixels or phishing redirects.
  3. Document the exchange. Save the email headers, take screenshots of LinkedIn conversations, archive any PDFs or attachments they sent. You’ll need these for reporting.
  4. Report the scam. File a report with the FBI’s IC3 (ic3.gov). Report the LinkedIn profile if applicable. Forward the email to the credible firm being impersonated. For Emerson Search, forward to security@emersonsearch.com. For other firms, find their security or fraud contact via their official website.
  5. If you shared sensitive data, act fast. Banking info: contact your bank immediately to freeze accounts. SSN: place a fraud alert with the three credit bureaus (Equifax, Experian, TransUnion). Identity documents: file an identity-theft affidavit with the FTC at identitytheft.gov.

How to verify any recruiter

The counterpoint of detecting fakes is verifying real recruiters. If you receive outreach from someone claiming to be a Emerson Search recruiter and want to verify:

  1. Check the email domain. Must be exactly @emersonsearch.com with no variations, hyphens, zeros for O’s, or different TLDs.
  2. Look up the person in our team directory. Every consultant we employ is listed at emersonsearch.com/team. If the name and email don’t both match the directory exactly, it’s not us.
  3. Call our main toll-free number. +1 (866) 519-3742. Ask to be transferred to the person who contacted you. If they exist, you’ll be transferred. If they don’t, our reception team will tell you.
  4. For senior-level conversations, ask to meet in person. We have nine US offices. If you’re near any of them, the team will gladly meet you in person to verify identity and discuss the role. Scammers cannot do this.
  5. If anything doesn’t match, report to security@emersonsearch.com. We review every report.

For recruiters from other firms, the same principles apply. Verify through the firm’s main published phone number (not a number provided in the suspicious outreach). Check the email domain against the firm’s official website. Look the recruiter up on the firm’s own team page or industry directories. If anything doesn’t match, escalate to the firm’s security or fraud contact.

How and where to report

If you’ve identified a scam targeting senior US professionals, reporting it matters — both to protect future victims and to support law enforcement efforts. The reporting channels:

FBI Internet Crime Complaint Center (IC3). The principal US federal channel for cybercrime reporting. File at ic3.gov. The IC3 is the central clearinghouse for FBI investigations of internet-based fraud, and reporting there is the most direct path to potential federal enforcement.

Federal Trade Commission. If the scam involved identity theft or potential consumer fraud, also file with the FTC at reportfraud.ftc.gov. The FTC maintains its own database of scam patterns and shares with state attorneys general.

State Attorney General. Your state Attorney General’s office accepts consumer fraud reports and has direct enforcement authority within the state. For New York: ag.ny.gov. For California: oag.ca.gov. Other states have equivalent offices.

The impersonated firm. If you can identify which credible firm is being impersonated, contact them directly. Most reputable firms maintain security or fraud teams that can both help you protect yourself and assist law enforcement with broader investigations. For Emerson Search, security@emersonsearch.com.

LinkedIn or other platforms used. If the scam originated on LinkedIn, report the profile using LinkedIn’s reporting interface. LinkedIn’s investigation team generally responds within 5 to 10 business days. Other platforms have similar mechanisms.

The essential point

Recruitment scams in 2026 are more advanced than they were three years ago, primarily because AI tools have completed the initial impressions much harder to distinguish. The defenses remain mostly boring: verify domains, never send money, never share sensitive personal information before signed paperwork, and trust your instincts when something feels off. The 12 flags above cover approximately 95% of the patterns we have observed.

Methodology & caveats

This piece is informed by 145 recruiter-impersonation reports received by Emerson Search’s security team between October 2024 and the end of Q1 2026, plus FBI IC3 public data for the same period. The 145 reports represent all reports we received that expressly identified Emerson Search as the impersonated firm; we likely receive a small number of additional reports that we can’t conclusively classify and that aren’t included in this count.

The 12-flag taxonomy was developed by examining the patterns in those 145 reports plus reviewing publicly-reported recruitment scams from FBI, FTC, and industry sources. The flags are not exhaustive — new scam patterns emerge regularly, and the AI-generated content trend in particular is evolving faster than any taxonomy can keep up with. Treat the 12 flags as a strong-but-incomplete checklist, not as a guarantee of detection.

The financial-loss data and industry statistics in this piece come from publicly-available sources: FBI IC3 annual reports for 2024 and 2025, FTC consumer fraud data, and industry analyses from organizations including the Anti-Phishing Working Group and the Better Business Bureau. Specific numbers may were revised after the publication of this piece; the directional trends are consistent across sources.

This piece does not constitute legal advice. If you believe you’ve been victimized by a recruitment scam, consult with a qualified attorney in your jurisdiction in addition to filing the reports outlined above. The reporting steps we recommend are general guidance, not a substitute for case-specific legal advice.

This piece is authored by Danielle Pearson, Lead Recruiter for our Investment Banking practice, with security-team review by Emerson Search’s information security function. Danielle works from our New York headquarters at 110 East 42nd Street, Suite 1400. Direct contact: danielle.pearson@emersonsearch.com. For broader context on senior US remuneration that the most prevalent scam variations attempt to exploit, see our 2026 Executive Remuneration Report. For related coverage on confidential search practices that minimize scam exposure, see our piece on the senior professional’s confidential search playbook.

DP
About the author
Danielle Pearson
Lead Recruiter · Investment Banking

10 years of recruiting experience focused on financial services. Specializes in VP-Director level placements at bulge-bracket banks, boutique advisories, and growth-stage FinTech firms. Based in New York.

danielle.pearson@emersonsearch.com Full team