If an unauthorized person is contacting candidates while claiming to recruit for your company, treat it as both a candidate-safety issue and a brand-trust issue. The right response is visible but measured: help candidates verify genuine roles, make clear that the impersonator is not authorized, and avoid unnecessary detail that could create legal or reputational risk.

Why companies should respond publicly

Recruiter impersonation is a known job-scam pattern. The U.S. Federal Trade Commission warns that scammers pose as recruiters for real companies on LinkedIn and other job sites, often using fake roles to obtain money or personal information from job seekers ^[1]. Consumer reporting has also documented fraudsters posing as employers and recruiters on platforms such as Indeed and LinkedIn ^[10].

That means candidates may not start on your official website. They may see a message, job-board listing, or social profile first. A public notice gives them a reliable way to check whether the opportunity is real.

The recommended response

1. Make your careers page the source of truth

Your careers page should carry the clearest version of the warning. The FTC advises job seekers to verify opportunities directly through the company’s official website rather than relying only on recruiter messages or job-platform outreach ^[1].

A good careers-page notice should say:

• unauthorized individuals may be using the company’s name;
• candidates should verify openings through the official careers page;
• the company does not require payment as part of recruitment;
• candidates should avoid sharing sensitive information with unverified contacts;
• suspicious outreach can be reported to a named company inbox.

Keep the notice evergreen if impersonation risk could recur. If the incident appears active, pin or feature the alert more prominently for a limited period.

2. Repeat the warning on job boards and company profiles

Candidates often encounter opportunities through job boards and social platforms, not the employer website. The FTC specifically identifies LinkedIn and other job sites as places where fake recruiter scams can begin ^[1].

Employer job postings commonly include short recruitment-fraud disclaimers. Airbus-related postings, for example, state that the company does not ask for monetary exchange in recruitment and that impersonation should be reported ^[7]. Other Airbus job disclaimers warn that the company does not send job offers from free email services or authorize anyone to collect money in return for a job ^[4]. Vestas job postings have also included “Beware – Recruitment Fraud” language warning about fraudulent emails from people pretending to work for the company ^[8].

Use the same short warning across LinkedIn, Indeed, JobStreet, Glassdoor, and any local job boards where candidates are likely to find your roles.

3. Use LinkedIn selectively

A LinkedIn statement is useful when the fake outreach may still be active or when candidates are likely to search your company page for confirmation. Keep it calm and practical. Do not name the impersonator, repeat the fake role, or describe internal investigation details unless your legal, HR, and security teams approve.

If the fake profile is already removed and you believe the incident is contained, a careers-page notice plus job-board language may be enough. If there is uncertainty, a short LinkedIn post helps reduce candidate risk without escalating the message unnecessarily.

4. Create one monitored reporting channel

Set up or designate a monitored inbox such as careers@company.com, recruitment@company.com, or security@company.com. The address should be visible in the careers-page alert and job-board note.

Internally, decide who triages reports: Talent Acquisition, HR, Legal, Corporate Communications, InfoSec, or a small cross-functional group. Ask candidates to forward screenshots, sender details, URLs, email addresses, and any payment or personal-data requests.

Messaging principles

Strong recruitment-fraud messaging is brief, factual, and candidate-focused.

Use language that does the following:

• Protects candidates: “Please verify roles through our official careers page.”
• Clarifies authority: “These individuals are not authorized to represent the company.”
• Names the red flags: payment requests, banking-detail requests, suspicious email domains, or pressure to move off official channels.
• Avoids overstatement: do not say “breach,” “compromise,” or “data leak” unless those facts are confirmed.
• Avoids operational detail: do not describe the fake profile, suspected individual, investigation steps, or internal systems.

Template: careers-page recruitment fraud alert

Recruitment Fraud Alert

We are aware that unauthorized individuals may be contacting candidates while falsely claiming to recruit on behalf of [Company].

Please verify all [Company] job opportunities through our official careers page: [careers page link]. [Company] does not ask candidates to make payments, provide banking details, or transfer money as part of the recruitment process.

If you are contacted about a [Company] role and are unsure whether it is genuine, please check our official careers page or contact us at [recruitment email]. If you believe you have received a suspicious message, do not respond, click links, make payments, or share personal information until you have verified the communication.

Candidate trust and safety are important to us, and we encourage anyone with concerns to contact us directly.

Adapt this copy to match your actual process. For example, if your company later collects identity, payroll, or banking information after a signed offer, clarify that those steps happen only through verified official channels.

Template: short job-board or company-profile notice

Recruitment Fraud Notice

Please be cautious of unauthorized individuals claiming to recruit on behalf of [Company]. Candidates should verify genuine openings through our official careers page: [careers page link].

[Company] will not ask candidates to pay money as part of the recruitment process. To verify a role or report suspicious outreach, contact [recruitment email].

Template: LinkedIn statement

We have been made aware of unauthorized recruitment activity in which individuals may be falsely claiming to represent [Company].

Candidate trust and safety are important to us. Please verify [Company] opportunities through our official careers channels at [careers page link]. We do not ask candidates to make payments or provide banking details as part of recruitment.

If you are contacted about a [Company] role and are unsure whether it is genuine, please contact us directly at [recruitment email]. We encourage candidates to remain cautious and report suspicious outreach.

Template: internal HR and recruiting holding statement

We are aware of a potential recruitment impersonation issue involving unauthorized individuals claiming to recruit for [Company]. These individuals are not authorized to represent the company.

If contacted by candidates, direct them to verify roles through our official careers page and ask them to forward suspicious messages, screenshots, sender details, and links to [reporting email]. Do not engage directly with suspected fraudulent profiles. Escalate new reports to [owner/team] for tracking and review.

Practical action checklist

• Publish a careers-page alert and make it easy to find.
• Add the same warning to current job descriptions and job-board company profiles.
• Create or designate a monitored reporting inbox.
• Report fake profiles, job ads, or messages to the relevant platform.
• Search major job boards and social platforms for duplicate fake listings using your company name.
• Preserve evidence: screenshots, URLs, sender names, email addresses, phone numbers, message timestamps, and payment requests.
• Confirm whether any referenced role is real, closed, or nonexistent before responding to candidates.
• Align HR, Talent Acquisition, Legal, Communications, InfoSec, and Customer Support on the approved response.
• Keep a tracker of candidate reports so the company can identify repeated names, domains, profiles, or scripts.
• Review the alert periodically and update it if the threat changes.

What not to say

Avoid language that creates more risk than it solves. Do not name the fake recruiter, accuse a specific person publicly, share screenshots that reveal candidate information, or imply that company systems were breached unless that has been confirmed. Do not promise that every legitimate recruiter will use one exact channel unless your process truly works that way.

The safest public posture is simple: acknowledge unauthorized recruitment activity, tell candidates how to verify legitimate roles, state that the company does not require recruitment payments, and provide a direct reporting path.

Bottom line

A company facing recruiter impersonation should not stay silent if candidates may still be exposed. The market norm is a clear recruitment-fraud warning on the official careers page, consistent language on job boards, and practical verification instructions. A LinkedIn statement is appropriate when the outreach may still be active or when candidates are likely to look there for reassurance.