Yes, a significant share of LinkedIn job postings are fake, misleading, or never intended to be filled, and job seekers across the United States face real legal and financial harm because of them. The problem sits at the intersection of Section 5 of the FTC Act, which bans “unfair or deceptive acts or practices,” and the federal wire fraud statute at 18 U.S.C. § 1343, which criminalizes using interstate electronic communications to obtain money or property by false pretenses. When a company posts a role it has no plan to fill, or a scammer impersonates a recruiter to steal your Social Security number, that conduct can trigger civil penalties, criminal charges, and private lawsuits.
The immediate negative consequence for you is lost time, lost money, and sometimes lost identity. According to the FBI’s 2024 Internet Crime Report, employment scam complaints climbed sharply, with reported losses of roughly $264 million and a 276% year-over-year surge in losses per victim. A 2025 ResumeUp.AI analysis reported by Entrepreneur found that 27.4% of all U.S. job listings on LinkedIn are likely “ghost jobs” with no intent to hire.
Here is what you will learn in this guide:
- 🕵️ How to spot a fake LinkedIn posting before you waste hours on your resume
- ⚖️ Which federal and state laws protect you from deceptive job ads
- 🎯 The most common scam formats and who runs them
- 🧾 How to report a bad posting to LinkedIn, the FTC, and the FBI
- 💼 What recruiters, HR leaders, and career coaches must do to stay compliant
What “Fake” Means on LinkedIn
The word fake does a lot of work on LinkedIn. A posting can be fake because the employer never plans to hire, fake because a criminal impersonates a real company, or fake because the job was filled weeks ago but the listing stays live. Each type carries a different legal label and a different remedy.
The Congressional Research Service defines a ghost job as an online posting for a position that does not exist or one an employer has no plan to fill right away. A scam job, by contrast, is a posting built to trick you, often to steal credentials, money, or personal data. A recycled job is a real opening that a recruiter keeps re-advertising to build a talent pool. All three can look the same to you when you hit “Apply.”
Ghost Jobs Explained
Ghost jobs are postings with no current intent to hire. The plain-English rule is that a company can legally “pipeline” candidates, but it cannot lie about the status of the role. The consequence of lying is exposure under the FTC Act and state deceptive-trade-practices laws that mirror it, such as California’s Unfair Competition Law at Business and Professions Code § 17200.
Consider a real mini-scenario. Maya, a product manager in Austin, applies to a Fortune 500 posting she sees every Monday on LinkedIn. She tailors her resume, records a video answer, and waits. The role was filled internally in February, but the recruiter keeps the ad live to collect resumes for future reorgs. Maya has no idea, and her time is gone.
A common misconception is that ghost jobs are illegal on their face. They are usually not, but the moment a company states “actively hiring” or “immediate start” while knowing the role is frozen, the speech crosses into deceptive territory and state regulators can act.
Scam Jobs Explained
Scam jobs are criminal operations. The plain-English rule is that using LinkedIn to trick you into sending money, crypto, or personal data is a federal crime under 18 U.S.C. § 1343 and often under 18 U.S.C. § 1028 if identity theft is involved. Violators face up to 20 years in prison per wire fraud count and fines up to $250,000.
In January 2026, CNBC reported that Fireblocks disrupted a North Korea–linked recruitment scam that mimicked the company’s hiring pipeline on LinkedIn. Hackers used real-looking profiles, scheduled real-looking interviews, and pushed malware through fake “coding assessments.”
A common misconception is that a verified company page means a safe job. Verification applies to the company, not to every recruiter account that claims to work there, which is how Lazarus Group operatives slip malware through fake offers.
Recycled and Evergreen Jobs
Recycled jobs are real roles that refresh over and over. The plain-English rule is that LinkedIn’s Jobs Terms require accurate listings, and repeated reposting of a filled role can violate both the platform contract and state posting-transparency laws.
The consequence is soft but real. You apply, the applicant tracking system auto-rejects you, and you never find out the role closed six weeks ago. A mini-scenario: Darnell, a data analyst in Chicago, applies to the same Snowflake engineer listing three times in ninety days. Each time, the recruiter’s ATS records him as a “repeat candidate” and pushes him to the bottom of the queue.
A common misconception is that reposting is always dishonest. Sometimes a recruiter refreshes to boost visibility on a real opening, which is permitted, but the line is crossed when the role no longer exists.
The Federal Legal Framework
Federal law is the starting point because LinkedIn is an interstate platform and almost every fake posting crosses state lines. Four federal bodies of law carry most of the weight here, and each one applies a different piece of the puzzle.
Section 5 of the FTC Act
Section 5 of the FTC Act bans “unfair or deceptive acts or practices in or affecting commerce.” The plain-English rule is that a company cannot materially mislead a consumer, and a job ad counts as commercial speech in this context. The consequence of violating Section 5 includes injunctions, civil penalties of up to $51,744 per violation under the 2025 adjusted penalty schedule, and mandatory consumer redress.
A mini-scenario makes it concrete. Aisha, a recruiter at a mid-sized tech firm, posts the same senior engineer role for eight months with “urgent hiring” language even though the req was frozen in month two. The FTC could treat her campaign as deceptive because the “urgent” claim is material to a reasonable applicant’s choice to invest time.
A common misconception is that the FTC only protects buyers of goods. It also protects job seekers as consumers of commercial information, a position the agency has reinforced in its business opportunity rule.
The Wire Fraud Statute
The federal wire fraud statute is the sharpest knife in the drawer. The plain-English rule is that sending any interstate electronic message as part of a scheme to obtain money or property by false pretenses is a crime, and a LinkedIn message qualifies. The consequence is up to 20 years in federal prison, rising to 30 years if the scheme affects a financial institution.
Consider Luis, who receives a LinkedIn offer for a remote “logistics coordinator” role. The “employer” wires him a fake check, asks him to buy gift cards for “vendors,” and keeps the difference. The operators on the other end face federal wire fraud charges and, because Luis’s funds were routed through his bank, potential bank fraud charges under 18 U.S.C. § 1344.
A common misconception is that the victim must lose money for wire fraud to apply. The statute only requires a scheme and a wire communication in furtherance of it, so even attempted fraud is chargeable.
The Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act covers unauthorized access to protected computers. The plain-English rule is that when a scammer tricks you into installing malware through a fake “coding challenge,” both the intrusion and the data theft violate the CFAA. Penalties range from one year for simple access to ten years or more for repeat offenses and damage over $5,000.
The Lazarus Group campaigns documented by Bitdefender fit this pattern. Recruiters send a GitHub link that drops credential-stealing code on the applicant’s laptop, then pivot into the employer’s corporate environment.
A mini-scenario: Priya, a Solidity developer in New York, runs a “coding test” from a LinkedIn recruiter and unknowingly installs a remote access trojan. Her exchange employer loses access tokens, and federal prosecutors pursue CFAA charges against the operators.
A common misconception is that the CFAA only protects corporations. It also protects individuals whose personal computers are “protected computers” under the statute because they connect to the internet.
The Fair Credit Reporting Act
The Fair Credit Reporting Act governs background checks. The plain-English rule is that an employer cannot pull a background report without your written authorization and a standalone disclosure. The consequence of skipping that step is statutory damages of $100 to $1,000 per violation, plus punitive damages and attorneys’ fees.
A mini-scenario: Kevin, a recruiter at a fake “staffing agency,” emails a LinkedIn applicant a single PDF that mixes a job application with buried background-check authorization. Even if the agency were real, that bundled form violates the FCRA’s standalone-disclosure rule and exposes the employer to class-action liability.
A common misconception is that clicking “I agree” on LinkedIn counts as FCRA consent. It does not, because the statute requires a clear and conspicuous, standalone disclosure.
State Law Nuances
State law fills the gaps federal law leaves behind, and the rules vary a lot. Some states now require salary ranges, others ban non-existent postings, and a few create private rights of action for deceived applicants.
California
California’s AB 1104 targeted the “California Political Cyberfraud Abatement Act” framework, but the more relevant statute for job seekers is SB 1162, which took effect January 1, 2023. The plain-English rule is that employers with fifteen or more workers must list a pay scale in every job posting, including LinkedIn. The consequence of omission is a civil penalty of up to $10,000 per violation, enforced by the California Labor Commissioner.
A mini-scenario: Jordan, a product designer in Los Angeles, sees a LinkedIn posting from a 200-employee SaaS firm with no salary range. Jordan files a complaint with the California Labor Commissioner’s Office, and the employer faces penalties plus a mandatory posting correction.
A common misconception is that remote postings from out-of-state companies are exempt. They are not, because if the role can be performed in California, SB 1162 applies.
New York
New York’s Pay Transparency Law took effect September 17, 2023. The plain-English rule is that any employer with four or more employees must include a good-faith salary range and job description on every internal and external listing that “can or will be performed” in New York. The consequence is up to $3,000 per subsequent violation under New York Labor Law § 194-b.
Samira, a marketing director in Brooklyn, spots a LinkedIn posting with “competitive pay” but no numbers. She reports the listing to the New York Department of Labor, and the employer is required to amend the posting or face fines.
A common misconception is that “competitive” or “DOE” (depends on experience) satisfies the law. Neither phrase meets the good-faith range requirement.
Washington, Colorado, and Illinois
Washington’s SB 5761 took effect January 1, 2023. The plain-English rule is that employers with fifteen or more employees must include wage scale, benefits, and other compensation in every posting. The consequence under Washington Equal Pay and Opportunities Act can include actual damages, statutory damages of $5,000 per violation, and attorneys’ fees, as clarified in the Branson v. Washington Fine Wines & Spirits class action.
Colorado’s Equal Pay for Equal Work Act and Illinois’s Equal Pay Act amendments in HB 3129 bring similar transparency rules. Consequences range from $250 for a first offense in Colorado to $10,000 per posting in Illinois for repeat violations.
A mini-scenario: Chen, a software engineer in Seattle, finds a LinkedIn listing missing the wage scale. Chen files with the Washington Department of Labor & Industries, triggering an employer-wide audit.
A common misconception is that adding a salary range at the bottom of an email after an application satisfies these laws. It does not, because the disclosure must appear in the posting itself.
Three Scenarios That Play Out Every Day
Each of the scenarios below shows a common LinkedIn trap and the real legal or practical consequence. Use these to pattern-match what you see in your own feed.
| Job Seeker Action | Legal or Practical Consequence |
|---|---|
| Apply to a “remote assistant” role that asks for your SSN and bank details in the first message | High risk of identity theft under 18 U.S.C. § 1028 and immediate loss of funds through check-washing schemes |
| Send a resume to a recruiter with a two-week-old LinkedIn account and no mutual connections | Likely phishing attempt tied to the Lazarus Group playbook, leading to malware on your device |
| Reapply to the same “urgent” listing every month for six months | Wasted effort on a ghost job; possible FTC or state AG enforcement if the employer advertised falsely |
| Employer Action | Legal or Practical Consequence |
|---|---|
| Post a California role with no pay range | Civil penalty up to $10,000 per violation under SB 1162 |
| Keep an “active hiring” post live for a frozen req | Potential unfair-and-deceptive-practice claim under FTC Act § 5 |
| Run a background check with a bundled consent form | Class-action exposure under the FCRA with $100–$1,000 per applicant in statutory damages |
| Platform Action | Legal or Practical Consequence |
|---|---|
| Allow repeat reposts of a filled role | Breach of LinkedIn Jobs Terms and possible state consumer-protection claims |
| Fail to remove a flagged phishing post within 24 hours | Reputational damage and pressure from the FTC’s Safeguards Rule guidance |
| Offer a “verified” badge to unvetted recruiters | Class-action risk under state UDAP statutes for misleading trust signals |
Red Flags That Reveal a Fake Posting
The fastest way to stay safe is pattern recognition. Certain features keep showing up across the fake listings that the FBI IC3 2024 report and Federal Trade Commission scam alerts describe.
Recruiter Profile Red Flags
A recruiter profile that was created in the last 30 days, has fewer than 50 connections, and uses a stock-photo headshot is a classic warning sign. The plain-English rule is that real recruiters have long histories, mutual connections, and activity that predates the message to you. The consequence of ignoring this flag is often malware or credential theft.
A mini-scenario: Hannah, a UX designer in Denver, gets a message from “Mark at Acme Crypto.” His profile is three weeks old and his only post is the job ad. Hannah runs a reverse-image search and discovers the photo belongs to a model in Poland.
A common misconception is that stolen photos prove nothing on their own. They do not prove the job is fake, but combined with a new account and no mutuals, they satisfy the FTC’s “totality of the circumstances” test for deception.
Posting Content Red Flags
Postings that list vague duties, promise “$10,000 a week from home,” or ask for your Social Security number before an interview are almost always scams. The plain-English rule is that legitimate employers run background checks after an offer, not before a screening call. The consequence of sharing your SSN early is identity theft and years of cleanup under the Identity Theft and Assumption Deterrence Act.
Omar, a recent grad in Miami, gives his SSN to a “logistics recruiter” and loses access to his bank account within 72 hours. He spends nine months repairing his credit through the FTC’s IdentityTheft.gov recovery plan.
A common misconception is that only older adults fall for these. IC3 data shows the fastest-growing victim group in employment scams is ages 20 to 39.
Payment and Equipment Red Flags
Any posting that asks you to buy your own equipment, pay a “training fee,” or cash a check and wire part of it back is a scam. The plain-English rule is that U.S. Department of Labor guidance prohibits pay-to-work schemes for non-exempt workers, and federal banking rules make check-washing a crime under 18 U.S.C. § 513.
A mini-scenario: Grace, a bookkeeper in Atlanta, cashes a $4,800 “equipment check” and wires $3,600 to a “vendor.” The check bounces, her bank claws back the deposit, and Grace is out $3,600 personally.
A common misconception is that the bank will reimburse her because she was tricked. It often does not, because she authorized the wire.
Mistakes to Avoid
Small mistakes create big problems when fake postings are in the mix. The list below covers the errors the Better Business Bureau and the FBI see most often.
- Sharing your Social Security number before a signed offer, which opens the door to identity theft
- Paying for “mandatory training,” which violates the Fair Labor Standards Act for non-exempt roles
- Clicking a “coding challenge” zip file from an unverified recruiter, which can trigger CFAA-scale intrusions
- Ignoring the “posted 30+ days ago” signal, which the Congressional Research Service links to ghost-job status
- Trusting a Gmail or Outlook address that claims to be corporate HR, which the FTC flags as a top scam indicator
- Skipping a reverse-image search on the recruiter’s headshot, which often surfaces stolen photos
- Accepting a check from a new “employer” before any interview, which is the most common money-mule setup
- Failing to report the scam to the FBI IC3 portal and the FTC, which starves investigators of data
- Applying through a shortened URL instead of the company’s own careers page, which can route you to phishing sites
- Failing to enable LinkedIn two-factor authentication, which makes your own profile easy to clone
Do’s and Don’ts for Job Seekers
The rules below come directly from FTC consumer guidance and state AG advisories, and each one has a short explanation of why it matters.
- Do verify the recruiter on the company’s official careers page, because corporate HR will always confirm employment
- Do save screenshots of every suspicious posting, because investigators need the original post and URL
- Do report scams to reportfraud.ftc.gov and ic3.gov, because federal cases depend on complaint volume
- Do use a dedicated job-search email, because it limits blast-radius if the account is phished
- Do run your own identity freeze at the three major credit bureaus, because a freeze blocks new-account fraud
- Don’t share banking details before a W-4 is on file, because banking info belongs only to onboarding systems
- Don’t click recruiter-sent files, because malware loaders often hide inside PDF and zip attachments
- Don’t accept “equipment checks” at any stage, because those are the signature of money-mule schemes
- Don’t rely solely on LinkedIn’s verification badge, because it covers companies, not individual recruiters
- Don’t delay reporting, because FBI IC3 recovery efforts have short windows to claw back wires
Pros and Cons of Using LinkedIn for Job Search
LinkedIn remains the largest professional network in the world, and most recruiting still happens there. The trade-offs below will help you calibrate.
- Pro: The scale of listings is unmatched, which gives you broad exposure to real openings
- Pro: InMail and connection data help you verify recruiters by mutual relationships
- Pro: LinkedIn’s Job Scam help center offers a one-click report tool
- Pro: Pay-transparency laws are easier to enforce on a written platform than on a phone call
- Pro: LinkedIn Learning certifications give you measurable skill signals recruiters use
- Con: Ghost jobs are widespread, with ResumeUp.AI reporting 27.4% of listings are fake
- Con: Verified badges can be misleading, because recruiter accounts can still impersonate real firms
- Con: Easy Apply floods recruiters and buries your resume in noise
- Con: Scammers like the Lazarus Group exploit the platform directly
- Con: Your data becomes training fuel for AI tools that may recycle your profile into synthetic postings
How to Report a Fake LinkedIn Job
Reporting works only if you do it quickly and in the right order. The steps below reflect the sequence federal investigators and LinkedIn Trust & Safety recommend.
Step 1: Report on LinkedIn
Open the job posting, click the three-dot menu, and choose “Report this job.” The plain-English rule is that LinkedIn reviews flagged posts within 24 to 72 hours under its Professional Community Policies. The consequence of not reporting is that the post stays live and traps more applicants.
A mini-scenario: Tanya, an HR leader in Dallas, spots a competitor’s logo on a fake listing and reports it. LinkedIn removes the post in 18 hours and suspends the recruiter account.
A common misconception is that reporting is anonymous. LinkedIn does protect reporter identity from the listing owner, but federal subpoenas can unmask reporters in criminal cases, which is why you should keep a personal record.
Step 2: File With the FTC
Go to reportfraud.ftc.gov and file a complaint. The plain-English rule is that FTC filings feed the Consumer Sentinel Network, which state AGs and the FBI query daily. The consequence of skipping this step is that the scam becomes invisible to enforcement.
Brian, a logistics manager in Phoenix, files an FTC report after losing $900 to a fake recruiter. His complaint joins a cluster that Arizona’s AG uses to open a multi-state investigation.
A common misconception is that the FTC only acts on big cases. Small complaints still build the pattern evidence that larger cases need.
Step 3: File With the FBI IC3
Visit ic3.gov and submit the details, including any wire transfers, email addresses, and LinkedIn URLs. The plain-English rule is that IC3 is the FBI’s front door for internet-enabled crime, and rapid filing can enable a Financial Fraud Kill Chain recall on wires over $50,000.
Elena, a remote accountant in Portland, files within 24 hours of a $78,000 wire and recovers her funds through the FBI’s Kill Chain program. The consequence of delay is that after 72 hours, most wires are unrecoverable.
A common misconception is that IC3 only investigates losses over a certain dollar amount. There is no floor, and small-dollar reports are critical intelligence.
Key Entities You Need to Know
A handful of organizations drive the LinkedIn-jobs landscape, and knowing each one’s role saves you time.
- LinkedIn Corporation: operates the platform and enforces job-posting standards
- Federal Trade Commission: regulates deceptive advertising, including job postings, under Section 5
- Federal Bureau of Investigation IC3: accepts internet-enabled crime complaints, including employment scams
- U.S. Department of Labor: enforces wage-and-hour law, including unpaid “training” traps
- Equal Employment Opportunity Commission: handles discrimination claims even in fake-job contexts
- State Attorneys General offices: enforce state UDAP and pay-transparency statutes
- Society for Human Resource Management: publishes hiring-practice data used in enforcement cases
- Congressional Research Service: authored the 2024 ghost-jobs report cited by federal lawmakers
Recent Rulings and Regulatory Actions
Courts and regulators have moved quickly on fake and deceptive postings in the last two years. The cases below show the direction the law is heading.
hiQ Labs v. LinkedIn
The hiQ Labs v. LinkedIn litigation ran from 2017 through 2022 and centered on scraping public LinkedIn data. The plain-English rule from the Ninth Circuit is that scraping publicly available data is not a CFAA violation, which affects how platforms police fake-job automation. The consequence is that LinkedIn must use contract, not computer-crime law, to chase bot-driven ghost listings.
A mini-scenario: Naomi, a security researcher in Boston, builds a ghost-job detector that pulls from public LinkedIn pages. Under hiQ, her tool is lawful, and LinkedIn’s only lever is a terms-of-service claim.
A common misconception is that hiQ blesses all scraping. It does not, because the Supreme Court vacated and remanded for reconsideration, leaving contract law as the live weapon.
FTC v. Career Education Corp
In FTC v. Career Education Corp, the FTC obtained a $30 million settlement over deceptive career-outcome claims. The plain-English rule is that regulators will treat false hiring or placement claims as “material” under Section 5, which is the same standard that applies to ghost postings. The consequence for employers is that outcome data in job ads must be substantiated or removed.
A mini-scenario: Marcus, a training firm founder, advertises “95% placement within 30 days” without data. Under the Career Education framework, the FTC can demand substantiation or open a case.
A common misconception is that outcome claims are “puffery” and immune from enforcement. They are not once they include specific numbers.
State AG Pay-Transparency Enforcement
In 2024 and 2025, the Washington Attorney General and the New York Attorney General opened investigations into employers that posted without required salary ranges. The plain-English rule is that state AGs can sue under their UDAP statutes, seek restitution, and require posting corrections.
A mini-scenario: Priscilla, a recruiter in Seattle, removes salary ranges from LinkedIn to “reduce competitor intel.” Her employer faces an AG subpoena and a settlement requiring $100,000 in civil penalties.
A common misconception is that individual recruiters are off the hook. Some state settlements have named hiring managers personally when they authorized the omissions.
FAQs
Are most LinkedIn jobs fake?
No. Most postings are real, but 27.4% of U.S. LinkedIn listings are likely ghost jobs, and a smaller share are outright scams, so scrutiny still matters.
Is posting a ghost job illegal?
No. Ghost posting itself is not a federal crime, but advertising “urgent hiring” for a frozen role can violate Section 5 of the FTC Act and state deceptive-trade laws.
Can I sue an employer for a fake posting?
Yes. Some states allow private actions under pay-transparency laws like Washington’s Equal Pay and Opportunities Act, and you may have a consumer-protection claim depending on the facts.
Should I share my Social Security number on LinkedIn?
No. No legitimate employer needs your SSN before a signed offer, and sharing it exposes you to identity theft under the Identity Theft Deterrence Act.
Does LinkedIn verify every job posting?
No. LinkedIn verifies some companies, not every job post, which is how Lazarus-style scams slip through.
Can I get my money back after a LinkedIn scam?
Yes. You may recover funds if you file with the FBI IC3 within 72 hours, which can trigger the Financial Fraud Kill Chain for wires over $50,000.
Is it legal for a California employer to skip the salary range?
No. California SB 1162 requires pay scales for covered employers and allows penalties up to $10,000 per violation.
Do ghost jobs affect unemployment data?
Yes. The Congressional Research Service warns that ghost postings distort the openings-to-hire ratio used by policymakers.
Should I report every suspicious posting?
Yes. Reports feed the FTC Consumer Sentinel Network, which state AGs and the FBI use to open cases.
Can I be charged with a crime if a “job” has me cash checks?
Yes. You can face money-mule charges under 18 U.S.C. § 1956 even if you believed the job was real, so stop immediately and report it.
Are AI-generated recruiter profiles illegal?
Yes. When used to deceive, AI recruiter profiles violate the FTC Act and can trigger state deepfake and impersonation statutes.
What should employers do to stay compliant?
Yes, employers must audit every posting for accuracy, salary ranges under state law, and standalone FCRA disclosures before background checks.