TL;DR:
- UK’s national cybercrime service Report Fraud received more than twice as many recruitment-scam reports in 2024 as in 2022; Lloyds Banking Group logged a 237% rise in job scams from January to August last year.
- Monzo says more than 10,000 of its customers fell victim to recruitment scams in 2025, with AI tooling cited by JobsAware, the Cyber Helpline and Which? as the main driver of increased sophistication.
- The attacks combine LinkedIn profile-cloning, CV-derived personalisation and premium-rate phone interviews, with UK unemployment at a five-year high giving scammers a larger target pool.
The Guardian piece — a first-person account from a reporter who was targeted during maternity leave — captures the shift cleanly: recruitment fraud is no longer detectable by poor grammar or generic templates. AI has closed the quality gap. For UK employers, recruiters and jobseekers, this matters commercially as well as personally: cloned recruiter profiles damage legitimate agency trust, and UK HR functions are fielding more queries about whether outreach is genuine.
How the scams have evolved
The reporter’s scam template is typical: an unsolicited email from a “headhunter” whose LinkedIn profile matches, with role details apparently tailored to the recipient’s exact CV and salary expectations. The monetisation point is a referral to a “CV specialist” who would charge fees. Other variants target young UK jobseekers with task-based WhatsApp approaches (liking TikTok videos for cash), or involve payment requests for fake DBS checks and visa costs. Premium-rate interview phone lines are a newer UK-specific variant.
Why the UK is a particular target
Four factors combine. The UK’s unemployment rate is at a five-year high, producing more targets. Many UK jobseekers use LinkedIn, where cloned recruiter profiles proliferate. Generative-AI tools have sharply reduced the cost of producing convincing tailored outreach. And UK enforcement rates remain low — as JobsAware chair Keith Rosser puts it, attackers have “a reasonable chance of success and a very low chance of being caught.” Which? and the Cyber Helpline both note that the mental health impact on victims exceeds the financial loss.
Looking forward
The practical defensive shift for UK jobseekers is twofold: treat unsolicited approaches as high-suspicion by default, and verify via second channels (Companies House lookups, direct contact with the named employer, confirmed recruiter credentials). For UK employers and recruitment platforms, Rosser’s call for a “more robust, standardised system for checking the validity of job adverts” lines up with ongoing DSIT and DWP discussions on job-advert fraud controls. Whether that turns into mandated platform standards — similar to what the Online Safety Act has started to apply to hosted content — is the open regulatory question.