I almost halted account creation when the form asked for my alma mater, certain that I would be declined if I left the field blank. But I clicked next, and with that, my fake website had an official Handshake account.
It was only a month ago that I found out my internship was a scam — a clickbait site that had slipped through the cracks of the vetting system of Handshake, the university-recommended job search website. After being fooled by a seemingly legitimate posting, I wondered how simple it was to surpass university background checks and create a fake internship of my own.
I already had a parody website run through GoDaddy that I decided could easily serve as my Handshake “business.” Before beginning the Handshake account creation process, the only thing I’d altered on the site was the addition of a “Careers” page that featured two (fake) internship opportunities, a writing intern and a social media intern. The GoDaddy account already included an email linked to the site, a phone number run through the GoDaddy app and a fairly convincing logo.
These features carried me through the preliminary application process. But before creating “job opportunities,” the university had to approve my account for their personal Handshake system.
Within one hour of my application request, I received an alert that the university had reviewed my profile and accepted my request to recruit from their pool of students.
I never received a call or email verifying the accuracy of my information.
With this approval, I created a vague job posting for a social media intern, who would “be responsible for maintaining an active and engaging social media presence.”
In recruiting, I could select which documents I would like to receive from applicants, including resumes, cover letters, transcripts and “other documents,” documents that could, if I deemed necessary, require the disclosure of more personal information.
It was then up to the university to approve my job listing. Yet, just nine minutes later, the “Employer Relations Team” permitted me to begin accepting applications.
I logged into my personal Handshake account to ensure the opportunity was listed, and there it sat, requesting interns for a company of just “one to 10 employees” who “have a lot of opinions.”
Nervous that I would actually begin receiving personal information from unsuspecting students placing their trust in a university-approved site, I terminated the opportunity a half hour later.
Although both Handshake and the university claim to offer their own vetting processes for employers and job listings, each check failed, and I could begin scamming students in under two hours.
So diligence in job applications truly lies in the hands of the students, as university safeguards failed and the Career Services Center performed less-than-basic security checks.
Still, my website remains unflagged, without follow-up calls or emails.