Back in May 2015, the US Office of Personnel Management — the agency in charge of coordinating the recruitment of federal employees — quietly discontinued a mobile app meant to make it easier to find and apply for government jobs. The app, which was designed as an extension of the official USAJOBS.gov online job search site, had previously been touted as evidence of the Obama administration’s push to adopt a path-breaking digital government strategy.
The app no longer exists. The system was taken offline, a spokesperson for OPM told FedScoop, after a redesign of the regular USA JOBS website incorporated a new, mobile-first design. Today, a page that used to focus on mobile apps like the USA JOBS app redirects to the USAJOBS.gov help center, while a link to usa.gov site touting the system now displays a “Page Not Found” notice. The OPM spokesperson did not say how many used the original app before it was shut down.
But a fake with a similar name eventually appeared in its place. A “USA JOBS” app was downloaded more than 50,000 times on the Google Play Store, where it had a 2-star rating. The app, which was most recently updated in June, attracted a slew of reviews complaining about it being “misleading,” as well as its advertisements, broken links, and “fake jobs.” Many users complained that the app isn’t associated with the actual USA Jobs website and that their credentials for the actual USAJOBS.gov platform didn’t work.
Google ultimately took down the app after it was flagged by FedScoop. The system, said company spokesperson Dan Jackson, violated the Play Store’s rules about misleading claims, which specifically ban apps that falsely claim affiliation with a government entity. Still, the existence of this and other fake apps also highlights that government agencies aren’t always tracking down platforms and websites impersonating their services.
“The official government website for Federal job seekers is https://USAJOBS.gov,” the OPM spokesperson told FedScoop. “Job seekers are encouraged to use the USAJOBS site to search for Federal opportunities. They may also create a USAJOBS profile, create or upload a resume, make their resume searchable by Federal recruiters, and apply for positions.”
Researchers at Stairwell, a cybersecurity firm, didn’t find any overt malicious behavior and noted that the app’s primary purpose seemed to be pulling information that’s freely available on the internet and incorporating a “tremendous amount of advertising.” The app didn’t directly claim to be affiliated with the US government, but took intentional advantage of search terms — they called it “scam-ish.”
“They might make thousands of dollars or tens of thousands of dollars just getting people to go off as keywords,” Eric Foster, a vice president at Stairwell, told FedScoop. “Lot of times we find that the government both isn’t great at branding, and then they aren’t great at protecting their brand the same way a lot of the corporations are.”
The researchers said that there’s evidence, based on their analysis of the app, that the developer was in Zambia. FedScoop reached out to the email address listed for the developer, but did not hear back by the time of publication.
Ads like the ones on the USA JOBS app could be a potential vector for malicious activity, the Stairwell researchers noted. The app could also collect personal information, both because it requires that users provide personal information to sign up for an account on the app, and because people may use their actual USAJOBS.gov login credentials when trying to log into the app.
“In reviews, people were saying they uploaded their resumes. So if you’re uploading your resume, that’s going to include contact information and your work history. That’s not something you would want to give away to just anyone,” Chris St. Meyers, Stairwell’s head of threat research, told FedScoop. “They’re not necessarily malicious intentions, but they’re not good. I don’t know what they’re doing with that information they collect.”
Similar, but more obviously malicious, sites are an ongoing challenge for the government. The Securities and Exchange Commission warned people on government employee retirement plans that they might be targeted by fraudsters back in 2017. Earlier this year, the United States Postal Service flagged to employees that cyber criminals were attempting to steal their information by creating fake sites. This issue has been an ongoing challenge for employees, according to unions representing these workers.