HR Video Call Recruitment Scam Asking for Identification

I. Introduction

Recruitment has moved heavily online. Employers, recruiters, business process outsourcing companies, agencies, and headhunters commonly use video calls, messaging apps, job portals, online forms, and email to screen applicants. This has created opportunities for scammers to impersonate human resources personnel and conduct fake recruitment interviews.

One common scheme is the HR video call recruitment scam asking for identification. In this scam, a person pretending to be an HR officer, recruiter, hiring manager, or onboarding specialist contacts an applicant and asks for a video interview. During or after the call, the scammer requests government IDs, selfies, screenshots of IDs, biometric verification, bank details, e-wallet information, tax identification details, Social Security System information, PhilHealth information, Pag-IBIG details, specimen signatures, or other personal data.

The scam may appear professional. The fraudster may use the name of a legitimate company, a real employee’s photo, a copied email signature, a fake company email, a fake job portal account, a convincing Zoom or Google Meet link, and a scripted interview. The objective is usually identity theft, unauthorized account opening, loan fraud, SIM registration abuse, e-wallet takeover, bank fraud, money mule recruitment, fake employment fee collection, or harvesting personal data for later scams.

In the Philippine context, this problem involves several areas of law: data privacy, cybercrime, identity theft, fraud, labor recruitment regulation, access device fraud, banking and e-wallet consumer protection, and civil liability.

II. What Is an HR Video Call Recruitment Scam Asking for Identification?

An HR video call recruitment scam asking for identification is a fraudulent recruitment interaction where the scammer impersonates an employer, recruiter, HR officer, or agency representative and asks an applicant to submit identification documents or sensitive personal information under the pretense of job screening, onboarding, payroll setup, background checking, or employment verification.

The scam may occur through:

  1. Facebook, Messenger, Telegram, WhatsApp, Viber, Instagram, TikTok, LinkedIn, or job boards;
  2. Fake company email addresses;
  3. Spoofed or lookalike domains;
  4. Video conferencing platforms;
  5. Online forms pretending to be HR portals;
  6. Fake background-checking platforms;
  7. Fake payroll enrollment links;
  8. Fake training or onboarding portals;
  9. Fake recruitment agencies;
  10. Real job postings copied and reposted by scammers.

The defining feature is that the applicant is asked to provide identification or sensitive data before the legitimacy of the recruiter and the job opportunity has been verified.

III. Why Scammers Ask for Identification During Recruitment

Scammers ask for IDs because identity documents are valuable. A government ID, selfie, and personal details can be used for many unlawful purposes.

Possible uses include:

  1. Opening e-wallet or bank accounts under the victim’s name;
  2. Applying for online loans;
  3. Registering SIM cards;
  4. Passing know-your-customer verification;
  5. Creating fake employment records;
  6. Accessing existing financial accounts;
  7. Social engineering banks, telecoms, and payment platforms;
  8. Committing fraud against third parties;
  9. Creating mule accounts;
  10. Selling identity data to other scammers;
  11. Blackmail, harassment, or reputational attacks;
  12. Making fake IDs or altered documents;
  13. Circumventing platform verification;
  14. Creating fake job applicant databases;
  15. Using the victim as a front for money laundering or scam operations.

An applicant may believe the request is normal because employers do require identification at some point. The legal issue is timing, purpose, proportionality, legitimacy, and security.

IV. Common Red Flags

A recruitment interaction may be suspicious if it involves any of the following:

  1. The recruiter uses a free email account instead of a verifiable company domain;
  2. The recruiter refuses to provide a company landline, official email, or corporate website confirmation;
  3. The job offer is too good to be true;
  4. The applicant is hired without meaningful assessment;
  5. The recruiter urgently asks for IDs before a formal offer;
  6. The recruiter asks for a live selfie while holding an ID;
  7. The recruiter asks the applicant to share an OTP;
  8. The recruiter asks the applicant to open an e-wallet or bank account;
  9. The recruiter asks the applicant to receive or transfer money;
  10. The recruiter asks for a processing fee, training fee, uniform fee, medical fee, equipment fee, or reservation fee;
  11. The interview is done through a personal account, not an official company account;
  12. The job description is vague;
  13. The recruiter avoids answering basic questions about the company;
  14. The company name is misspelled or uses a lookalike domain;
  15. The recruiter asks for screenshots of online banking, e-wallets, or SIM registration details;
  16. The recruiter asks the applicant to install remote access software;
  17. The applicant is asked to keep the hiring process confidential;
  18. The recruiter uses pressure, urgency, or threats of losing the slot;
  19. The recruiter claims the ID is needed for “pre-validation” without a privacy notice;
  20. The applicant cannot verify the recruiter through official company channels.

V. Is It Legal for Employers to Ask Applicants for Identification?

Yes, legitimate employers may ask applicants for identification, but not without limits.

In the Philippines, employers may process applicant personal data for legitimate recruitment, screening, verification, employment compliance, payroll, taxes, benefits, and security purposes. However, this must be done in accordance with data privacy law and fair labor practices.

A legitimate request for identification should generally satisfy the following principles:

  1. Legitimate purpose – The employer must have a valid reason for collecting the ID.
  2. Transparency – The applicant should know who is collecting the data, why, how it will be used, how long it will be kept, and who will receive it.
  3. Proportionality – The employer should collect only what is necessary.
  4. Security – The employer must protect the data against unauthorized access, misuse, disclosure, or breach.
  5. Consent or lawful basis – The processing must have a legal basis.
  6. Accountability – The employer must be able to show compliance with data protection obligations.

A request may become suspicious or unlawful if the recruiter asks for excessive information, refuses to give a privacy notice, uses unofficial channels, cannot be verified, or collects sensitive data before there is a reasonable need.

VI. Proper Timing of ID Collection in Recruitment

Employers may need identification at different stages, but excessive early collection is risky.

A. Early Application Stage

At the initial application stage, a resume, contact details, work history, education, portfolio, and basic qualifications are usually enough. A full government ID is often unnecessary at this stage unless the role has special legal or security requirements.

B. Interview Stage

For video interviews, an employer may reasonably verify that the person interviewed is the applicant. However, this does not always require sending full ID copies. A less intrusive method may be sufficient, such as confirming details already in the application, using the job portal’s verified account, or asking the applicant to present an ID briefly without capturing or storing a copy.

C. Background Check Stage

After an applicant is shortlisted or conditionally selected, an employer may request identification for background checks. The employer should provide a privacy notice and obtain proper authorization where needed.

D. Job Offer or Pre-Employment Stage

After a job offer, employers commonly request government IDs and employment documents for payroll, tax, benefits, and employment records. This stage is more appropriate for collection of documents such as TIN, SSS, PhilHealth, Pag-IBIG, valid ID, and bank payroll details.

E. Onboarding Stage

During onboarding, collection of government IDs and statutory employment information is normal, provided the employer is legitimate and the data is collected through secure official channels.

VII. Data Privacy Act Considerations

The Data Privacy Act of 2012 is central to this issue. Identification documents contain personal information and often sensitive personal information. Government IDs, birth dates, addresses, signatures, photographs, and identification numbers can expose the applicant to serious risk if misused.

A. Personal Information and Sensitive Personal Information

An ID may contain personal information such as name, address, date of birth, photograph, and contact details. It may also contain sensitive personal information such as government-issued numbers, health-related information, marital status, or other legally protected data depending on the document.

Because of this, employers and recruiters must handle IDs carefully.

B. Consent Is Not Always Enough

Some recruiters believe that if the applicant sends an ID voluntarily, the recruiter is safe. That is wrong. Consent must be informed, specific, and freely given. The collector must still comply with lawful processing, proportionality, security, and accountability.

A scammer has no lawful basis because the stated purpose is false. A legitimate employer still needs to explain the purpose and safeguard the data.

C. Privacy Notice

A legitimate recruiter asking for ID should be able to provide a privacy notice explaining:

  1. The identity of the employer or recruitment agency;
  2. The purpose of collection;
  3. The types of data collected;
  4. The legal basis for processing;
  5. The recipients of the data;
  6. Data retention period;
  7. Applicant rights;
  8. Contact details of the data protection officer or privacy contact;
  9. Security measures or submission channel;
  10. Whether data will be shared with background-checking providers.

Absence of a privacy notice is a major red flag.

D. Proportionality and Data Minimization

The employer should not collect more information than needed. For example, if the recruiter only needs to confirm identity during an interview, it may be excessive to require front-and-back copies of multiple government IDs, a selfie holding the ID, specimen signatures, and bank account information before a job offer.

E. Security of Submission

Sending IDs through ordinary chat apps may be risky. A legitimate employer should provide secure submission methods, such as an official HR portal, encrypted email, secure applicant tracking system, or controlled document upload link.

F. Rights of the Applicant

An applicant has rights over personal data, including the right to be informed, object, access, correct, and seek remedies for misuse. The applicant may ask the recruiter what data is collected, why it is needed, who will access it, and how long it will be retained.

VIII. Cybercrime and Identity Theft

A fake recruiter who obtains IDs through deception may commit cybercrime and identity-related offenses. Depending on the facts, possible offenses include:

  1. Computer-related fraud;
  2. Identity theft;
  3. Illegal access, if accounts are accessed;
  4. Misuse of devices;
  5. Phishing-related conduct;
  6. Estafa or fraud;
  7. Falsification;
  8. Use of false names;
  9. Unlawful processing of personal data;
  10. Access device fraud if bank cards, e-wallets, or payment credentials are involved.

If the scam occurs online, the Cybercrime Prevention Act may apply, particularly where the internet or computer systems were used to commit fraud or identity theft.

IX. Estafa and Fraud

A fake recruitment scheme may constitute estafa if the scammer uses deceit to obtain money, property, services, or valuable information. While traditional estafa often involves money or property, modern scams frequently involve personal data as a tool to obtain money later.

Examples include:

  1. Asking for a recruitment processing fee;
  2. Asking for payment for training materials or equipment;
  3. Asking for a refundable reservation deposit;
  4. Asking the victim to pay for a medical exam at a fake clinic;
  5. Using the victim’s ID to obtain loans;
  6. Using the victim’s identity to deceive third parties.

Where money was taken, fraud claims become stronger. Where only IDs were taken, the matter may still be serious due to identity theft and data privacy violations.

X. Illegal Recruitment Issues

If the scammer represents that they can provide employment, especially overseas employment, illegal recruitment laws may be relevant.

A person or entity engaging in recruitment and placement activities without authority may be liable for illegal recruitment. The risk is higher when the supposed job involves overseas deployment, placement fees, fake agencies, or promised work abroad.

Warning signs of illegal recruitment include:

  1. No valid license or authority;
  2. Demand for placement fees before proper documentation;
  3. Promise of immediate overseas work;
  4. No verified employer or job order;
  5. Use of private residences, cafes, or chat groups for processing;
  6. Refusal to issue official receipts;
  7. Collection of passports, IDs, and certificates without legitimate basis.

Applicants should be especially careful when the recruiter asks for passport copies, birth certificates, police clearances, NBI clearances, or payments for overseas jobs.

XI. Access Device, Bank, and E-Wallet Risks

A fake recruiter may ask for identification as part of a scheme involving bank or e-wallet accounts.

Common scenarios include:

  1. The applicant is asked to open an e-wallet account for salary;
  2. The applicant is asked to verify an account using their ID;
  3. The applicant is asked to send a selfie for “payroll activation”;
  4. The applicant is asked for bank account screenshots;
  5. The applicant is asked to receive funds as part of “training”;
  6. The applicant is asked to cash out or transfer money;
  7. The applicant is asked for card details or OTPs.

These schemes may expose the applicant to accusations of being a money mule. Even if the applicant believed it was a job task, receiving and transferring suspicious funds can create legal risk.

A legitimate employer does not need an applicant to receive unknown third-party funds in a personal account as part of recruitment.

XII. SIM Registration and Telecom Risks

Government IDs are often used to register SIM cards. A scammer who obtains the applicant’s ID and selfie may attempt to register SIMs under the victim’s name. These SIMs can then be used for scams, harassment, phishing, or fraud.

If a victim suspects that their ID has been used for SIM registration, they should contact the telecom provider and ask about reporting mechanisms for unauthorized SIM registration or misuse.

XIII. Online Loan App Risks

One of the most serious risks is fraudulent borrowing. A scammer may use the victim’s ID, selfie, phone number, and contact list access to apply for online loans. Victims may later receive collection calls, threats, or harassment for loans they did not take.

Victims should document all communications and dispute any unauthorized loan immediately with the lending company, app provider, payment channel, and regulators where appropriate.

XIV. Deepfake, Face Capture, and Biometric Risks

During a video call, scammers may record the applicant’s face, voice, and gestures. They may ask the applicant to:

  1. Look left and right;
  2. Smile;
  3. Blink;
  4. Read a script;
  5. Hold an ID beside the face;
  6. Say their full name and birth date;
  7. Confirm consent statements;
  8. Show the front and back of an ID.

These actions can be used to defeat liveness checks, create synthetic media, or falsely show that the applicant consented to account opening, loans, or transactions.

Applicants should be cautious about performing identity verification movements or reading consent scripts unless they are certain they are dealing with a legitimate institution.

XV. Is Showing an ID on Video Safer Than Sending a Copy?

Showing an ID on video may be less risky than sending a copy, but it is not risk-free. The call can be recorded or screenshotted. High-resolution video may capture the ID number, address, signature, and photograph.

Safer practices include:

  1. Covering nonessential details;
  2. Showing only the name and photo if necessary;
  3. Not showing the ID number unless required;
  4. Refusing screenshots or recordings;
  5. Asking for the legal basis and privacy notice;
  6. Verifying the recruiter first;
  7. Using official company channels.

For legitimate recruitment, full ID submission is usually better handled after verification through a secure official channel.

XVI. What Applicants Should Do Before Sending Identification

Before sending any ID, the applicant should verify the recruiter.

A. Verify the Company

Check whether the company actually exists, whether it has an official website, and whether the job opening appears on official channels.

B. Verify the Recruiter

Ask for the recruiter’s full name, corporate email, official contact number, and company profile. Contact the company through its official website or published phone number, not through details provided only by the recruiter.

C. Check the Email Domain

A legitimate company usually uses an official domain. Be cautious of slight misspellings, extra hyphens, unusual extensions, and free email addresses.

D. Ask for a Privacy Notice

A legitimate recruiter should be able to provide a privacy notice or applicant data processing notice.

E. Ask Why the ID Is Needed Now

If the recruiter cannot explain why the ID is needed before a job offer, that is suspicious.

F. Do Not Send OTPs or Passwords

No legitimate recruiter needs OTPs, passwords, PINs, recovery codes, online banking credentials, or e-wallet verification codes.

G. Use Watermarks

If an ID copy must be submitted, consider adding a clear watermark stating the purpose, date, and recipient, such as:

“FOR [COMPANY NAME] JOB APPLICATION ONLY – [DATE]”

The watermark should not cover the face or essential details needed for verification, but it should make reuse more difficult.

H. Redact Nonessential Details

Where acceptable, redact the ID number, address, QR code, barcode, or signature if those details are not needed at that stage.

I. Use Secure Channels

Submit documents only through verified official portals, official company email, or secure upload links.

XVII. What to Do If You Already Sent Your ID to a Fake Recruiter

If an applicant already sent an ID or appeared in a suspicious video call, immediate action is necessary.

Step 1: Preserve Evidence

Save:

  1. Chat messages;
  2. Email headers;
  3. Sender addresses;
  4. Phone numbers;
  5. Usernames and profile links;
  6. Video call links;
  7. Screenshots;
  8. Job posts;
  9. Payment receipts, if any;
  10. Forms submitted;
  11. Files sent;
  12. Dates and times of communication.

Do not delete the conversation.

Step 2: Stop Communication

Do not send more documents, money, OTPs, selfies, videos, or account details. Do not click additional links.

Step 3: Secure Accounts

Change passwords for email, job portal accounts, e-wallets, online banking, and social media. Enable multi-factor authentication.

Step 4: Notify Financial Institutions

If bank, e-wallet, or card information was shared, notify the bank or provider immediately. Request monitoring, blocking, replacement, or additional safeguards if needed.

Step 5: Contact Telecom Provider

If the ID could be used for SIM registration or SIM swap attempts, contact the telecom provider for advice and account security measures.

Step 6: Report to the Real Company

If the scammer impersonated a real company, report the incident to that company’s official HR or fraud reporting channel. This helps the company warn other applicants.

Step 7: Report to Platforms

Report the fake account, job post, group, page, or message thread to the platform or job board.

Step 8: File a Police or Cybercrime Report

Report the incident to appropriate cybercrime authorities, especially if money was lost, accounts were opened, identity was used, or threats occurred.

Step 9: Consider a Data Privacy Complaint

If the scam involved a real recruiter, agency, employer, or platform that mishandled personal data, consider a complaint under data privacy rules.

Step 10: Monitor for Identity Misuse

Watch for:

  1. Unknown loans;
  2. Unknown e-wallet accounts;
  3. Debt collection calls;
  4. SIM registration issues;
  5. Bank alerts;
  6. Unfamiliar credit or financing applications;
  7. Login alerts;
  8. Messages from strangers claiming they were scammed using your identity.

XVIII. Preventive Measures for Applicants

Applicants should adopt a cautious approach to online recruitment.

  1. Apply through official company websites or reputable job portals;
  2. Verify recruiters independently;
  3. Avoid sending IDs before a formal job offer unless clearly justified;
  4. Never pay recruitment fees for ordinary local employment;
  5. Do not send OTPs, PINs, or passwords;
  6. Do not install remote access software;
  7. Do not open bank or e-wallet accounts for a recruiter;
  8. Do not receive or transfer funds for a supposed employer during recruitment;
  9. Use watermarked copies of IDs;
  10. Redact unnecessary information;
  11. Keep a record of all recruitment communications;
  12. Be suspicious of urgency and secrecy;
  13. Confirm interview links through official email;
  14. Do not perform biometric verification for unknown recruiters;
  15. Ask for a privacy notice before submitting documents.

XIX. Responsibilities of Legitimate Employers and Recruiters

Legitimate employers should design recruitment processes that reduce fraud risk and comply with privacy law.

A. Use Official Channels

Recruiters should communicate through official company email addresses, verified job portal accounts, and published contact numbers.

B. Provide Privacy Notices

Applicants should receive clear information about data collection and processing.

C. Limit Early ID Collection

Employers should avoid collecting full IDs too early unless necessary.

D. Use Secure Submission Systems

Documents should be collected through secure applicant tracking systems or controlled channels.

E. Train HR Personnel

HR staff should understand data privacy, phishing risks, and applicant protection.

F. Avoid Unnecessary Sensitive Data

Recruiters should not ask for bank details, government ID numbers, or statutory benefit numbers before there is a legitimate need.

G. Protect Applicant Records

Applicant data should be accessed only by authorized personnel and retained only as long as necessary.

H. Publicly Warn About Impersonation

Companies whose names are used by scammers should post warnings and provide official verification channels.

XX. Liability of a Real Company Whose Name Was Used

If scammers merely impersonate a real company without the company’s involvement, the real company may not be automatically liable. However, liability may arise if:

  1. The scam was committed by an employee or authorized recruiter;
  2. The company failed to supervise its recruitment agents;
  3. The company used insecure recruitment processes;
  4. The company mishandled applicant data;
  5. The company ignored known impersonation risks affecting applicants;
  6. The company benefited from or ratified the conduct;
  7. The scam involved a legitimate outsourced recruitment provider.

A company that becomes aware of impersonation should take reasonable steps to warn applicants, report fake accounts, and strengthen verification channels.

XXI. Liability of Recruitment Agencies

Recruitment agencies may be liable if they collect identification documents without lawful basis, fail to protect applicant data, misrepresent job opportunities, collect unlawful fees, or engage in unauthorized recruitment activities.

Applicants should verify whether an agency is legitimate and authorized, especially for overseas employment.

XXII. Liability of Platforms and Job Portals

Job portals and social media platforms may have reporting mechanisms for fake posts and impersonation. Their liability depends on their role, knowledge, terms, and applicable law.

A platform that merely hosts content may not be automatically liable for every scam post. However, platforms are expected to respond to reports, remove fraudulent listings when appropriate, and maintain reasonable trust and safety systems.

XXIII. Evidence Needed for Complaints

A victim should compile a complete evidence file.

Important evidence includes:

  1. The fake job post;
  2. Link to the job listing;
  3. Recruiter’s profile;
  4. Screenshots of chats;
  5. Emails and email headers;
  6. Phone numbers used;
  7. Video call invitation links;
  8. Names used by the recruiter;
  9. Company name used;
  10. Copies of documents sent;
  11. Forms filled out;
  12. Payment receipts;
  13. Bank or e-wallet transaction records;
  14. Proof of identity misuse;
  15. Police blotter or cybercrime report;
  16. Correspondence with the real company;
  17. Platform reports;
  18. Timeline of events.

The evidence should show who contacted the victim, what was requested, what was sent, whether money was paid, and what harm occurred.

XXIV. Possible Remedies

A victim may pursue different remedies depending on the facts.

A. Platform Takedown

Report fake profiles, job posts, pages, groups, and fraudulent forms.

B. Company Verification and Warning

Notify the real company so it can issue warnings and confirm that the recruiter is not affiliated.

C. Police or Cybercrime Complaint

File a report for fraud, identity theft, illegal access, or cybercrime-related offenses.

D. Data Privacy Complaint

If a real entity mishandled applicant data, file a complaint with the appropriate privacy authority.

E. Labor or Recruitment Complaint

If the matter involves illegal recruitment, especially overseas employment, report to the appropriate labor or migrant worker authorities.

F. Bank or E-Wallet Dispute

If the scam led to unauthorized transactions, account opening, or loan applications, dispute the transactions immediately.

G. Civil Action

Where the wrongdoer is identifiable, civil action may be considered for damages.

H. Criminal Complaint

Where evidence supports fraud, identity theft, illegal recruitment, or related offenses, criminal proceedings may be pursued.

XXV. Special Case: The Recruiter Asks for a Selfie Holding an ID

This is highly sensitive. A selfie holding an ID is often used for identity verification by banks, e-wallets, crypto platforms, lending apps, SIM registration, and online services.

Applicants should not provide this unless:

  1. The employer is fully verified;
  2. There is a legitimate reason;
  3. There is a formal job offer or lawful pre-employment process;
  4. A privacy notice has been provided;
  5. The submission channel is secure;
  6. The applicant understands how the image will be used and retained.

If the request occurs early in recruitment, it should be treated as a serious red flag.

XXVI. Special Case: The Recruiter Asks to Record the Video Call

A recruiter may record interviews for legitimate reasons, such as panel review or compliance, but recording must be disclosed and justified. The applicant should know:

  1. Why the call is recorded;
  2. Who will access the recording;
  3. How long it will be retained;
  4. Whether the applicant may refuse;
  5. Whether the recording includes ID documents;
  6. Whether the recording will be transferred to third parties.

A fake recruiter may record the call to capture the applicant’s face, voice, ID, and consent statements. Applicants should avoid displaying IDs or reading legal consent scripts on recorded calls unless the recruiter is verified.

XXVII. Special Case: The Recruiter Sends a Link for “Identity Verification”

A link may be a phishing page, malware download, fake applicant portal, or credential-harvesting form. Applicants should inspect links carefully and avoid logging in through links sent by unknown recruiters.

Warning signs include:

  1. Misspelled company name;
  2. Unusual domain;
  3. Shortened link;
  4. Request for email password;
  5. Request for banking credentials;
  6. Request for OTP;
  7. Download of unknown app;
  8. Request for camera and microphone permissions without clear reason;
  9. No privacy notice;
  10. No official company branding or verifiable contact.

XXVIII. Special Case: The Recruiter Asks for Bank Details for Payroll

Payroll details are normally collected after hiring, not during an initial interview. A request for bank account information before a formal offer is suspicious.

A legitimate employer generally does not need:

  1. Online banking username;
  2. Online banking password;
  3. OTP;
  4. Card CVV;
  5. ATM PIN;
  6. Full card number for ordinary payroll;
  7. Screenshot of account balance;
  8. Remote access to the applicant’s phone;
  9. E-wallet verification codes.

For payroll, the employer usually needs only the account name, account number, and bank name after employment is confirmed.

XXIX. Special Case: The Recruiter Asks the Applicant to Receive Money

This is a major warning sign. Scammers may pretend that receiving and forwarding money is part of training, payroll testing, equipment purchase, or client payment processing. This may turn the applicant into a money mule.

An applicant should refuse to:

  1. Receive funds from unknown persons;
  2. Transfer money to third parties;
  3. Cash out e-wallet funds;
  4. Buy crypto or gift cards;
  5. Use a personal account for company transactions;
  6. Submit personal account credentials for “testing.”

A legitimate employer should not use an applicant’s personal account to move company or client funds during recruitment.

XXX. Sample Message to Verify a Recruiter

An applicant may send the following:

Subject: Verification of Recruitment Process

Dear [Company/HR Department],

I was contacted by [name/profile/email/phone number] regarding a position for [job title]. The person requested identification documents as part of the recruitment process.

Before submitting any personal data, may I confirm whether this person is an authorized representative of your company and whether this job opening is legitimate?

Please also provide the official privacy notice for applicant data processing and the secure channel for document submission, if required.

Thank you.

Sincerely, [Applicant Name]

XXXI. Sample Incident Report Summary

A victim may prepare the following summary:

Incident Summary

On [date], I was contacted by a person using the name [name] through [platform]. The person claimed to represent [company] and offered/interviewed me for the position of [job title]. A video interview was conducted through [platform/link] on [date/time].

During the call or afterward, the person requested [type of ID/documents/selfie/video/bank details]. I submitted [documents sent]. I later discovered or suspected that the recruiter was not legitimate because [reasons].

I am concerned that my identity documents and personal data may be used for fraud, unauthorized account opening, loan applications, SIM registration, or other unlawful purposes.

Attached are screenshots, emails, links, phone numbers, and copies of relevant communications.

XXXII. Sample Demand to Delete Applicant Data

If dealing with a real recruiter or company, the applicant may write:

Subject: Request for Deletion and Confirmation of Applicant Data

Dear [Company/Recruiter],

I submitted personal information and identification documents in connection with a supposed job application for [position]. I am requesting confirmation of the following:

  1. The identity of the personal information controller or processor;
  2. The purpose and legal basis for collecting my documents;
  3. The persons or entities who accessed or received my data;
  4. The retention period;
  5. The security measures applied;
  6. Whether my data has been deleted or retained.

If there is no lawful basis to retain my data, I request deletion of my personal information and written confirmation that no copies will be further used, shared, or processed.

Sincerely, [Name]

XXXIII. Checklist: Before Sending Any ID to a Recruiter

Before submitting an ID, confirm the following:

  1. The company is real;
  2. The job opening is posted on official channels;
  3. The recruiter uses a verifiable company email;
  4. The recruiter can be confirmed through the company’s official contact details;
  5. The request has a clear purpose;
  6. A privacy notice is provided;
  7. The ID is necessary at this stage;
  8. The submission channel is secure;
  9. Nonessential details are redacted where possible;
  10. The ID copy is watermarked;
  11. No OTPs, passwords, PINs, or banking credentials are requested;
  12. No payment is required;
  13. No request is made to receive or transfer money;
  14. No remote access app is required;
  15. The applicant is comfortable that the process is legitimate.

If any of these checks fail, the applicant should pause and verify before proceeding.

XXXIV. Checklist: After Sending an ID to a Suspicious Recruiter

If an ID was already sent:

  1. Save all evidence;
  2. Stop communicating;
  3. Change passwords;
  4. Enable multi-factor authentication;
  5. Notify banks and e-wallets if financial data was involved;
  6. Monitor accounts;
  7. Report fake profiles and job posts;
  8. Notify the real company being impersonated;
  9. File a cybercrime or police report;
  10. Watch for loans, SIMs, or accounts opened in your name;
  11. Dispute unauthorized transactions immediately;
  12. Consider a data privacy complaint if a real entity mishandled data;
  13. Keep a written timeline;
  14. Do not pay threats or extortion demands;
  15. Seek legal advice if identity misuse occurs.

XXXV. Frequently Asked Questions

1. Is it normal for HR to ask for a valid ID?

It can be normal at certain stages, especially after a job offer or during onboarding. It is suspicious if requested too early, through unofficial channels, without a privacy notice, or with excessive requirements.

2. Is it safe to send a photo of my government ID through chat?

It is risky. Chat accounts can be compromised, and images can be reused. Use official secure channels, watermark the copy, and redact unnecessary details when appropriate.

3. Can a scammer use my ID even without my OTP?

Yes. An ID can be used for identity theft, fake accounts, loan applications, SIM registration, and social engineering.

4. What if I only showed my ID on a video call?

There is still risk if the call was recorded or screenshotted. Monitor for identity misuse and preserve evidence.

5. What if I sent a selfie holding my ID?

That is more serious because it may be used for identity verification. Secure your accounts, report the incident, and monitor for unauthorized loans, e-wallets, SIMs, and financial accounts.

6. Should I report the incident even if no money was lost?

Yes, especially if IDs, selfies, bank details, or other sensitive data were shared. Early reporting creates a record that may help if identity misuse occurs later.

7. Can I ask the company to confirm whether the recruiter is real?

Yes. Contact the company using official contact details from its website or verified pages, not only the contact details given by the recruiter.

8. Can I demand deletion of my data?

If the data was submitted to a real company or recruiter, you may request information, correction, deletion, or objection subject to applicable law. If the recipient is a scammer, deletion demands may not be effective, so reporting and monitoring are more important.

9. Can I be liable if scammers use my ID?

A victim is not automatically liable for a scammer’s acts. However, the victim may need evidence showing identity theft or lack of participation. Prompt reporting helps protect the victim.

10. Is a job offer requiring a processing fee legitimate?

For ordinary employment, requests for upfront fees are a red flag. For overseas work, recruitment fees and agency authority are regulated. Always verify before paying anything.

XXXVI. Practical Legal Analysis

The legality of an HR request for identification depends on the circumstances. A request from a verified employer through official channels, after a legitimate recruitment step, with a privacy notice and secure submission process, may be lawful. A request from an unverified recruiter through chat, before a job offer, asking for multiple IDs, selfies, bank details, or OTPs is highly suspicious.

The main legal concerns are:

  1. Fraud – The recruiter may be deceiving the applicant.
  2. Identity theft – The applicant’s identity may be used without consent.
  3. Data privacy violation – Personal data may be collected or processed unlawfully.
  4. Cybercrime – The scheme may involve online fraud, phishing, or account compromise.
  5. Illegal recruitment – The scam may involve unauthorized recruitment activity.
  6. Financial crime exposure – The applicant may be used for loans, e-wallets, accounts, or money mule activity.

For applicants, the safest rule is this: verify first, submit later. Identification documents should not be treated as harmless attachments. In online recruitment, an ID is a powerful credential that can be misused long after the fake interview ends.

XXXVII. Conclusion

HR video call recruitment scams asking for identification are a serious and growing risk in the Philippines. They exploit the normal trust applicants place in employers and the increasing use of remote hiring. The scammer’s request may appear ordinary, but the consequences can include identity theft, fraudulent loans, unauthorized SIM registration, e-wallet misuse, bank fraud, harassment, and legal complications.

Philippine law provides several possible remedies through data privacy, cybercrime, fraud, recruitment, banking, and consumer protection frameworks. However, prevention and early action remain critical.

Applicants should verify recruiters independently, avoid sending IDs too early, refuse OTP and banking requests, watermark documents, use secure channels, and report suspicious activity immediately. Employers should limit unnecessary ID collection, provide privacy notices, use official channels, and secure applicant data.

In recruitment, a legitimate employer should be willing to verify itself before asking an applicant to surrender sensitive identification. When in doubt, pause, verify, and protect your identity.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login