@jerry @XenoPhage Yup, and a lot times, the TA and legal teams won't take it very seriously, like it's a problem that'll just work itself out.
At a previoius company, we actually had one of the scammed file a claim against us with the BBB. It didn't go anywhere, of course, but that threat can help add some tangible realism to this for other groups. At a minimum, you want a statement on your careers page saying that legit jobs can only be found at .
You can monitor the job sites a bit, but know that these are mostly appearing in the 3rd and 4th tier sites where jobs are posted or "recruiters hang out" in an effort to snag these people. We founda recruiter profile on one of these sites where they specifically listed themselves as being a part of our company. This is a good exercise for your intel and offensive security teams to think about, threat model, and see if there are controls you can apply to reduce the likelihood. But it's a lot of effort with little reward, so it gets pushed pretty far down the priority chain.