'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
us Work & employment crises urgent id scan request • asked to email passport scan • hr wants id over email • insecure channel document request • form i-9 document request • employer demands passport scan • onboarding identity verification • recruiter asks for passport • send id via text message • id scan over personal email • verify hr request quickly • job paperwork time pressure • remote hire i-9 inspection • suspicious onboarding request • photo of passport request work • identity theft after sending id What to do if…
What to do if…
you are asked to send passport or ID scans over an insecure channel urgently
Short answer
Don’t send ID scans under time pressure over an insecure channel — verify the requester through a trusted company contact and switch to an official secure process (especially if this relates to Form I-9).
Do not do these things
- Don’t send passport/ID images to a personal email address, unknown phone number, or a link you can’t verify.
- Don’t send more documents than requested (and don’t add a Social Security card or other sensitive documents “just in case”).
- Don’t send unprotected scans as attachments “because it’s faster”.
- Don’t assume a message is legitimate because it uses the company’s name or logo.
- Don’t crop/blur/redact parts of an ID image to “make it safer” — instead, use a secure portal or an in-person/official process.
What to do now
- Pause and verify who is asking. Contact HR/onboarding using the company’s official directory, an offer letter contact, or the main switchboard. If you’re dealing with a recruiter or vendor, verify with the employer directly before sending anything.
- Make them name the purpose (and protect your options). Ask: “What requirement is this for — Form I-9, background check, or building access?”
- If they say Form I-9, remember: employers generally shouldn’t demand a specific document (like a passport). Ask what acceptable options they support and follow the official instructions you’re given.
- Ask for the secure method immediately. Request the company’s secure HR portal upload or an IT-approved secure document process. Avoid ad-hoc email/text.
- If they propose a “remote I-9 video” process, confirm it’s the DHS-authorized alternative procedure. If the employer is using the DHS-authorized alternative procedure (it’s optional and only available to qualified E-Verify employers in good standing), it generally includes:
- You transmit copies of the documents, and
- You do a live video interaction where you present the same documents, and
- The employer keeps clear, legible copies for those employees processed this way.
If you’re unable or unwilling to transmit documents this way, ask HR to offer physical document examination instead.
- If you must send something today, reduce the risk (only after verification).
- Use a password-protected encrypted file.
- Give the password via a different channel (eg phone call to HR at a known number).
- Send only what’s required, to a verified company address.
- Keep a short record. Save the request, your responses, and note what you sent, to whom, and how.
- If you already sent it insecurely, take containment + identity-theft steps.
- Notify HR and the company’s IT/security contact to restrict access and confirm deletion.
- If you think it may have gone to a scammer/wrong person, use the U.S. government recovery steps at IdentityTheft.gov (and consider a fraud alert and/or credit freeze to reduce the risk of new accounts being opened).
- Watch for “follow-up” scams asking for money, gift cards, or fees.
What can wait
- You don’t need to prove it was phishing right now; you just need to stop further exposure and move the request onto the official secure channel.
- You don’t need to send extra IDs today unless HR confirms they’re required for a specific, named process.
- You don’t need to confront the sender; switching to verified HR/security is enough.
Important reassurance
Legitimate employers handle sensitive documents routinely. It’s normal — and reasonable — to refuse insecure channels and ask for the official secure method, even if someone is rushing you.
Scope note
These are immediate steps to reduce identity-theft risk and avoid compliance mistakes under time pressure. Later steps may involve HR/I-9 compliance or formal identity-theft recovery if your documents were misused.
Important note
This guide is general information, not legal advice. Employer workflows vary; when unsure, rely on verified HR contacts, secure transfer methods, and official government guidance for employment verification and identity-theft recovery.
Additional Resources
- https://www.federalregister.gov/documents/2023/07/25/2023-15533/optional-alternative-1-to-the-physical-document-examination-associated-with-employment-eligibility
- https://www.federalregister.gov/documents/2023/07/25/2023-15532/optional-alternatives-to-the-physical-document-examination-associated-with-employment-eligibility
- https://www.justice.gov/crt/form-i-9-and-e-verify
- https://www.identitytheft.gov/
- https://www.usa.gov/credit-freeze
- https://www.ftc.gov/news-events/topics/identity-theft/report-identity-theft