[UPDATE April 9, 2017] No response from Google, so I will provide a general description of what happened and close this incident in my book.
Someone was able to post a fake job opening for my company on two of the major job sites. Unclear to what end. I realized what was happening when I began receiving hundreds of job applications. I saw the posting — it was very well, professionally written. I reached out to both job sites. One responded immediately, took the posting down, and helped mitigate the impact. The other gave me a canned response two days later, saying they are investigating.
For this posting to have happened someone must have gained control of my company’s general email account. I suspect that this may have happened via a feature in Gmail, which is why I reached out to Google.
Case closed as unresolved.
I was phished, successfully, even though I thought I was impervious to such things. In my defense I will say that I didn’t do anything wrong (I think), and I followed all the rules (I think). It appears that my attackers’ deed was facilitated (unintentionally and unknowingly, I’m sure) by Google.
I have alerted Google to the incident. I will post further details if and when Google assures me that it is safe to do so.