Job Seekers Targeted as Scammers Pose as Government on WhatsApp

Scammers impersonate government agencies on WhatsApp to target job seekers with fake offers, phishing sites, and identity theft schemes, Netcraft warns.

Cybersecurity firm Netcraft has issued a warning about a significant spike in sophisticated recruitment scams targeting job seekers. Their recent analysis, shared exclusively with Hackread.com, highlights three distinct threat actors employing varied methods to defraud individuals, emphasizing the growing danger in the online job market.

This group uses advance fee fraud (AFF), posing as tech companies like Celadonsoft and SoftServ. Victims are lured via WhatsApp with high-paying jobs (often in USDT) and directed to fake websites, which credit them a small sum to build trust, and then prompt them to undertake tasks like app optimization.

To earn high remuneration, users must deposit their funds, ranging from small amounts to thousands of USDT. Victims continue to deposit money to complete more tasks, believing they are accumulating earnings. However, when they withdraw, the funds never materialize, leaving them with huge financial losses and having performed work that likely benefits the scammers. Netcraft found at least nine identical fake sites used in 2024.

Similar to the first group, this actor impersonates a logistics recruiter, Picked Well, employing AFF tactics. While the overall modus operandi mirrors the first threat actor – luring victims with job offers and then requiring upfront payments for tasks to supposedly unlock high earnings – the key differentiator is the geo-based targeting.

These scams are localized with Netcraft detecting a total of 36 fake websites specifically targeting victims in 18 different countries- the US being a major focus. The US experienced 95 times more traffic to these fake sites than the UK and 170 times more than Australia. This suggests a specific focus on US job seekers with 63,000 targeted already.

According to Netcraft’s blog post, in both scams, initial contact often occurs through messaging platforms like WhatsApp and Telegram, with recruiters using two different fake personas to build trust and execute financial extraction.

This threat actor impersonates the Government of Singapore, aiming for identity theft. Fake Government of Singapore Telegram groups lure victims into joining them. Within these groups, messages are posted, often with slight errors in spelling like “Singapure”, claiming to be from official departments.

Clicking on links leads to phishing websites offering fake job vacancies with attractive salaries. Users are required to sign up, provide their identity card and phone number, and enter a verification code. This gives the attacker full control over the victim’s account. Netcraft warns that compromised accounts are likely used to impersonate victims, spread scam messages, or engage in extortion.

These findings align with a concerning trend reported by the FTC, which saw over $500 million lost to job scams in the US in 2023, a significant increase from$200 million in 2022.

Therefore, job seekers should be vigilant when receiving correspondence from recruiters or searching for jobs online. Look for telltale characteristics, such as a lack of Facetime with recruiters, communication via social media, typos and low-quality content. Netcraft notes that promises that seem “too good to be true,” should serve as a red flag for such fraudulent schemes.