Widespread Remote Working Scam Underway

I was just reading about this from WordFence.com and had to re-post it. Incredible!

From: wordfence.com blog

PSA: Widespread Remote Working Scam Underway

This entry was posted in General SecurityPSA on October 28, 2021 by Mark Maunder   3 Replies

I’ve just gotten off the phone with a victim of the scam that I’m about to describe. This is impacting a lot of folks, so please do spread the word. It’s infuriating. I’ll be around to reply to your comments below, but please do not engage in victim-blaming, because until you’ve actually been hit by one of these scams, you don’t know how convincing attackers can be.

As you already know, Defiant is a 100% remote company. We have been remote since 2015 when we first started hiring. Thanks to COVID, a lot of brick-and-mortar companies are now hiring for remote positions. There is a remote hiring scam that has rapidly gained popularity and works as follows:

The Attack

An attacker will post a job ad on a job board for a position. We have seen “Data Capturing” as one of the roles, but the roles vary. An interview is conducted. In the cases we’ve seen, it has been done via Skype direct message and there were two attackers who had a conversation with the victim. The first attacker posed as a kind of coordinator and went by “Jennifer Udin”. The second posed as a manager named “Antonio Wheeler”.

The victim gets the job. The “employer” (attacker) congratulates them and says that they will provide all required furniture and office supplies. The attacker then sends the victim a check which they are told to cash, and they’re asked to immediately buy furniture from the attacker’s preferred supplier. In the case we investigated, the amount paid was several thousand US dollars.

The victim’s bank will put a hold on cashing the check until it passes fraud checks. The victim spends the money out of pocket, on the furniture, in a non-refundable way. The victim is out of pocket thousands of dollars. And the “furniture company” is actually the attacker who now has the money.

There are several variations of this attack. The goal is to either get personally identifiable information (PII) from a victim or to get money. In all cases, the scam is based around an employment opportunity and a legitimate company is used as a vehicle for the attacker to scam the victim.

How To Avoid This Scam

We recommend you take the following steps to avoid this scam:

  • Go to the employer website and confirm that the job you’re applying for is actually an open position on their site.
  • Contact the hiring company using the published contact information on their website – either an email address or phone number – and verify that the role exists and that you are in the hiring queue.
  • As far as possible, do not apply on job boards. Instead, apply by navigating to the hiring company’s website and proceed from there. You may be directed to external HR sites like Workable.com, but you will be following links from the hiring company’s own website.
  • Never spend money out of pocket for a job application or for a new job you have just started. You may need to spend money out of pocket in the future because reimbursement has become standard practice among many companies, but this should be unacceptable for a position you have just started.
  • I have not encountered a company that only does interviews via direct message. COVID has changed the way we do business, so it is understandable that victims are assuming that direct-message interviews are part of that change.

Please share this information as widely as you can. This has had a significant financial impact on folks I have talked to, and their stories are heartbreaking. If you have been affected by this, please visit IC3.gov and report the crime.

Data We Have Gathered

The following screenshots and data were kindly provided to us by several victims of this scam. We have redacted sensitive information.

An introductory chat session:

 

An authoritative-sounding Jennifer gives instructions on visiting the “hiring company’s” website which is a real website. They add a time limit to add legitimacy.

 

Once the victim has been hired, they’re referred to a “training supervisor”.

This is the profile of one of the scammers. Probably a stock photo and plausible-sounding name.

By: Stacy Morgan