A fresh wave of job scams is spreading on Meta's Facebook platform that aims to lure users with offers for remote-home positions and ultimately defraud them by stealing their personal data and banking credentials.
The attackers dangle offers of work-at-home opportunities to lure Facebook users to install or move to a popular chat app with someone impersonating a legitimate recruiter to continue the conversation.
Eventually, attackers ask for personal information and credentials that potentially can allow attackers to defraud them in the future.
Qualys Caught Up in Scam The researchers discovered the scams because fake recruiters were purporting to be from Qualys with offers of remote work.
The company never posts its job listings on social media, only on its own website and reputable employment sites, Trull said.
The initial text lures for the scam occur in group chats that solicit users to move to private messaging with the scammer who posts the job opening.
Once a victim installs Go Chat or Signal - the messaging apps used in the scam - attackers ask for additional details so they can receive and sign what appears to be an official Qualys job offer complete with logos, correct corporate addresses, and signature lines.
Attackers then ask victims to send a copy of a government-issued photo ID, both front and back, and told to digitally cash a check to buy software for a new computer that their new employer will ship to them.
Qualys has notified both Facebook and law enforcement of the scam and encourages users to do the same if they observe it on the platform.
The blog post did not list the names of other companies or brands that might also be targeted in the attacks.
Avoid Being Scammed Job scams are indeed a constant online security issue, one that's on the rise, according to the US Better Business Bureau.
Online ads and phishing campaigns are popular conduits for job scammers, which use social engineering to bait people into responding and then either steal their personal data, online credentials, and/or money.
Scams also can have a negative reputational impact on the companies whose brands are used in the scam.
To avoid being scammed by a fake job listing, Qualys provided some best practices for online employment seekers to follow when using the Internet to search for opportunities.
Qualys also advised that people always verify offers by looking up a job opening on an organization's official website and contacting the company directly instead of using social media contacts that could be abused as part of a scam.
Since social media accounts can be hijacked, the source can appear legitimate but isn't.
Further, if an online recruiter asks a person to install an app to apply for a position, it's probably a scam, Trull warned.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 11 Jan 2024 17:51:44 +0000