Search This Blog

Showing posts with label Job Scam. Show all posts

Fraudulent UK Visa Scams Circulate on WhatsApp

According to a Malwarebytes report, individuals working in the UK are being scammed by a recent phishing campaign on WhatsApp. 

Scammers claim in a WhatsApp message that users who are willing to relocate to the UK for work will be eligible for a free visa as well as other perks. 

Bogus scam message 

Scam operators are disseminating information under the pretext of the UK government, promising a free visa and other advantages to anyone who wants to migrate there. The chosen candidates would be given travel and lodging expenses as well as access to medical facilities. 

The WhatsApp chat app is used to transmit to target volumes to start the fraud. Users are informed that the UK is conducting a recruiting drive with more than 186,000 open job positions because the country will require more than 132,000 additional workers by the year 2022. 

The objective of the scam 

When a victim clicks on the scam link, a malicious domain that looks like a website for UK Visas and Immigration is displayed to them. "Apply for thousands of jobs already available in the United Kingdom," is the request made to foreign nationals as per the scam.

The website's goal is to collect victims' names, email addresses, phone numbers, marital statuses, and employment statuses. 

Any information entered into the free application form is instantly 'accepted,' and the user is informed that they "will be provided a work permit, visa, plane tickets, and housing in the UK for free" according to a Malwarebytes report. 

Report fake WhatsApp messages

Users have the option to Report and Block on WhatsApp if they get a message from someone who is not on their contact list. One should disregard these spam communications and use the report button to file a complaint. Additionally, users can block these contacts in order to stop getting future scam messages from them.

Phishing attacks with a Visa theme are a typical occurrence in the world of cybercriminals. A similar hoax circulated several times in the past to entice people looking to work or study abroad.

Giant User Theft and Bot Attacks Target on Job Seekers


Job seekers are viable targets for social manipulation efforts because applicants are emotionally weak and eager to provide any information to help them win the job. Cybercriminals are finding it easier to find the next victim now the "Great Resignation" is in full armor. 

A job posting portal with a location in six countries was the sufferer in this instance. The goal of the attack was to collect job seeker information from the website. 

Since February 1, experts have seen a 232 percent increase in phishing email attacks imitating LinkedIn, seeking to deceive job seekers into handing up private credentials. The emails contained subject lines including "Searching for a suitable candidate online," "You mentioned in 4 searches this week," and even "You have 1 new message," as per the Egress team. 

The OWASP Foundation classifies web scraping as an operational threat (OAT-011), which is defined as gathering accessible data or processing output from an application. While web scraping walks a delicate line among reporting and data privacy violations, it is still one of the most common automated hacks affecting businesses today, according to Imperva.

Imperva didn't name the company, but it said it received 400 million bot requests from 400,000 network Interfaces over four days in an attempt to harvest all of its job seekers' information. Similar strategies can be employed in "scalping" attacks, which are aimed to purchase in-demand, limited-edition products in order to resell them at a greater price later. Imperva neutralized one such operation on a retailer's website around Black Friday week, which had nine million bot queries in only 15 minutes — 2500 percent above its normal traffic rate.

Several people are accustomed to receiving regular authentic LinkedIn communications – and may unintentionally click without double-checking. Individual users are still responsible for being aware of the data they provide socially and how it can be used to deceive users into clicking a malicious link.

Singapore Cops Arrest 39 for Suspected Role in Job Scam


Singapore police have arrested 35 men and four women, aged between 16 and 65 over their alleged role in job and phishing scams involving Singapore Bicentennial commemorative notes. 

The individuals were nabbed during an islandwide anti-scam enforcement operation between Nov 22 and 26 that saw a total of 113 individuals investigated for their suspected role in over 900 jobs and phishing scams that led to more than S$20mil (RM61.87mil) in losses. 

According to Singapore police, the suspects had allegedly sold their bank accounts or gave their Singpass credentials to criminal syndicates in return for as much as $5,000 for each bank account sold or $400 for each set of Singpass credentials sold. However, most of them did not receive the money promised to them.

“Some were also found to have allegedly rented out their bank accounts to scammers or assisted them in carrying out bank transfers and withdrawals,” Singapore police stated, adding that investigations are ongoing. 

The victims were tricked after chancing upon advertisements offering quick cash on social media platforms and chat applications. The job scam required victims to order items from online platforms to improve sales volume. They would then be made to pay for the items via funds transfer to various bank accounts.

At the initial stage, victims would receive payment on top of a good commission, said the police. However, a real twist comes when victims spent large sums on their orders, and their job contact becomes uncontactable. Those targeted by the phishing scams received text messages from scammers informing them of their eligibility to receive free Singapore Bicentennial commemorative notes and would be directed to URL links that were allegedly spoofed. 

When victims clicked on the link, they would be redirected to malicious websites similar to the homepage of a purported bank’s Internet banking website and get fooled into coughing their banking details.

“Victims would only realize they had been scammed when they discovered unauthorized transfers of monies out of their bank accounts,” said the police. 

The police warned the public to remain vigilant and be wary of job advertisements that promise the convenience of remote working at an “unreasonably high salary”. The job seekers were also reminded not to click on URL links provided in unsolicited emails and text messages. 

“Legitimate businesses will not require job seekers to utilize their bank accounts to receive monies on behalf of the businesses. These acts are common ruses used by scammers to lure individuals into carrying out illicit payment transfers on their behalf. Always verify the authenticity of the information with the official website or sources, and never disclose personal or Internet banking details and one-time passwords to anyone, Singapore police advised.