WhatsApp job scam: Sophos warns of rising cybercrime threat

Cybercriminals are exploiting WhatsApp Messenger to disseminate fake job offers. These messages promise attractive positions in renowned companies, high salaries, flexible working hours, and the possibility of working from home. Experts from Sophos warn, however, that messages containing recruitment information from unknown senders should immediately arouse our vigilance.

Scammers posing as recruiters entice potential victims with the prospect of lucrative positions in popular companies, such as TikTok, which require little to no experience. Those who express interest in such jobs are asked to deposit a small amount into an account provided by the scammers. After this initial deposit, the criminals start demanding personal information and further monetary transfers, justifying it as necessary to purchase appropriate work equipment or conduct training.

Among the fake offers, there may also be advertisements promising relatively high pay for performing simple tasks, such as watching short videos or "liking" posts. A victim who falls for these promises may provide their personal information to the scammers but will not receive the promised job.

Fraud involving fake job offers is common worldwide, although its prevalence may be higher in certain regions. Such attacks often occur right after a significant data leak incident in a given country. Cybercriminals likely use phone number sets purchased from illegal sources or previously obtained during an attack.

In 2022, such an incident occurred when data from almost 500 million WhatsApp users fell into the hands of scammers. John Shier, Technology Director at Sophos, notes that criminals have access to many databases of phone numbers acquired in this manner, increasing the likelihood of receiving a fake job offer.

Many signals indicating an attempt at fraud are similar to those characteristic of phishing messages. "The information about a fake job offer aims to evoke emotions in the recipient and prompt the potential victim to act quickly, including providing personal data or making advance payments. The job offers are often suspiciously attractive: they promise well-paid remote work and associated benefits or flexible schedules. Cybercriminals also entice victims by not requiring job experience for the position, while very rarely including details about job responsibilities in their offers," explains John Shier.

To protect your data from falling into the wrong hands, you should first not click on links contained in a received "job offer". As John Shier explains: "If someone claiming to be a recruiter says they represent a company or agency, it is worth looking up the phone number of that entity or its website to verify if the advertisement is genuine. Remember that companies looking for employees are unlikely to contact candidates through messengers. The exception is LinkedIn, where it is relatively easy to check if an offer is genuine."

As with phishing attacks, every suspicious message (not just on WhatsApp) should raise vigilance, and all actions should be taken cautiously. If an offer seems too good to be true, it is probably a scam.