This massive new spoofing campaign is targeting job seekers, so watch out

Help Wanted
(Image credit: Eric Prouzet / Unsplash)

A new worldwide spoofing campaign has been discovered, and it is thought to have extorted over $100 million from its victims already.

Researchers at security firm CloudSEK say the scam involves the impersonation of over a thousand companies, and is affecting over 100,000 people across more than 50 countries.

They also say that the threat actors behind the campaign are highly skilled and have created over 6,000 fake websites that impersonate popular brands, and hundreds of WhatsApp and Telegram handles have been employed to lure victims.


Dubbed Webwyrm, the researchers note that the campaign has likely been active since late 2022, but gathered momentum early this year as the threat actors evolved their tactics. 

The impersonated brands span over 10 industries, with the threat actors offering fake job roles to unsuspecting victims via social media, especially encrypted messaging service WhatsApp. CloudSEK's report also suggests that the threat actors may be "leveraging data from recruitment portals to tailor their schemes."

The fake employment offer typically offers a salary of between $1200-$1500 on average, with commissions based on how much ""work" the victim does. The job is to complete between 2-3 sets of tasks per day, with 40 tasks per set. 

Once the task is complete, the money will be taken from the victim's account and then redeposited along with the commission. The money is deposited in cryptocurrency exchange platforms and converted into USDT, a stablecoin pegged to the US dollar.

The victim is told to create an account on a fake website impersonating a well-known brand. There are also combo tasks, which require double the investment from the victim and have to be completed in streaks, otherwise the victim cannot withdraw their pay. 

But the streak never completes, and victims invest more and more in a vain attempt to complete it. Eventually, the threat actors freeze them out of their account. But in an effort to convince victims that its not a scam, they are directed to group chats where other "workers" post about how much money they have made. 

The types of companies that are impersonated include digital marketing and advertising services. Most of the impersonated companies are US based, with Indian, UK and Singapore firms also being popular choices. 


Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.