Hoping to clinch some quick money from that alluring job ad? You may lose a fortune instead.
As remote-working gains traction in Singapore and globally, job seekers are advised to be on the alert for increasingly common online scams masquerading as job opportunities.
Such ruses – usually sent as an email to unsuspecting recipients, or planted a business – are becoming increasingly legitimate-looking, thereby claiming more victims than ever.
Two remote employment scams newly discovered by Forcepoint revolved around cybersquatting, and a small-scale botnet pushing out home-working related lures.
What is cybersquatting?
The cybercriminals behind this scheme typically create professional-looking business websites linked to a recently defunct company with the correct but now dormant address and contact details of the people in charge. The website would have little to offer except an email address and a phone number whereby visitors can apply for jobs (typically remote-working positions). Once a job applicant initiates communication, he will receive a reply that attempts to continue the conversation and eventually requests help to transfer money between different accounts, thus enabling money laundering.
Small-scale botnet scams
Forcepoint also discovered the presence of a small-scale botnet spamming individuals—mostly users of free email services—with job offers. Because these emails do not contain obvious traits of traditional spam-like URL links, phishing verbiage and executable files, and the servers and accounts used for delivery of the email are legitimate, they are usually not blocked by cybersecurity software on users’ computers. The servers are globally dispersed and consist mainly of free email providers, whose accounts are typically easier to compromise than secured corporate accounts.
Said Eric Chan, senior director, systems engineering, Forcepoint Asia Pacific: “These new techniques are not much different from last decade’s famous ‘Nigerian Prince’ emails; just that they are run in a more sophisticated manner. To achieve their goal, cybercriminals must rely on thousands of compromised SMTP accounts. Maintaining such a list dynamically is not easy but unfortunately, due to their lower security standards, some free webmail services are going to be top candidates for keeping that list populated for a while.”
Chan advises computer users to:
- Vigilantly assess emails that arrive from unknown senders
- Be protective of personal assets such as login credentials to free services
- Pick strong passwords
- Refrain from using the same passwords for different services
- Frequently change passwords
- Use services that offer two-factor authentication whenever possible
Whenever a computer user suspects fraudulent activity, he or she should immediately report the incident to the local police or cybersecurity authorities.