Fraudulent messages with job offers worry operators and threaten users

Published: November 28, 2024

The sending of fraudulent messages with job offers, allegedly associated with companies such as Meta or TikTok, has been worrying operators, who are working with the authorities and making customers aware of the dangers.

Associations such as Deco continue to receive numerous contacts from victims, despite warnings and awareness campaigns, at a time when electronic fraud is on the increase and becoming more difficult to detect.

“Electronic communications operators have been following this phenomenon with natural concern, working constantly to preserve the integrity and security of their networks, as well as their customers’ communications,” said the secretary general of the Association of Electronic Communications Operators (Apritel), Pedro Mota Soares, in response to Lusa.

In the SMSs, which are often sent using numbers beginning with 92 and written in Brazilian Portuguese, the alleged authors identify themselves as members of the human resources team of companies such as TikTok and invite recipients to apply for jobs online, sending links to supposed WhatsApp groups for this purpose.

“Hello, I’m from the TikTok human resources team and I’m writing to you. We urgently need 100 employees to work ‘online’, with daily salaries from 50 to 800 euros. You can join in your spare time. If you’re interested, you can contact us by WhatsApp […]. If you send us a message now, you’ll get a bonus of 5 euros,” reads one of the messages.

At issue is a computer scam called ‘smishing’, which consists of using SMS to extract confidential information, such as bank details.

Contacts can also arrive directly via WhatsApp, through foreign numbers, with messages written in Portuguese or English.

In these cases, it is common for the authors to claim to have received an application from the recipients of the messages for a certain position, and then ask for personal details.

To monitor this problem, the operators have teams working 24 hours a day, “cooperating with the competent authorities taking into account the legal and regulatory framework in force”.

Pedro Mota Soares also guaranteed that the operators “take seriously” raising awareness of good practices against this type of message, “and are therefore actively doing so on their own behalf and in collaboration with all the entities dedicated to promoting the safe use of electronic communications”.

As Deco Proteste’s technology specialist António Alves explained, this type of fraud always starts with a message being sent with an attractive job offer.

“If the person takes the bait, what they do is send a ‘link’, which changes and leads to a fabricated page, a ‘dashboard’ [visual panel] that has a list of tasks, with social network logos. The person can register and, from there, they are assigned tasks, which can be commenting on videos and following certain people,” he told Lusa.

As the tasks are completed, a “hypothetical balance” appears, which can only be withdrawn, as a general rule, after two weeks of work.

At this point, the fraudsters ask for a small amount of money to be transferred to a certain account to validate the IBAN or to pay a fee, and then suggest that the transactions be made in cryptocurrencies, so that no trace is left behind.

“They will start telling people that they have to transfer, for example, 100 cryptocurrencies and they will do this up to the limit they can extract from the person,” warned António Alves.

When people discover or suspect that they are involved in a scam, they are blocked, the links are no longer operational and they lose contact with the perpetrators.

New links and pages are then created to try and catch other people in the scam.

According to Deco, the consumer protection association, when people fall prey to this type of fraud it is “very difficult to recover the amounts transferred”.

However, the case should be reported to the authorities, such as the Judicial Police and the Cybercrime Office of the Public Prosecutor’s Office, as well as the electronic complaint system and banks, where applicable.

“In general, we’re talking about situations that are complicated to resolve because even if you file a complaint, what you’ll realize is that it’s difficult to identify the perpetrator of the fraud, who is behind the scam. They use all sorts of ways to hide their identity. They should always do so now. Not all cases are lost. The fact that you report it means that the fraud will stop working more quickly,” concluded António Alves.

According to data provided by Kaspersky, a global cybersecurity company, in 2023 there were 700 million phising attacks worldwide.

In Portugal, as the company pointed out, bank and service customers are the main targets of these attacks.

In addition to job offers, it is common for these scams to use fake promotions or messages from financial institutions.

Kaspersky recommends paying attention to the sender of the message, exaggerated promises, as well as unsolicited messages with links to enter personal data.

At the same time, users can access online tools to check whether the links they want to access are reliable.

Lusa contacted Meta, which owns WhatsApp and Facebook, and TikTok, but received no reply.

Facebook
Twitter
LinkedIn
Writen by

Continue reading

Still not a member?