Researchers have uncovered a “global scale scam” dubbed “Webwyrm” where threat actors impersonate legitimate companies to swindle unsuspecting job seekers.
In a report on Oct. 5, CloudSEK said the collective personal losses from the scam may be over $100 million. While the scammers mainly initiate contact with targets via WhatsApp and Telegram, the researchers suspect they swipe victims’ contacts on job boards.
“This suggests a potential focus on job seekers, with scammers possibly leveraging data from recruitment portals to tailor their schemes,” CloudSEK said in its report.
The scam lures job seekers with enticing salaries, leading them to fraudulent websites. So far, over 100,000 people across 50 countries have fallen victim to this scam. CloudSEK is collaborating with global law enforcement to mitigate this threat.
The Webwyrm Scam
The modus operandi of this scam is sophisticated. Targets are presented with job propositions and are told they could earn $1200 to $1500 weekly. However, the real trap lies in the details.
One of the tactics employed by the scammers is offering a “training” phase, the report said. During this phase, victims are introduced to tasks that could supposedly earn them substantial money.
They are then subjected to so-called “combo tasks,” which initially appear rewarding but are designed to drain their accounts. Victims are told they need to deposit money to perform these tasks and can’t withdraw their earnings until the streak of tasks is completed.
“On a random day, they get stuck in a recurring loop of Webwyrm,” CloudSEK said. “The streak never gets complete and in an attempt to complete all tasks to withdraw their money, victims end up draining their bank accounts.”
Victims are intimidated when they try to speak to the platform admins. Eventually, their accounts are frozen.
Impact Beyond Individual Users
CloudSEK lists several businesses from different countries that have been impersonated in the Webwyrm scam. They include reputable organizations like Airbnb, Best Buy, Big Commerce, Amazon, Gartner, Farfetch, Brainlabs, Depop, Boohoo, Flipkart, Netscape, and Wordbank.
It’s not uncommon for scammers to impersonate well-known brands to con victims. In September, Perception Point revealed that scammers are impersonating hotels on Booking.com to conduct phishing scams.
As this campaign continues to cast its menacing shadow across the globe, individual users and corporations are urged to be vigilant and learn about the telltale signs of this scam to avoid falling victim to it.
CloudSEK also recommends treating all unsolicited job offers with some suspicion, especially those that require some form of payment.
For more important news, follow us on X (Twitter), Threads, and Mastodon!
