To get into personnel: scammers have come up with a new scheme to cheat job-seeking Russians

Fraudsters have devised a new scheme to deceive Russians looking for work. They offer people good jobs with remote work, where you first have to undergo training, but in fact send a link to an infected application, with the help of which they steal money, and can even issue a loan to a person. "Izvestia" found out how to distinguish fraudsters from the real employer and protect themselves from such tricks.

Infected application

Fraudsters began to infect the phones of people who are looking for work on recruiting services. This is reported by the Telegram channel "Herald of the Russian Cyber Police".

According to him, vacancies have appeared on such services, which offer jobs in large companies - remote and well-paid. Those who respond are asked to fill out a questionnaire and undergo a short training. For persuasion with a person can communicate for several days, during which time the candidacy is supposedly agreed upon by the managers.

To pass the training, the person is asked to install several applications, one of which is malicious. In case the virus programs on the phone block the installation, the fraudsters will explain to the "applicant" how to bypass it.

Photo: Izvestia/Eduard Kornienko

- As a result, after downloading the application will get access to payment services and messengers, - explained in the channel of the Board for the organization of the fight against the illegal use of ICT of the Ministry of Internal Affairs of Russia.

The agency urged to be careful: to look for work only on verified sites or in the offices of the company and not to install software from dubious sources.

Variants of the scheme

According to Evgenia Lazareva, head of the People's Front project "For the Rights of Borrowers" and coordinator of the "Moshelovka" platform, fraud schemes involving the installation of malicious software under various pretexts are widespread on the Internet and are used not only in Russia.

- Such applications and programs are offered to be installed to perform tasks as part of "part-time work" without any training. For example, for the scheme "payment for likes" or "hotel booking". Often attackers call themselves creators of training programs and additional education courses, for participation in which it is necessary to download such software," she says.

Photo: Izvestia/Alexander Kazakov

In the case of job vacancies, malware can masquerade as questionnaires, test tasks, interview invitations and other documents that applicants voluntarily download. And in general - and under photos that are sent in messengers with the question "Is that you?", adds Konstantin Gorbunov, a leading expert on network threats, web-developer of the company "Security Code". After that, the downloaded software can steal a person's data, gain access to messengers, banking applications or the "Gosudservices" portal.

- Fraudsters also become active, for example, during the New Year sales - they send spam letters offering to buy goods from popular stores at low prices, - says the expert.

Under the guise of employers

According to Evgenia Lazareva, the topic of job vacancies itself is popular with attackers - they usually offer victims "incredibly favorable conditions". As a rule, people are attracted by promises of high income with very short terms of employment, the ability to control their own schedule, the lack of experience and specialized education requirements, and the remote format of work.

The schemes of deception themselves may vary - for example, in the pre-pandemic period, the central legend was earning money "on the stock exchange". Today, with the development of e-commerce, the main job offers or part-time work relate to activities on marketplaces and booking services, as well as the gaming industry.

- This is due to the fact that the financial market and the game on the exchange is more difficult to perceive, and not everyone feels the potential in this area. But promotion on marketplaces, redemption of goods and booking are mechanisms that almost everyone can understand," says the Moshelovka coordinator.

In addition to malware distribution, there are other types of job scams, adds attorney Sean Betrozov.

Photo: IZVESTIA/Sergei Konkov

For example, when fraudsters demand payment for training or paperwork, promising further employment, but in the end just disappear with the money of gullible people.

- Criminals use social media, job sites, mass mailings, and even create fake company websites. These portals often look very plausible, copying the design and even URLs, which misleads people," says the lawyer.

Victims of such fraud are mainly people without higher education, without a stable job, housewives and maternity workers, students and pensioners. That is, either people without much work experience, or looking for a part-time job.

- Those who have lost their jobs and find themselves in difficult financial circumstances are also at risk: they are particularly vulnerable and willing to take risks in the hope of finding a job soon. Those who are offered remote work are also often affected - such offers seem attractive," Betrozov concludes.

Chained together: Roskomnadzor tells about the most effective fraud schemes

Teenagers and retirees are often drawn into "covert operations"

Ways of protection

To protect themselves from fraudsters sending out job vacancies, Izvestia experts recommend following a few rules. First, always check the information - use only official company websites or reliable job search platforms. If you receive a letter with a job offer, you should pay attention to the e-mail address: corporate addresses look different from personal ones.

- Second, be careful with attachments and links. Real employers rarely send test assignments as files at the first stages of selection, especially if they are unknown formats. Third, if you are asked to pay for anything - whether it's paperwork, training, or equipment purchases - be careful. Real employers don't ask for payment for employment paperwork," says attorney Sean Betrozov.

It's also important to use anti-virus software to protect yourself from malware that may be embedded in downloaded files.

Photo: Izvestia/Artem Korotayev

Regularly update your devices, do not download anything from dubious links (at least first read reviews about the employer on the Internet) - in extreme cases, use a separate phone, where there are no banking applications, "Gosudservices" and messengers. And, of course, be careful with personal information.

- Passport data, TIN and other information should not be requested at the initial stages of communication. If you have suspicions - do not be afraid to ask questions and look for additional confirmation, - recommends the lawyer.

In the employment itself, the coordinator of "Moshelovka" Evgenia Lazareva advises to remember the importance of concluding an employment contract with the employer. After all, only the employee who is registered according to all the rules and requirements of labor legislation is reliably protected by the law.