How the Scam Works
Fake Job Posting: The scam begins with a convincing job listing on a reputable platform like LinkedIn, targeting digital marketers.
Quick Response: Once you apply, you receive an email within 1-2 hours claiming your application has been reviewed and you’re shortlisted for the role.
Assignment Link: The email includes a link to a file described as project details or a similar term, which needs to be opened with a password provided in the email.
Malware Infection: When you download and extract the file, it installs malware or spyware on your device, capturing sensitive data like login credentials for advertising accounts, social media, and emails.
Account Hijacking: The scammers use this information to gain access to your ad accounts, change the email and passwords, and lock you out. They then run unauthorized ads, draining your advertising budget.
Sample Scam Email
Here’s an example of how these emails might look:
Subject: Application for Performance Marketing Specialist (Remote)Dear [Your Name],I reviewed your application for our Performance Marketing Specialist (Remote) job and am impressed with your background. I’d like to schedule a call with you to discuss your experience. Can you share a few dates and times that would work for a 30 to 45-minute call?We are preparing for a high-impact advertising campaign in the early days of the year, with a significant budget dedicated to driving results. To ensure our conversation is productive, I would love to share some project details with you beforehand. This will give you a clearer understanding of our goals and expectations before we meet.Project details: [Fake Link]Note: Based on the security, please extract the folder with password: [Password]. If the file is corrupted on your phone, please try opening it on your computer.Please let me know if you’re available for a discussion after reviewing the information. Looking forward to your response.Best regards,[Fake Name]
Red Flags to Watch For
Urgent Replies: Legitimate companies usually take time to process applications. A reply within hours is a warning sign.
Password-Protected Files: Reputable companies rarely share files in this format, especially as part of the recruitment process.
Suspicious Links: Always verify the URL before clicking. Fake links often mimic real websites.
Request to Download Files: Avoid downloading files unless you are certain of their authenticity.
Unverified Email Address: Check if the sender's email domain matches the company’s official website.
How to Protect Yourself
Verify the Job Posting: Cross-check the job on the company’s official website.
Avoid Downloading Unknown Files: Never download or extract files from untrusted sources.
Use Antivirus Software: Keep your devices secure with up-to-date antivirus protection.
Enable Two-Factor Authentication: Add an extra layer of security to your ad accounts and social media platforms.
Be Cautious of Password Requests: Companies will never ask for your account credentials.
Spread the Word
Digital marketers and professionals in the marketing field should be vigilant about such scams. Share this information with your peers to help protect them from falling victim to these tactics. Always verify opportunities and trust your instincts—if something seems too good to be true, it probably is.