Threat actors are posing as Qualys recruiters, advertising remote job opportunities via Facebook to obtain sensitive information and funds while compromising users and their direct connections.
Qualys confirmed that there are ongoing attacks against multiple brands concerning the false work-from-home scams, the post states.
The jobs scam messages often occur in group chats, leading to victims private messaging the attackers posing as a Qualys recruiter.
“In several cases, the scammer appears to have compromised legitimate Facebook users and then targeted their direct connections,” the post reads.
Often, victims are coerced into installing messaging applications such as Go chat or Signal and are asked to share personal information to receive and “sign” a fake contract.
This fake job offer may appear convincing as it may contain logos, accurate corporate details, and signature lines.
Victims were then asked to send a copy of the front and back of their government-issued photo ID.
Finally, scammers urged victims to cash a check digitally and not to go to the bank. They were also asked to spend money on software for a new computer supposedly being shipped to them.
Qualys reminds its users that official job postings will only be available via its official website and reputable job sites – never social media.
The company reminds users of tactics, techniques, and procedures to follow in the event of this type of scam:
- Verify offers via the official website or by directly contacting the company
- Be skeptical of job offers or solicitations that don’t come from an official source
- Adopt the “if it’s too good to be true, it probably is” mindset
- Listen to your intuition, if it doesn’t feel right, don’t go through with it
- Recruiters will contact you via email, phone, or set up an interview – real recruiters won’t ask you to download any applications
- Never accept a check and cash it digitally from an unknown source
More from Cybernews:
Subscribe to our newsletter