Scam uses job offer and promotion potential to trick job seekers into giving scammers cloud access

The scam usually starts when a scammer contacts a job seeker through a false recruiter profile, for example, via LinkedIn, about a full-time position with a legitimate U.S. company. The victims are frequently freelance virtual assistants and online marketing professionals, and the victims are almost always located outside the United States.

The false recruiter may tell the victim that he or she is recruiting for the company, provide a legitimate description of the company, and provide a link to the company’s legitimate website. This already sets the new scam apart from older scams, in which the recruiter links to a fake company website. Here, everything looks (and is) legitimate. The false recruiter sometimes invites the victim to engage in further discussion about the supposed job on another platform such as Skype, Slack, Microsoft Teams, or WhatsApp rather than continuing to engage via LinkedIn. The victim may even be asked to join a chat group with false accounts posing as C-suite or other important executive personnel at the company for an “interview.” The false executives frequently have the real executives’ names and pictures in their profiles.

After a discussion, the victim is offered a “job,” and may be sent a W-8 and multi-page document the scammers call an “NDA.” Most of the document appears to be sourced from a real non-disclosure agreement with ordinary legal terms. The document is signed by a person purporting to be the company’s CEO, has the company’s logo in the letterhead, uses the company’s real address, and often has an official-looking gold seal on the last page. But the document includes some content that plainly is unusual for an NDA. A few paragraphs, shoehorned in the middle, purport to be the terms of the employment offer. The offer terms are usually strikingly different from the rest of the document and use poor English grammar and spelling. These terms provide a lucrative salary, for example, $2,000 payable biweekly. The terms also explain that the salary will increase after a short “probationary period.”

Crucially, the terms state that the offer will be revoked if the job seeker fails to complete certain “requirements.” The terms specifically identify the requirements as Azure, AWS (Amazon Web Services), Vultr, and/or GCP (Google Cloud Provider)—popular cloud computing providers. The offer promises that the monthly bill for Azure, AWS, Vultr and GCP will be covered by the company moving forward. It also promises that a $500 “Sign In [sic] Bonus” will be given after 10 business days only if the Probationary Employee completes the requirements in the given time and warns that “[f]ailure to complete means void of the said Sign In Bonus.” It gives the victim one day “to complete his/her requirements to be able to get the position in full confidence.” Here, again, the purported NDA does not have the hallmarks of other scams, because it does not always require the job seeker to provide bank accounts or significant personally identifiable information (PII).

The job seeker then sets up the cloud accounts to fulfill the simple probationary terms. Crucially, the victim then sends the scammers the cloud account passwords or uses passwords that the scammers provided, following a “company rule” apparently communicated during the interview. Immediately after receiving the fresh cloud accounts and passwords, the scammers stop communicating with the victim. They also typically delete the accounts and channels that have been communicating with the victim.

I found a hapless job seeker reporting the fact pattern [here](https://www.reddit.com/r/legaladvice/comments/nysumd/fishy_job_offer_is_it_legit_please_advise). I wrote an article about it [here](https://www.law.com/therecorder/2021/10/07/new-online-scam-uses-false-promises-to-trick-job-seekers-into-giving-scammers-illicit-cloud-access/).


The content was posted by AthleisureSuit on 2021-10-07 18:23:08 via reddit

Similar Posts

2 Comments

  1. PlanningVigilante says:

    What do they do with these stolen cloud accounts? Do you know?

  2. aspiegrrrl says:

    Article is paywalled.

Leave a Reply

Your email address will not be published. Required fields are marked *