Facebook Work-From-Home “Job” Posting Scam Goes the Extra Mile to Trick Victims

Facebook Employee Working from Home ScamA new job posting scam found by IT security company Qualysys is focused on capturing victim’s identity details, accessing victim’s Facebook accounts, and committing fraud.

In this new scam, legitimate Facebook advertising is used to post fake work-from-home job ads from several companies. As with most of these scams, victims are directed to a third-party messaging app and are asked to sign a realistic-looking employment contract.

This type of scam has been seen everywhere, including LinkedIn and legitimate career sites, attempting to do everything from infect victims with malware to stealing personal information.

What makes this case particularly notable is the incorporation of an authentic-looking contract, which is a new tactic. This particular scam aims not to infect any devices, but to acquire personal information. The inclusion of a contract lends a sense of credibility, leading victims to willingly submit photos of both sides of their driver's license and to digitally transfer a check from the fraudulent employer for procuring job-necessary software.

In the end, the victim has lost control over their identity and potentially some of the funds in their bank account. This is only because these bad actors intent is not about gaining access to a corporate network; this scam could just as easily taken a turn to infect the victim’s computer with malware.

Regardless of the malicious outcome, staying vigilant of scams like this with new-school security awareness training is imperative so they understand that even when it’s the victim themselves that seems to have initiated the interaction, it really was the scammer that posted the job ad in the first place.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews