Having written about Upwork scams before, I didn’t expect to nearly fall victim to one myself.
However, in the course of applying for a few writing roles in recent weeks, I came (virtually) “face to face” with a real life cyber criminal. It provided me with a great insight into the latest Upwork scam technique – AND I screenshotted the whole thing to share with you here!
The incident began with a seemingly innocuous job advert. However, the application I sent through was rather half-hearted, as there were already a few reasons for suspicion. I’ve marked them in the screenshot below.
So what raised my suspicions?
- The client was brand new to Upwork, with an unverified payment method. Now, every client is new to Upwork at some point, and I’m not as paranoid about this as some people who actively avoid anything advertised by clients without feedback. However, it’s always best to at least be wary…
- A client wanting 20 freelancers right from the off? This would mean a big operation and just didn’t sound right.
- The payment. $80 per article isn’t at all unusual for experienced freelance writers, and may seem low to some. However is is high for an advertised starting rate on Upwork.
- The advert, despite being long, is completely non-specific as to what subject matter writers will be writing about.
Despite my suspicions, I spent two minutes sending an application off, if only out of curiosity. I didn’t know at the time that it would end up forming the foundation of an Upwork scams article!
It didn’t take long to receive a communication back from the client, who asked me to add his “editor” on Skype, as per the image below. Names have not been redacted to protect the guilty!
I added the Skype account and soon received my first communication:
Now, the suspicions really began to mount.
First off, I was pretty sure this “Judith Cooper” wasn’t using a legit photo. I’m pretty sure the person shown is actually a celebrity.
Then, when I saw a ZIP file I became almost certain an Upwork scam was afoot.
Inside the ZIP file were two files:
The PDF file was a generic style guide, but the “Payment Terms” file (the one that potential freelancers are going to be in a hurry to open) was a .LNK file. This is a file that triggers the loading of another file, but only on Microsoft Windows. As I use a Mac, opening it would do nothing to me.
However, I decided to take a look inside the file. What I found inside had “virus” written all over it. Anyone opening this on a Windows computer would have ended up with a keylogger installed on their computer, ready to log their keystrokes and send them back to the hackers behind this scam – who could then have used them for financial gain and for hacking into online accounts.
By this stage, the fact a scam was in progress was no longer in doubt. I even found a link online from someone who had encountered this before and written about it.
So, all it was left for me to do was have a little fun with the scammer. Sadly this was rather short lived before I was sworn at and blocked, as you’ll see below:
After this, I headed back onto Upwork, where I reported the job to the “Upwork police” as “phishing or fraud.”
Having just checked back, I’m relieved to see that the job has been closed, and the perpetrator has been booted off Upwork. However, I’ve no doubt they’ll soon be back with a different name and IP address.
Credit is due to Upwork for reacting quickly to the complaint. However, I’d be willing to bet that the scammers hooked several people first, and that those people may be being ripped off as we speak.
After this happened, I told my wife about the scam, and she informed me she’d had exactly the same experience with an Upwork application in the past. She actually went as far as double-clicking the .LNK file. It’s only because she uses a Mac that nothing happened – otherwise she would have infected her computer.
So, the lesson here is to be very wary and suspicious if you see anything like that described above. If you’ve experienced this, let us know in the comments. You can read more about Upwork scams here.