A new type of pyramid scam asks users to subscribe to a platform to work on behalf of Amazon, Mercado Libre, and Shopify, among others. Under the promise of earning "easy money by dedicating a few minutes a day", the cybersecurity company ESET detected a campaign with already known methods, but new clothing.
"During 2022, and also so far in 2023, ESET's research team received several reports of users in Latin America who were scammed under a fraudulent employment app called JobGuy, which even became available on Google Play," the computer security company explained in a statement. The app has already been removed from the Google store for fraudulent.
Pyramid scams had an exponential growth during the last years, with the case of Generation Zoe as the best known in the lead. However, there are a large number of campaigns that aim to steal personal data from users, or to convince them to spend their money on alleged investments that are not such, but operate under the ponzi scheme: the money does not come from legitimate profits but from the own investments of the deceived.
Here, how this new campaign detected by ESET operates and what precautions to take to be attentive.
Easy money, an oxymoron
The gateway to "baitear", that is, attract users, are usually the social networks Instagram and TikTok, or even via SMS messages. These ads usually lead to WhatsApp or Telegram accounts, where potential victims establish contact with a representative who explains what the work consists of and how to start earning money.
The central element of this type of scam is almost always the same: although implausible, the idea of making money with little effort is always present. "The fraudulent logic is mainly based on social engineering trying to offer a service or employment attractive enough for the victim promising easy money with little effort," Ernesto Bernal, a cybersecurity analyst, told Clarín.
This is due to a refinement in deception techniques: "A few years ago phishing was 'asynchronous': in a first stage, phishing emails were sent indiscriminately to thousands of victims simulating a known website, where then victim put their data, in a second stage the data was loaded or tested by the fraudster, and then in another stage to defraud the customer of a bank or online store, "he explains.
"Now phishing attacks are 'synchronous with the online fraudster': once the victim falls on the phishing site automatically the fraudster operates on the victim's account," warns the expert.
That is precisely what happens with this scam detected by ESET: first, they ask to register on an online platform. "Then the alleged representatives send a link along with an access code. Once registered, they will find a positive balance that allows them to start working or 'send orders' and thus start earning commissions, "explains ESET in its analysis of the mechanics.
New scam uses the names of Mercado Libre and Amazon. Photo ESET
This of generating balance is put in function of pretending legitimacy. However, "an Argentine user told how he got involved and ended up losing the money he invested: it was through an ad on Facebook in which a job opportunity was offered without the need for experience with earnings of between 20 and 30 thousand pesos, for which you only need to have the phone and dedicate between 15 and 20 minutes a day. " replenishes ESET.
"By clicking on 'more information' the victim opened a WhatsApp chat associated with a number in Morocco (+212). After consulting what the job was about, the scammers responded that they were partners of Amazon and it is an affiliate program whose objective is to improve the classification of sales and the reputation of products offered in virtual stores, "explains the online security company. The same thing was detected with Mercado Libre.
The alleged job consisted of completing tasks such as 'accepting orders' for products on different shopping platforms to supposedly "help online stores increase sales".
"In this other case, the victim was referred to another WhatsApp account coded +63, belonging to the Philippines. From this second account you are sent a link to a platform along with a registration code. Once registered, you enter your phone number and 'other personal data' and find a repository of products that you need to buy and then submit to start making money in the form of commissions.
Deception occurs when the active part of scammers appears, as Bernal warns in his description of how these scams are happening today.
"By clicking on 'start making money' you access an inventory of products that can be 'bought' with the detail of the cost and commission (of 20%) that is obtained for making the 'shipment' of it. Thanks to the balance in favor with which the account is opened, the person can start buying and sending products, but after making a couple of shipments the balance is exhausted and here begins the deception: the user must make a deposit to continue working, "details ESET.
"While at first criminals allow accumulated profits to be withdrawn to build trust, then this changes. In fact, the victim from Argentina confirmed to us that he managed to withdraw the accumulated money two or three times so that he does not distrust," they add.
"Fraud is based on making people believe that as they go through different tasks they can go up in level, which means that the commissions will be higher, but also the deposits. The victim told us that in his case he made the deposits through Mercado Pago and sent the receipt via WhatsApp to the 'advisor' who was guiding him in the process. Then they are responsible for entering the money to the platform, "says Camilo Gutiérrez Amaya, Head of the Research Laboratory of ESET Latin America.
"This is how it goes and as the person completes the tasks and accumulates profits, the platform is requesting to make deposits for increasing sums of money. Until at one point they tell her that she moved up in category and refer her to another advisor with another phone number, but in Telegram, which requests personal data. At one point the amount of deposits increased considerably and went from 4,000 to 35,000 pesos. Already at this stage if the victim did not agree to deposit the money could not withdraw the accumulated profits, and that is when he realizes that it was a fraud, "they conclude.
The most common scams and how to protect yourself
Amazon is also used to "baite" users. Photo: Shutterstock
Bernal listed the most common hoaxes that are occurring:
- In cases of phishing the modality that has been observed on the rise is to use Google Ads, the famous Google ads, with which they manage to position in the first places the false site over the real one
- In cases of malware (viruses) the spear phishing technique is used, which would be emails addressed to accounts of companies or individuals, these are easily collected by fraudsters doing a little "intelligence" on the victims, the emails sent are usually fines, invoices or court orders where the name of real courts and judges is used.
- Another common case is identity theft in social networks, where fraudulent profiles with a look and feel similar to banks or different institutions are registered in order to capture victims, who are then contacted by an "advisor".
When it comes to prevention, he advises:
- Never enter the website of your bank (or the one you are looking for) by clicking on links included in emails, SMS messages or WhatsApp.
- Always doubt who asks you for personal information or bank details, when in doubt deny us and cut the communication channel.
- Report and report situations that seem strange to us in the service channels provided by banks or shopping sites.
- Always have enabled the automatic update of our operating system and have a recognized antivirus.
Perhaps the most important piece of advice is to never believe in any "easy money" method: after all, if something is too good to be real, it is almost certainly not real.