A sharp increase in advanced recruitment scams has been observed, with cybercriminals
taking advantage of economic instability and a competitive job market to exploit vulnerable job seekers.
These scams use highly polished social engineering tactics that combine elements of legitimate recruitment with fraudulent practices. This makes them difficult to detect and effective in stealing money and personal data from victims. Security experts have identified three separate threat actors targeting job seekers globally. One impersonates tech firms using advance fee fraud, another runs a localized scam in 18 countries pretending to be a logistics recruitment agency, and a third poses as the Government of Singapore to collect national ID numbers and hijack Telegram accounts.
These varied tactics demonstrate the growing complexity of recruitment-related cyber threats.
Data from the Federal Trade Commission shows that job-related fraud losses in the U.S. surpassed $500 million in 2023, more than twice the $200 million recorded in 2022.
This alarming rise is tied to the increasing sophistication of scam operations and the expanding number of at-risk individuals facing economic pressure, higher living costs, and an expanding gig economy.
Netcraft researchers found that these scams are carefully designed for persistence and scale, often avoiding traditional detection systems.
Their investigation showed that scammers often use multiple personas throughout their schemes. One persona initiate contact, and another handles the fraudulent part of the process. This strategy helps them reach many victims while maintaining operational security, even when one communication channel is disrupted. These scams often prey on job seekers drawn to flexible work options and high-paying roles, which have become more appealing since the pandemic.
Inside the Celadon and Softserv Scam Network
One of the most active scams starts with unsolicited messages on WhatsApp, Telegram, or similar platforms. Attackers introduce themselves as recruitment consultants claiming to have received the victim's application.
These messages often come from international numbers, adding a false layer of credibility while making it harder for victims to verify the source.
After the first contact, victims are referred to a second persona who shares job details. These positions often promise unusually high pay for minimal tasks.
Netcraft found that the Celadon/Softserv scam asks for payments in cryptocurrency such as USDT and directs victims to fake websites like celadonsoftapp[.]vip. These platforms are made to look legitimate but are entirely fraudulent.
The scam uses a step-by-step method to deepen victim engagement. After creating an account, users receive small credits as bait before being asked to deposit real money to unlock new "task levels" that promise large returns. The interface often mimics common app icons to make the platform seem more authentic.
Researchers identified nine similar sites operated by this group from May to November 2024. All shared the same visual design and backend systems. These sites used Cloudflare for protection and Gname for hosting, reflecting the operation's scale and advanced planning.
To avoid detection, the scammers use access codes for registration, login restrictions to block security researchers, and periodic redesigns to stay ahead of countermeasures. In late June 2024, they began using more polished site layouts, showing continued improvement in their approach.
Job seekers are urged to watch for red flags such as recruiters who only use messaging apps, unrealistic pay offers, cryptocurrency payments, and requests for upfront deposits.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
