With inflation on the rise and a growing unemployment crisis, Bangladesh is witnessing a spike in fraudulent activities in its cyberspace, most of which are linked to bogus work-from-home job opportunities.
These scams take advantage of people's desire for remote work and financial instability, particularly through deceptive messages sent via SMS and WhatsApp, promising substantial daily earnings for minimal effort and time.
What's even more concerning is that the headhunters of these online scams contact people without any selection, even those individuals who are not looking for a job in the first place get offered lucrative job opportunities.
For instance, Humayun Kabir, a banking professional, and Nayem, a university student, have both been enticed by such scam offers flooding their messaging platforms.
Humayun recently received an enticing message from an unknown sender offering a daily wage of Tk2,000 for a part-time job.
Similarly, Nayem received a message that read, "There is a part-time job, you can use your mobile phone to operate at home, you can earn Tk200-3,000 a day, 10-30 minutes a day, waiting for you to join. Reply 1 and click the link to join us ASAP."
However, these tantalising job offers don't just lead to disappointment – they are fraught with danger. The included links, when clicked, lead to a WhatsApp chat or re-direct the user to a scam-ridden website that threatens to compromise sensitive data or ploy to steal the unsuspecting target's money.
In some extreme cases, these links can even provide total control of the users' device to the scammer.
Cybersecurity expert Professor BM Mainul Hossain at the Institute of Information Technology of Dhaka University advises caution regarding such suspicious offers.
"It's crucial to verify any too-good-to-be-true job offers independently and refrain from clicking on unsolicited links. The cyber crooks are using social engineering techniques to trick people into providing sensitive information", the professor says.
How the work-from-home scam operates
"Not all of them have the intention to steal data. Sometimes, there's an individual who engages in chat conversations and even conducts seemingly professional interviews. In certain cases, these fraudsters may initially offer small sums of money, only to later entice victims to invest significant amounts, and then abruptly cut off all communication," explains BM Mainul Hossain.
He further described how scammers put their victims in a group on a messaging app called Telegram. In that group, they make fake websites that look super real, like fancy crypto trading sites. The scammers ask victims to send them money and complete certain tasks in order to multiply their investment.
To make it even more deceptive, scammers make fake online wallets to trick victims into thinking their money is safe."
The cybersecurity expert shed a concerning reality, "These SMS scams don't just come as job offers, they may appear in the form of business deals or offers to go abroad with lucrative packages."
Is the scam too hard to combat?
Professor Mainul emphasises keeping devices updated with the latest security features and software and not installing unverified third-party applications.
He points out that mobile network operators could play a role in combating this potential scam by identifying and flagging such messages.
However, Prof Mainul notes a decline in their interest in providing customers with this service, saying, "To detect these obvious scamming methods, where a message is being sent to thousands of people every day, containing an unsolicited link and promises of money, sim companies wouldn't need to build any complex algorithms; it can be easily identified and blocked."
The cybersecurity expert stresses that such an investment by sim companies in flagging these scam messages could further enhance customer trust and their brand reputation.
"With proper acknowledgement of this scam and efforts of relevant bodies such as flagging of sim operators and monitoring of Cyber Police Center and other cyber security agencies, preventing this scam should not be a huge challenge," says Mainul Hossain.
When The Business Standard asked the Cyber Police Center (CPC) of the Criminal Investigation Department (CID) whether they acknowledge this scam as a threat or not, they replied positively and said, "The latest rise in such deceptive messages is on their radar, and CPC has been working tirelessly to track down these fraudsters."
They urge the public to report any such suspicious activities to the authorities.
According to CPC, these types of scams in Bangladesh's cyberscape were driven during the Covid-19 pandemic as people stayed home and became more inclined to internet transactions. Now it has started all over again.
Police say "These messages are not only circulated through SMS or Whatsapp or social media, scammers are operating through email as well to make it seemingly more professional."
People often find themselves stuck in this scheme, sending money every day. Sometimes, they end up losing all the money they've saved up over their whole life. Some even borrow money from their friends, and it all disappears into this scam.
A global cyber epidemic
Bangladesh is not alone in facing this issue; job-related scams have surged worldwide.
The United States reported a nearly threefold increase in job and employment agency-related scams from 2020 to 2021, from 7,324 to 21,848 in the third quarter of each year, according to a report published in the Los Angeles Times on 23 January 2023.
Another report in the Washington Post on 27 January 2023 asserts that job-related scams on the internet cost Americans approximately $2 billion every year, as stated by the Better Business Bureau.
It further reads that the Federal Trade Commission (FTC) received over 22,000 reports of cyber employment fraud between July and September of 2022 alone, resulting in total losses amounting to $78 million.
Similarly, Canada's Edmonton Police Service received 148 reports of employment scams in 2022, resulting in a financial loss of $359,831.
In India, over 30,000 people lost 200 crore rupees (over $24 million) in January through work-from-home scams falsely representing reputed e-commerce companies, Times of India reported quoting a Delhi Police source on 28 January 2023.
An October 2022 study by messaging security provider SlashNext analysed billions of link-based URLs, attachments, and natural language messages in email, mobile and browser channels over a six-month period, and found more than 255 million attacks. That's a 61% increase in the rate of phishing attacks compared with 2021.
The study revealed that cybercriminals are shifting their attacks to mobile and personal communication channels to reach users. It showed a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads.
Internet scams are far from new
It's worth noting that internet scams continue to evolve alongside technology, and schemes similar to these have been occurring for a while now.
For instance, Nigeria was at the centre of infamous scam operations in the '90s known as "419 scams" or "Nigerian prince scams."
These scams involved an email from a "Nigerian prince" asking the recipient for help to claim his "fortune" at the expense of personal banking details.
Common fake job scam techniques
- Scammers create phoney job ads on job websites or social media to lure job seekers with attractive offers.
- Scammers pretend to be genuine companies, offering fake job positions or promotions.
- Scammers send unsolicited messages via SMS, WhatsApp, or email, falsely claiming job offers.
- Scammers send emails that look real, asking for personal or financial information like bank details.
- Scammers request payment or deposits for interviews or processing, disguised as refunds or fees.
- Scammers use stolen information for identity theft or fraud.
- Scammers ask for money upfront for training or services, then vanish, leaving victims without jobs or money.
Essential safety measures
- Do not open any links.
- Do not respond to the sender or provide personal or financial details.
- If unsure of a message's legitimacy, contact the sender through verified contact details, such as an official website or app.
- Report to the Cyber Police Center and delete suspicious messages.