Netcraft has uncovered a sharp rise in recruitment scams in 2024, driven by three distinct threat actors employing unique and highly technical strategies to exploit vulnerabilities in the job market.
As economic pressures like wage stagnation, the cost-of-living crisis, and the gig economy’s growth create fertile ground for cybercriminals, these scams have already resulted in over $500 million in losses in the U.S. alone in 2023, per Federal Trade Commission (FTC) data-a figure likely to be surpassed this year.
The sophisticated use of advance fee fraud (AFF), phishing websites, and identity theft tactics highlights the urgent need for awareness and robust cybersecurity measures among job seekers and employers alike.
.png
)
Sophisticated Recruitment Scams
The first threat actor focuses on the tech sector, impersonating legitimate employers like Celadonsoft and Softserv to deceive victims through AFF schemes.
Using platforms like WhatsApp and Telegram, attackers initiate contact with unsolicited messages, posing as recruiters with lucrative job offers often paid in cryptocurrency like Tether (USDT).
Victims are directed to phishing sites such as celadonsoftapp[.]vip, where they must pay upfront fees to access fake tasks like “app optimization.”
These sites, hosted via Cloudflare and registered through Gname, employ detection evasion tactics like mandatory sign-up codes and simulated account credits to lure victims into repeated payments.
Netcraft identified nine such platforms active throughout 2024, with consistent visitor traffic indicating widespread targeting.
Once victims attempt to withdraw promised earnings, they are left empty-handed, having lost money and provided free labor that benefits the criminals.
Diverse Tactics Exploit Economic Vulnerabilities
A second adversary mimics U.S. logistics recruiter Picked Well, deploying 36 localized phishing sites targeting 18 countries in native languages, with the U.S. seeing 95 times more traffic than the U.K.
These sites, such as uspickedwell[.]pro, use tailored content to maximize engagement, coercing victims into similar AFF traps with upfront payments for fictitious job tasks.
The geo-specific targeting and linguistic customization demonstrate a high level of operational sophistication, ensuring scams resonate with regional audiences and evade blanket detection systems.
Meanwhile, the third threat actor impersonates the Government of Singapore via Telegram, aiming to steal personal identity numbers and account access.
Victims are lured into fake job groups, directed to phishing domains like singaporejobvacancy[.]bygo[.]win, and tricked into submitting sensitive data and verification codes, ultimately losing control of their accounts for use in further scams or extortion.
These diverse tactics-ranging from task-based AFF to identity theft-underscore the evolving threat landscape, amplified by social messaging platforms and economic desperation.
Netcraft warns that the integration of generative AI could further enhance the sophistication of these lures, making detection harder.
Job seekers are urged to scrutinize offers for red flags like unrealistic pay, cryptocurrency payments, and messaging-only contact.
Reporting suspicious activity to platforms and organizations like Netcraft can help disrupt these scams at scale, protecting vulnerable individuals from financial ruin and data theft in an increasingly predatory digital job market.
Setting Up SOC Team? – Download Free Ultimate SIEM Pricing Guide (PDF) For Your SOC Team -> Free Download
