Work Hard, Pay Harder! 

This article explores the rise of recruitment scams that target individuals seeking flexible work-from-home opportunities. Cybercriminals are utilizing a sophisticated infrastructure comprising thousands of scam websites to defraud victims globally. The scams often lure victims with enticing job offers while disguising the involvement of legitimate companies. Affected: recruitment sector, job seekers, cryptocurrency users

Keypoints :

Scammers are targeting individuals looking for flexible work-from-home opportunities.
Recruitment scams have been operating on a large scale since 2023.
The infrastructure used involves thousands of active scam sites.
Victims are engaged through messaging apps like WhatsApp, posing as recruiters.
These scams utilize legitimate company names to create trust.
Tasks offered often sound simple, creating a false sense of legitimacy.
The scammers prefer paying through cryptocurrencies, specifically Tether (USDT).
Scammers may operate through complex DNS configurations and second-tier infrastructure.
Victims are manipulated into investing their money with false promises of high returns.
Significant financial losses are expected as victims are ghosted after investing.

MITRE Techniques :

**T1071.001**: Application Layer Protocol – Usage of common communication applications (e.g., WhatsApp) for engagement.
**T1070.001**: Indicator Removal on Host – Use of legitimate company names to obfuscate scam operations.
**T1060**: Resource Hijacking – Manipulation of DNS and infrastructure for large-scale scam operation.
**T1583.001**: Acquire Infrastructure – Utilizing various domain registration and hosting services to maintain anonymity.
**T1555**: Credentials from Password Stores – Potential harvesting of victim data during the sign-up and engagement process.

Indicator of Compromise :

[Domain] portBuiuldinCryptoal
[Domain] GNAME.com
[Domain] DNS.com
[Domain] Tencent.com
[Domain] AlibabaCloud.com

Full Story: https://blogs.infoblox.com/threat-intelligence/work-hard-pay-harder/