Real Cases

Let's look at a real story

A friend shared a complete scam encounter he experienced:

Someone on TG主动私聊他，其表示有个项目方的运营岗，让他发简历，很快回复「初筛通过」，约面试。面试前他要了项目资料，对方发来一个 GitBook 链接。链接本身是正规的，但这个项目档案已经一年没更新了。

Entering the interview phase, the first interview took place on Zoom. The interviewer was a "foreigner" with poor Chinese, claiming to be French, but this friend has a background studying in France, and the accent was clearly wrong. The interview was very shallow, and after a quick pass, the interviewer rushed to set up a second interview.

The second interview was scheduled for 4 PM. The interviewer sent the meeting link exactly at 4 PM, using a software he had never heard of before. He couldn't open it and suggested switching to Zoom, Google Meet, or Lark. The interviewer immediately retorted, "Don't deceive me; anyone can open this link." He insisted on refusing, and the interviewer deleted the TG chat record instantly.

If he had clicked the link and installed that "meeting plugin," what followed would be: the plugin requiring microphone and speaker permissions, instructing you to run commands in the background, which is actually a malware designed to scan your computer for wallets, passwords, and private keys. The interview was fake, the position was fake, and the company might not even exist.

Looking back, there were three things wrong with this interview:

1. The project information hadn’t been updated in a year. They claim to be hiring, yet no documents have been touched.
2. The person claimed to be French, but the accent was incorrect.
3. Sending the link just on the hour, using an unknown software. This was actually exploiting the job seeker’s eagerness to force the person to let their guard down.

Part One

What do scammers really want from you

There are dozens of common scam tactics today, and it's normal to not remember them all. But scammers basically want three things:

1. Your devices and wallets
2. Your money
3. Your personal information

When encountering an interviewer who seems strange or incomprehensible, ask yourself: what does he actually want from you? The answer often becomes clear.

The most prevalent desire is control over your device and wallet

This type of scam is exposed most within the community. The one common point is: at some step, they will ask you to install or run something on your own computer.

• They ask you to download an unfamiliar meeting software. Common video interview tools include Zoom, Google Meet, and Lark. Scammers send you a tool with a strange name, and what you install is actually a trojan that steals wallets and contains backdoor software, affecting both Mac and Windows.
• During the meeting, they say "I can't hear you," instructing you to install plugins or change background permissions. This step is where they truly make their move. The plugin is the trojan, and "changing background commands" means granting it permissions to access your device.
• Making the written test a trojan. The interview questions for development positions could ask you to clone repositories and run them locally. Hidden within the code are tools that specialize in translating wallet plugins and stored passwords from browsers or SSH keys.
• They won't let you download but ask you to "paste a command." A more recent tactic. Using a fake verification page, or saying "there's an audio issue on your end, please follow the prompts," they guide you to copy a command to execute. Without any downloads, it's even harder to notice.
• Under the pretense of "helping you," they ask you to share your screen. They take the opportunity to see you enter passwords and verification codes.
• Under the guise of "let's check your blockchain experience," they ask you to connect your wallet. If you connect your real wallet and sign the authorization, your assets can be transferred away directly.

From the moment you run the code to when your assets are transferred away, it often only takes seconds to minutes.

Directly taking your money

Common old tricks, which also occur offline, can easily be replicated remotely.

• "Pre-employment tests" are actually order brushing. They ask you to perform "test tasks": put up money, make orders, or "donate" to the project. They return your first few investments as cash back to sweeten the deal. The more you invest, the larger amounts you can't withdraw, claiming "you made an operational error," requiring you to put in more funds.
• Paid referrals and guaranteed offers. Some people charge you money, claiming they can guarantee you a position at a large company or project. These can generally be dismissed immediately, as legitimate recruitment does not charge candidates. If you truly need to spend money on job searching, it should encompass services like job coaching or resume reviews, and no one can pay to buy genuine offers from strangers.
• Training loans and onboarding loans. Under the guise of "training first, then onboarding," they entice you to loan money for fees.

They want your identity

• Before employment, they request your ID card, passport, bank card, and a selfie. These can be used to create fake identities, open accounts, take loans, or engage in fraudulent transactions, or your accounts may be used as money laundering channels.
• Legitimate companies conduct background checks, but typically only after you have signed a contract and started employment, not during the interview phase.

There’s another warning sign: unable to receive payment after employment

Not all risks come from fake companies. Some companies are legitimate, and even after you join, they may use "remote work is hard to verify" or "cross-border is hard to track" as excuses to withhold or delay salary, commonly seen with the last month's pay before departure. Due to remote work and cross-border nature, it is very hard to follow up on this money, which is why they dare to do it. Check the company's reputation before employment; ask around in the community to avoid problematic companies.

Part Two

Common indicators of scams

The following signals, taken individually, may not mean much; however, when several appear together, it's worth being cautious.

• Too good to be true. One of the most common: low barriers yet absurdly high compensation, interviews that are overly lax (always flattering you, not asking real questions) together become very suspicious. It doesn’t matter if you don’t understand the technology; most people have a feeling of "it’s too good to be true," and your intuition is often correct.
• Only willing to discuss in private chats. The other party initiates contact without any company information and only communicates on encrypted tools like TG, refusing to use phone calls or show their face, and won’t use recognized companies' meeting software.
• Pressuring you. They hurry to schedule the next interview but delay sending the link until the exact hour. Normally, if an interview is scheduled, they'd send you the link right away; if they hold it to the exact hour, they won’t give you time to verify, causing you to panic.
• Offering to pay you even before employment. Some scammers will proactively offer to advance salary, signing bonuses, or onboarding bonuses, to present themselves as very sincere. This is usually to make you anxious or fearful of missing out, causing you to not ask too many questions. When people focus on the money, they tend to overlook necessary verifications.
• Communication feels strange. The other party's dialogue seems machine-translated, with awkward names, word order, and terms; they claim to be from a certain country, but the accent doesn’t match. Often it’s overseas groups masquerading as local HR using translation software.

That said, stilted language itself doesn’t qualify as a scam. Many legitimate overseas teams and foreign recruiters communicate with candidates using translation tools; poor English or Chinese does not equal a scammer. Only when several signals combine can things start to seem accurate.

Relying on memorizing names for scam prevention isn’t very effective. Scammers frequently change identities; today it’s this account or software name, and tomorrow it’s another. Keeping track of names is virtually impossible, but understanding these basic logic points can often help you avoid many traps.

Part Three

Self-Protective Strategies

In remote scenarios, you often cannot confirm the authenticity of the other party. Therefore, "seeing through the scam" is inherently unreliable. Pivoting your approach, regardless of the authenticity of the party, there are several things you can verify yourself and several bottom lines you can maintain.

Things you can verify yourself generally fall into three categories.

• Use trusted channels. A more stable approach is only to recognize entrances that you find yourself. Trying to confirm if a company is hiring, go to reliable job platforms or the official website to find the recruitment page, rather than clicking on links, domains, or QR codes sent by them. Even for meetings, even if they provide the link, download the official app from the meeting software’s website and use the meeting ID to join yourself.
• Check the background of the HR. Look up whether this HR has a specific real identity online, such as LinkedIn or other verified identities. The information they provide can also be reviewed casually, like checking the last updated time, just like the initially mentioned "GitBook that hasn’t been updated in a year." Another method: casually ask a culturally-based topic; machine translation and non-native speakers are prone to exposing themselves, and some scammers can be stumped by just one question, leading to them hanging up on the interview.
• Observe what they ask you to do. This is the most useful tip as it relates to the authenticity of the company. Before legitimate employment, reputable companies will not require you to install unfamiliar software, run commands, pay money, provide wallets or private keys, or conduct "tests" involving transfers, nor will they ask you to keep secrets from anyone.

Device isolation is also very important. The software they require you to download should not be installed on your daily used phone or computer; do not connect to your real wallet; do not pay; do not provide documents and private keys. This way, even if the other party is a scammer, it is very difficult for them to take any information or assets from you.

If developers need to run code provided by the other party, doing so outside of the main machine will be much safer, such as on a clean virtual machine, sandbox, or a separate empty device. This approach has the added benefit of allowing you to discuss early-stage projects and those under confidentiality with ease.

Part Four

Some tricky situations to judge

• Early-stage projects, naturally lacking information. Having little information is normal for some early-stage project parties and doesn’t necessarily mean they are scammers. True early-stage projects will have thin but genuine traces: founders have publicly available identities predating the project, financing or contracts, or code repositories that can be verified. Scams often exhibit the opposite; the websites are beautifully designed, but behind them are new accounts, unable to find any living person with a history.
• Claiming to be under a confidentiality period, refusing to provide the company name. Confidentiality usually pertains to the project itself, such as products, tokens, or unpublished plans. However, the HR approaching you has no need to hide their identity. Genuine confidentiality aims to prevent you from disclosing project information. This kind of "confidentiality" is exactly the opposite; they are afraid you will verify them.
• Claiming to be an HR from a large company, with complete information. The company may be real, but the issue lies in whether this person truly is HR from that company. First, check the email domain: is it the official company domain or a Gmail, similar domain, or a counterfeit domain with added suffix? Go through official emails, recruitment systems, and verified LinkedIn accounts.

Part Five

If you’ve been caught, what to do

The following should be done as soon as possible, generally in order.

1. Immediately disconnect from the internet, then shut down the device. While the trojan is still active, any remedies you attempt to perform on this machine can be seen by it.
2. Switch to a clean device. Transfer valuable assets from the wallet to a new address first. Consider the original wallet compromised and do not use it again.
3. Change important account passwords on the clean device, enabling two-factor authentication for all accounts.
4. Save screenshots of chat records, transaction records, the other party's account and links; you can also send them to community exposure platforms to alert others who haven’t fallen victim yet.
5. File a report. Some cross-border fraud cases have low recovery probabilities, so be mentally prepared, but reporting is still worth it for documentation and record-keeping purposes.

Everything has two sides; remote work offers more freedom but also breeds more scams and traps. The job search journey has never been easy, and scammers often exploit the anxiety of job seekers, causing them greater distress than simply failing an interview. We hope everyone can enhance their scam prevention awareness and successfully find their ideal job.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。