€100 Million Global WhatsApp Job Scam Exposes Link to Chinese and Cyber Slavery Networks

A phishing scam, "Webwyrm," has been targeting individuals all over the world.

PUBLISHED FEB 2, 2024

Cover Image Source: Job Scam | Photo by Tolgart | Getty Images

A global recruitment phishing scam has been uncovered following an investigation by Euronews Next shedding light on deceptive practices conducted through WhatsApp. The investigation involved engaging with a scammer "Stella," who posed as a London-based recruiter for a platform named Digital Logic. As a new employee, the scammer manipulated the victim and urged them to convert US dollars into Tether (USDT) and transfer the funds to Digital Logic.

Cover Image Source: Pexels | Worldspectrum — Image Source: Pexels | Photo by Worldspectrum

Modus Operandi

During the first week, the victim earned 800 USDT with a 0.6% commission. However, they were subsequently instructed to "reset" their account by adding 30 USDT to continue participating. When the victim raised questions, Stella became defensive. Experts later confirmed that it was indeed a scam, uncovering that the reset amounts escalated each week. Despite Digital Logic claiming to be a legitimate company established in Texas in 2008, investigations revealed that the associated document was forged.

Image Source: RapidEye/Getty Images — Image Source: Photo by RapidEye | Getty Images

A Surge in Cyber Scams

In a recent report by AI cybersecurity firm CloudSEK, it has been revealed that over 1,000 companies have fallen victim to such scams. Dubbed "WebWyrm" by CloudSEK, this scam is well organized and agile in terms of operational security. CloudSEK's vice president Koushik Sivaraman shared that while conducting AI brand monitoring, they discovered a multitude of fake domains. Their findings estimate that WebWyrm has successfully extracted over €100 million from more than 100,000 victims.

CloudSEK is now scrutinizing the way scammers might have acquired hundreds of phone numbers. Potentially sourced from job board leaks, the recruiters being impersonated deny any security breaches. Moreover, WhatsApp's suspected data leak has been refuted by the company. Euronews Next also reached out to Europol, Interpol, and the FBI. While Europol couldn't confirm involvement, Interpol had no information to share. The FBI, on the other hand, stated that they had received over 500 employment scam complaints linked to WhatsApp from complainants across 60 countries.

Securing technologies and data is quite a task. Companies must put in extra effort in making cybersecurity their number one task|Pexels — Image Source: Cybersecurity | Pexels

China's Involvement in WebWyrm

After a six-month-long investigation, CloudSEK has identified over 6,000 websites linked to the WebWyrm network. Scammers evade detection by constantly moving to new infrastructure and frequently changing IP addresses. These websites exhibit common features, including mobile-focused design, keyword-based names like "Digital Logic," and login requirements.

Security researcher Anuj Sharma, a co-author of the WebWyrm report, found these websites correspond to 119 IP addresses grouped into 12 autonomous system numbers (ASNs). Sharma noted that the scam's orchestrators are a single group, with two of the identified ASNs based in China and previously involved in various frauds, including crypto scams. All the websites either use the Chinese language or contain source code references, while 800 of them are built on the Chinese backend framework ThinkAdmin.

Image Source: Gremlin/Getty Images — Image Source: Photo by Gremlin | Getty Images

WebWyrm Scam and Its Link to Cyber Slavery

Valentina Casulli, the Head of Operations at HRC, has been investigating WebWyrm's operations since February 2023. She recently confirmed that the scam was linked to cyber slavery. Victims in Dubai and Myanmar revealed that they were trafficked to compounds and forced to participate in the scam, carrying out tasks on a website, mirroring WebWyrm's activities.

When they suggested reaching out to NGOs working on human trafficking for her safety, Stella responded with confusion, saying, "I don't understand what you're talking about." Casulli stresses that Western states have a responsibility in tackling this transnational crime, involving the finance industry, banks, the tech sector, and law enforcement. British companies and citizens are heavily impacted, and the UK government should do more regarding human trafficking.

Stuart McFadden, the co-founder of the fraud recovery firm Refundee, states, "There's very little public information about this type of scam so I completely understand how people fall for it." Law enforcement struggles to keep up with these scams, and experts hope for more actions to protect people from falling victim to such schemes. Gochenour of the Global Anti Scam Organisation (GASO) predicts more funds will be stolen if any significant action is not taken.