A tech professional recently fell victim to a sophisticated job scam while interviewing for a remote role. In a viral post titled “Got scammed during a fake job interview,” the techie explained how the fraudsters used a deceptive Cloudflare verification page to execute malicious commands on their computer. The individual shared the story as a warning to help others avoid similar traps.
“Hey everyone, just wanted to give a heads up about a job scam I almost fell for so nobody else goes through the same thing. I applied for a Remote Data Analyst position at a company called Criptoro (criptoro.biz). The job post looked totally legit, good salary, well-written, realistic requirements. They replied, scheduled an interview, and everything seemed normal,” the techie wrote.
After the initial process, the alleged interviewers sent a WeChat link to the user, which led to the fake Cloudflare verification page.
“It asked me to press Windows + R, then Ctrl + V, then Enter. What I didn’t know was that the page had automatically copied a malicious command to my clipboard. Following those steps basically runs malware on your computer without you realizing it.”
The techie highlighted that real Cloudflare verification never asks the user to press keyboard shortcuts or open anything on the computer.
Social Media Reactions
As the post went viral, social media users said such job scams were fairly common, and those not having previous knowledge could easily get scammed.
“I sympathise with you but honestly it’s a little surprising this didn’t raise any red flags in your mind. Where else have you ever heard of doing Win+R, then Ctl+v to verify you’re a human?” said one user while another added: “I’m sorry you fell for this, it’s incredibly scummy. Someone shared this scam before, and it’s basically a good old fashioned “wallet inspector” type of scam, but it’s only obvious if you’re familiar with computers like that.”
A third commented: “If you ran this code you are not out of the woods. These attacks typically infect you with infostealer malware meaning all your saved passwords (browser etc) and other information from your computer might be out there. If your computer is still infected it will keep transmitting that information to the attacker in realtime as your passwords are changed. Be careful!”
A fourth said: “It’s good that you shared this. Not everyone in the world is great at spotting scams and could fall for it. Now there’s one more post out and about warning about another scam method.”