Global job scam may cause $100 mn in losses for over 1,000 companies: report
Nicknamed ‘Webwyrm’, hackers in the global-scale job scam have impersonated over 1,000 companies across 10 industries for a combo task scheme
An ongoing global job scam is likely to affect more than 100,000 victims across more than 50 countries, potentially causing collective personal losses of over $100 million to more than 1,000 companies being impersonated, cyber-security researchers have claimed.
Drawing from a cache of victim complaints and reported monetary losses, the reported losses from the impersonation of a single company exceed $200,000.
Nicknamed ‘Webwyrm’, hackers in the global-scale job scam have impersonated over 1,000 companies across 10 industries for a combo task scheme akin to the ‘Blue Whale Challenge’ (from a few years ago which caused a massive global impact), according to a research team from cyber-security company CloudSEK.
“The scale and sophistication, indicating a highly skilled and persistent threat actor (TA) group, necessitate urgent awareness,” the researchers said.
According to them, more than 6,000 fake websites, over 600 websites sharing nearly 200 unique WhatsApp numbers and 230 Telegram handles are targeting people in more than 50 countries.
“The potential collective impact on victims, taking into account the multitude of impersonated companies and an average loss of $100,000 per company, based on reported financial losses, potentially exceeds $100 million, impacting more than 100,000 individuals,” said the research report.
This financial upheaval caused by Webwyrm not only devastates individual victims but also tarnishes the image of the impersonated companies.
“As the lure of thousands of dollars under their names traps countless individuals, brand trust takes a nosedive. This becomes evident as victims in plight are inadvertently attributing legitimate companies to the orchestrators of these scams,” said the report.
Webwyrm, likely active since late 2022, has grown multifold since early 2023 with the threat actor group employing various deceptive tactics.
CloudSEK said it has shared the details of its investigation with global law enforcement agencies to help implement remedial actions, including dismantling the scammer infrastructure and reporting to the impersonated organisations.