🐈
» Forums » Freelancers » Malware is Becoming a Big Issue
Page options
virtualassistnh
Community Member

Malware is Becoming a Big Issue

Upwork is starting to be like other platforms that are FULL of Malware. Freelancer protection needs to be upped asap. I know you guys send out a generic malware email, but I think it needs to be more specific to what the malware job descriptions include and also notes about the things to watch for: a high number of interviews, client wants to higher a lot of freelancers, etc. I'm spending more time watching for these a-holes than working these days because Upwork doesn't appear to be stepping up their game on this for the freelancers.

 

Why can't Upwork require all payment options to verified before clients even can post jobs? That seems like something that should be required in order to keep the community safe. **EDITED to say I understand why Upwork won't do this now....I think many people have misconstrued this post to be about payment verification, which it isn't. It's about the big picture of Malware**

 

Again, I feel like updating your malware emails by providing specific examples of what new freelancers should watch out for, and adding a new email whenever a new malware pattern starts would be a huge help.  Your generics aren't helping when new freelancers get excited for a potential job...They will click on those links. With every job posting that is malware, you are getting a big number of freelancers being "interviewed" and most probably click the links, which tend to look like google drive files from what I've seen.  

 

Please step up your game.  With what you are taking from freelancer's earnings, I think we deserve better protection than what you are are giving us.

**Edited for Community Guidelines**

26 REPLIES 26
g_vasilevski
Retired Team Member
Retired Team Member

Hi Nicole,

 

Thank you for your feedback, I will share this with our team.

~ Goran
Upwork

wlyonsatl
Community Member

Nicole,

 

Upwork won't require clients new to Upwork to confirm their payment mechanism before posting a job because that might put some legitimate new clients off. Upwork needs all the new clients it can get; that's good for us freelancers, too.

 

I include in all my proposals to clients without confirmed payment mechanisms something like the following -

 

"I can start work on your project as soon as Upwork verifies your payment method."

 

No potential client has ever asked me to do otherwise.

Nicole, I agree with Will.  Also, yes, of course it'd be nice if Upwork would provide us with greater protection.  However, as Freelancers we must always remember that we need to take responsibility for our own businesses.  

I agree with what you are saying, but new, unexperienced freelancers, they are going to click those type of links because they are hopeful for a project being awarded to them.  Regardless of how we go about protecting our personal businesses, Upwork still needs to step up their game.

You need to look closely at everything Nicole is describing. Scammers are exploiting the fact that they don't need to verify payment. I got hit yesterday with a virus, and in the last 12 hours have flagged 14 posts that include no payment verification, all pay 33.00, multiple frellancers needed (60+ for one voice over 60 sec. long for example)) or interviews sent, all two or three sentences long, no job post history and all in one field, voice over work.

 

The "client" that I fell for had a more sophisticated job posting, only in the sense that it paid more and was a full description of the "job" and looked legit, other than the no verification/0 previous jobs.

yitwail
Community Member

Payment verification before posting jobs won’t be required any time soon in my opinion because new clients are more likely to use Upwork if they can test the waters before sharing financial information with Upwork. I’ve worked for and been paid by quite a few clients whose payment method wasn’t verified when the job was posted, and even when I wasn’t hired, not once was my computer infected with malware. Forcing new clients to verify payment method risks alienating them, if they’re not already alienated by the new three invitations per job limit. To a large extent, freelancers can avoid dubious jobs through common sense and due diligence. To give one example, regard with skepticism jobs posted by new clients who are supposedly hiring 60 freelancers.
__________________________________________________
"No good deed goes unpunished." -- Clare Boothe Luce
mtngigi
Community Member


John K wrote:
Payment verification before posting jobs won’t be required any time soon in my opinion because new clients are more likely to use Upwork if they can test the waters before sharing financial information with Upwork. I’ve worked for and been paid by quite a few clients whose payment method wasn’t verified when the job was posted, and even when I wasn’t hired, not once was my computer infected with malware. Forcing new clients to verify payment method risks alienating them, if they’re not already alienated by the new three invitations per job limit. To a large extent, freelancers can avoid dubious jobs through common sense and due diligence. To give one example, regard with skepticism jobs posted by new clients who are supposedly hiring 60 freelancers.

Echoing John's comment  -  just a guess, but probably 80% of the jobs I've bid on and been awarded were new clients with unverified payments. Unverified payment does not mean they are suspect. Experienced freelancers can spot smarmy, scammy RFPs/clients a mile away. Nor has my computer ever been subjected to malware.

 

Inexperienced people should take the time to read all the available information about how to avoid scammers - but they don't. To sign up and jump right in, without a clue as to how to work safely here (or anywhere else online) is irresponsible.

I am not stupid....I realize how to protect my business. But many many
people are still applying for these projects, the last couple I spotted had
over 40 people being interviewed, and regardless if they are business-savvy
or not, no one deserves to get money stolen from their bank accounts and/or
Paypal accounts. That is what these a-holes are doing to people. If I see
something that could potentially hurt other freelancers, I'm saying
something about it.

I also see why verified payments ahead of time isn't an option.

At first I though the OP was using "malware" generically to describe scammy jobs, but I am getting the sense now that we are saying that there are links to malware within a posted job description? I admit I have never seen this so I want to clarify what people are seeing. If in fact there are malware links, UW definitely can detect these if they have the right software. This something they buy from the likes of say a Mimecast or others.  This is not something you do in-house unless you just prevent any links from being entered.

Yes - the links are in the initial contact message after someone applies
for their "project". I have seen many links that look like safe Google
Drive files. I tried to post images but they got removed.

yitwail
Community Member


Scott B wrote:

At first I though the OP was using "malware" generically to describe scammy jobs, but I am getting the sense now that we are saying that there are links to malware within a posted job description? I admit I have never seen this so I want to clarify what people are seeing. If in fact there are malware links, UW definitely can detect these if they have the right software. This something they buy from the likes of say a Mimecast or others.  This is not something you do in-house unless you just prevent any links from being entered.


Scott, I presume Upwork routinely scans links within job posts, so I assumed the links in question were contained in client messages, but that's just guessing, since I've yet to observe this firsthand.

 

Nicole, you beat me to the punch! Cat Wink Upwork should perhaps look into this, because it's a new scam variation, and if nothing else, it's wasting freelancer time and connects.

__________________________________________________
"No good deed goes unpunished." -- Clare Boothe Luce
browersr
Community Member

Thanks for the clarification, John and Nicole. Same rules apply though and software is available to scan links before they are presented whether in email, job post, message, etc. Companies should be using this type of software anyway for their own internal defenses. Extending should be considered although the cost for something like this public platform would be interesting. Nonetheless, the tech exists to combat this problem. Even though this software is excellent, it is not 100%. It can miss actual malware or false flag a good site. There will not be 100% protection. Just something to keep in mind.

I feel bad about what happened to Stephen. I don't think he is an unsophisticated computer user or bad freelancer.

 

Nevertheless, payment verification and malware are completely separate topics.

At the risk of repeating myself, in my recent situation, there was unverified payment method. I don't usually count projects out when seeing that, and the job post was well written, lengthy enough to contain the kind of details necessary for me to know what the job required and offered pay that reflected the skill level they were looking for. It was for a voice over, my field.They were also only looking for one freelancer. I was offered an interview around 12 hours after replying, which also made sense as that's usually the case. The interview message contained a zip file with a supplied password, which I downloaded without scanning (that's the part where I was lazy and an atypically bad computer user, but thanks for the words of defense, Preston!). It didn't take long for me to be suspicious when the file would not open, so I checked the file location and it had gone straight to my system's powershell.

 

Skipping ahead: Where the unverified payment method is a factor is when there are other red flags, such as 0 other jobs posted AND a simple job with a request for a ridiculously high number of applicants (such as 45 or 60). I saw 14 or 15 of those after my initial issue, all for voice overs and all with bare minimum job descriptionss (much sloppier and lazier for the post I applied for), and I flagged each of them.

I think what Nicole's post illustrated was that, when combined with other factors, an unverified payment method should be a red flag, not that it is always the case.Apologies to Nicole for potential mansplaining.

 

PS-My security software (Webroot) couldn't find the malware I downloaded, and it took a two hour remote session with one of their people in order to find it and kill it. He literally told me that it was the  first time that virus had ever been seen by their company. His comment was "Having the only computer in the world with this virus is not a good thing". In the end, all was fixed and lessons were learned. I am somewhat bolstered by the sophisitcation of the entity that I was was infected by. It is heartening to know that Upwork does indeed attract talent.

Very well said! You hit the nail on the head as far as the main point of
my post.
hodgesh
Community Member

Unverified payment method + zero jobs posted is not a red flag. It makes complete sense that someone who's never even posted a job before has no verified payment method yet. The lack of payment verification is almost completely irrelevant until a potential client offers you a contract. Someone looking for 60 freelancers for one voiceover is suspicious regardless of payment verification.

tlbp
Community Member

I would guess that jobs that require the sharing of large files are easier to target because the freelancer is less likely to be suspicious of a zip file with a password. 

 

My takeaway will be to avoid those types of files!

 

petra_r
Community Member

Upwork does scan attachments, hence the frequent outraged posts when someone can't download one...

 

Here it was a link to a place outside Upwork, far more difficult to police.

 

Technology grows every day.  There most definitely is a way for them to scan links in job descriptions if the right software is used.  They currently auto-highlight contact information (phone/email address) when someone is typing it into a message...so I don't think it is too far-fetched that they may be able to automatically detect links and create a way to require them to be scanned prior to finalizing the post.   

The files I have seen look like safe google drive files. This isn't a "common sense" issue...they are getting more and more sophisticated.  I remember what it was like when I was new and was so hopeful to get work after I started applying, and these links seem ok if you aren't familiar with what to look for as far as the type of Malware currently being spread on here.

svenimp
Community Member

Again Heaven, the complete list of red flags is being ignored. Unverified Payment Method +  0 Jobs posted is not a danger signal in and of itself, but when combined with 60 freelancers needed for a one person job, sloppily written 2 to 3 sentence descriptions, matching criteria appearing in other job posts in the same field, it's an indication of danger. Unverified payment methods automatically mean that Upwork can't trace a fraudulent post to it's originator beyond just removing the job post after review. Of course new clients have 0 job post histories, they're new clients. Stop focusing on the element of unverfied payment method, it's the combination of factors that are a signal that something is amiss.

Both topics were part of the big picture of my post.  Not understanding why that one sentence is the focus for some folks posting.

Exactly!  I've been on here for years and this is definitely not something I seen before at this volume.  These links are links experienced freelancers would more than likely click on since they look like legit google drive files.

njgradsky
Community Member

I just replied to the letter from the CEO about raising our membership rates.  I suggested just the things you wrote above.  I have flagged perhaps a dozen of these malware attempts in just the last couple of months.  They seem to be doing nothing about protecting us, just raising rates.  I call BS

donkin6
Community Member

And to think: we'll be paying 50% more for membership for this "opportunity."
Latest Articles
Featured Topics
Learning Paths