Reply
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply

Malware is Becoming a Big Issue

Community Guru
Scott B Member Since: Nov 20, 2015
11 of 27

At first I though the OP was using "malware" generically to describe scammy jobs, but I am getting the sense now that we are saying that there are links to malware within a posted job description? I admit I have never seen this so I want to clarify what people are seeing. If in fact there are malware links, UW definitely can detect these if they have the right software. This something they buy from the likes of say a Mimecast or others.  This is not something you do in-house unless you just prevent any links from being entered.

Active Member
Nicole H Member Since: Oct 6, 2017
12 of 27
Yes - the links are in the initial contact message after someone applies
for their "project". I have seen many links that look like safe Google
Drive files. I tried to post images but they got removed.

Community Guru
John K Member Since: Feb 17, 2015
13 of 27

Scott B wrote:

At first I though the OP was using "malware" generically to describe scammy jobs, but I am getting the sense now that we are saying that there are links to malware within a posted job description? I admit I have never seen this so I want to clarify what people are seeing. If in fact there are malware links, UW definitely can detect these if they have the right software. This something they buy from the likes of say a Mimecast or others.  This is not something you do in-house unless you just prevent any links from being entered.


Scott, I presume Upwork routinely scans links within job posts, so I assumed the links in question were contained in client messages, but that's just guessing, since I've yet to observe this firsthand.

 

Nicole, you beat me to the punch! Cat Wink Upwork should perhaps look into this, because it's a new scam variation, and if nothing else, it's wasting freelancer time and connects.

__________________________________________________
"No good deed goes unpunished." -- Clare Boothe Luce
Community Guru
Scott B Member Since: Nov 20, 2015
14 of 27

Thanks for the clarification, John and Nicole. Same rules apply though and software is available to scan links before they are presented whether in email, job post, message, etc. Companies should be using this type of software anyway for their own internal defenses. Extending should be considered although the cost for something like this public platform would be interesting. Nonetheless, the tech exists to combat this problem. Even though this software is excellent, it is not 100%. It can miss actual malware or false flag a good site. There will not be 100% protection. Just something to keep in mind.

Community Guru
Preston H Member Since: Nov 24, 2014
15 of 27

I feel bad about what happened to Stephen. I don't think he is an unsophisticated computer user or bad freelancer.

 

Nevertheless, payment verification and malware are completely separate topics.

Ace Contributor
Stephen L V Member Since: Feb 18, 2015
16 of 27

At the risk of repeating myself, in my recent situation, there was unverified payment method. I don't usually count projects out when seeing that, and the job post was well written, lengthy enough to contain the kind of details necessary for me to know what the job required and offered pay that reflected the skill level they were looking for. It was for a voice over, my field.They were also only looking for one freelancer. I was offered an interview around 12 hours after replying, which also made sense as that's usually the case. The interview message contained a zip file with a supplied password, which I downloaded without scanning (that's the part where I was lazy and an atypically bad computer user, but thanks for the words of defense, Preston!). It didn't take long for me to be suspicious when the file would not open, so I checked the file location and it had gone straight to my system's powershell.

 

Skipping ahead: Where the unverified payment method is a factor is when there are other red flags, such as 0 other jobs posted AND a simple job with a request for a ridiculously high number of applicants (such as 45 or 60). I saw 14 or 15 of those after my initial issue, all for voice overs and all with bare minimum job descriptionss (much sloppier and lazier for the post I applied for), and I flagged each of them.

I think what Nicole's post illustrated was that, when combined with other factors, an unverified payment method should be a red flag, not that it is always the case.Apologies to Nicole for potential mansplaining.

 

PS-My security software (Webroot) couldn't find the malware I downloaded, and it took a two hour remote session with one of their people in order to find it and kill it. He literally told me that it was the  first time that virus had ever been seen by their company. His comment was "Having the only computer in the world with this virus is not a good thing". In the end, all was fixed and lessons were learned. I am somewhat bolstered by the sophisitcation of the entity that I was was infected by. It is heartening to know that Upwork does indeed attract talent.

Active Member
Nicole H Member Since: Oct 6, 2017
17 of 27
Very well said! You hit the nail on the head as far as the main point of
my post.
Community Guru
Heaven H Member Since: Nov 24, 2015
18 of 27

Unverified payment method + zero jobs posted is not a red flag. It makes complete sense that someone who's never even posted a job before has no verified payment method yet. The lack of payment verification is almost completely irrelevant until a potential client offers you a contract. Someone looking for 60 freelancers for one voiceover is suspicious regardless of payment verification.

Community Guru
Tonya P Member Since: Nov 26, 2015
19 of 27

I would guess that jobs that require the sharing of large files are easier to target because the freelancer is less likely to be suspicious of a zip file with a password. 

 

My takeaway will be to avoid those types of files!

 

Community Guru
Petra R Member Since: Aug 3, 2011
20 of 27

Upwork does scan attachments, hence the frequent outraged posts when someone can't download one...

 

Here it was a link to a place outside Upwork, far more difficult to police.

 

TOP KUDOED MEMBERS