Hi! I want to send a warning to freelancers to be absolutely careful with clients who asked you to download a file called "Paid" test doc and asked you to click on the click and entered the password that was in the file.
I have two clients in my Messages "**Edited for Community Guidelines**" and "**Edited for Community Guidelines**." I believe they are sending virus files to have access to people's laptops. I did download **Edited for Community Guidelines** file and entered the password. It appears to me it is someone trying to access my laptop's information. Thank goodness in the zip file it was a Shortcut type file therefore I wasn't able to download it. I did scan for malware.
I tried to find a way to contact Upworks by filling out their survey.
Please send emails to all users regarding anyone sending a file with "Paid" Test documents where it requires you to enter the password and download a zip file.
Before you download any file from a client, just make sure they are able to interact with you on the messages and if they're responding, it's 100% scam and they are trying to access your laptop.
Thank you for bringing this to our attention. I see that the customer support team reached out to you directly regarding this concern to assist you further. If you have any questions or would like to share more information about this, please feel free to respond to the ticket so that the agent assisting you can check on this right away.
Having just experienced this, have some comments. I was the victim of an infected file sent from a client. I realize that Upwork can't do anything about links we get in the message room that go to offsite files. It did look a little weird to me but I have gotten files from clients like this before. I should have been more suspicous and I will be the future, I have already spanked myself.
I immediatly launched my virus protection and cleaned my computer, downloaded other virus software, double checked, rebooted, checked again and made sure it was gone immediatly after spotting it. Then I did a system restore.
I checked the job post that sent the link to me, they had 2 other jobs open in totally unrelated fields. I know now to check the clients other jobs, the job I applied to did not set off any red flags but the other 2 did. I flagged 2 of the jobs and then came here an notified a moderator, marking everything as URGENT.
While Upwork cannot prevent us downloading inflected files offsite, I do think there are precautions they can take. The jobs were not removed for hours, in the meantime I notice more and more people being "interviewed" and attempted to be infected. One had 30 being interviewed, one 34 and one 8. Why were these jobs not pulled right away?
Is there someway that support can be automatically alerted when a client is interviewing say more than 8-10 people? Then you could check the message rooms to see what is being sent.
2 days later I wake up to find my account is locked until I download and scan my computer with Upwork's preferred virus software and then upload screen shots of a clean computer with the date, etc. My account was locked all day. I have an ongoing job and I had 6 proposals in.
I also feel victimized again by Upwork, When I was finally able to access my account, I see that all of my active proposals were canceled indicating "withdrawn by me". I did not receive my connects back.
I feel Upwork needs to move faster to get these types of jobs taken down and if I was infected and could upload infected files, 2 days later is 2 days too late, in my opinion.
Sorry to hear you received a malicious file from a client, Julie. Upwork team is working hard to identify malicious files and take action against accounts that send them. We also encourage our users to take these steps to protect themselves. The job you are referring to have already been removed and I’ll also follow up with the team about your concerns about connects.