» Forums » Support » Be careful with proposal messages
Page options
Community Member

Be careful with proposal messages

So I made a proposal the other day to a listing where it seemed legit and all, and related to the services im offering.

The proposal got accepted and I got a reply message from the listing poster, with a link to download his "requirements" file. 

The requirements file had multiple red flags.

1) It was a zip file, password protected, and the contents were 3 files, one dll (lol), one executable and an .eps file, which im not sure what it is (I still have a copy of that zip).

2) The zip file was hosted on a webiste which was completely irrelevant to the tech industry, on a weird path. I assume it was a hacked domain

3) On the initial message I was sent, there was a different link than the one I first visitied. During the 5 hours hours that it took me to first open the message, the listing poster edited his initial message and only changed the link to this malicious file. I also checked the first domain the file was hosted on (upwork sent me a copy of both messages), and it seems to have been again a completely irrelevant website, which again seems hacked. Note that both websited are built using wordpress.


The zip was uploaded on virustotal, and last scan was from 3 days ago, meaning this must have been going on for some time and I was not the first one to receive such message.


I can now see that both the messages are gone from my dashboard, as well as the user's profile seems to have been deleted.

In this case, considering upwork promotes the whole communication to be done from within upwork's platform, who is responsible for such cases?

Latest Articles
Featured Topics
Learning Paths