Ideally they can put a solid verification process to approve the payment method if anyone adding the account that belongs Japanese MUFG Bank. They should double check.

They must have to put a team who investigate such cases, I'm not sure they are doing or not becasue we do have any updates on this case.    My point is here what Upwork is doing, what actions/measurement they are taking  after knowing such cases.

Yes $21k is our hard earned money.

Yes, that's one thing they can do on their system. They should do it. But if it's a phishing case, social engineering case, they can say (which some financial institutions on the same case may also say), "sorry, that transaction was valid".

Basically if you got access, you'll have lots of methods to trick the system and the real owner. And they'll say it was valid and they can't do anything. It was a phishing case, right?

So, it's also needed to add a layer of protection by not cooperating with institution that is already known for money laundering. It's not about "transferred to a wrong account" which the bank should honor the account owner by not reversing/freezing anything without the owner's consent, but it's a money laundering crime.

It's actually very weird to me that a big Japan bank does this.

Ticket status is open but getting support is very slow. We have generated ticket on 31st and today is 08th April but till date we have not got any summary of the matter 'what happened and how'. Thank you for your heads up.

Please allow them time to review and update you directly on the same ticket. I'd also like to let you know that I have also followed up with them about this case.
>>Thank you, 
Since this issue is has been reported on 31st March,2022 (12 Days) except freezing the account nothings has been take care, 

Didn't know what exatcly thing is communicated or investigation done so far.  No single response received from support team to any listed profiles.  even also following other community post it was the same. 

Are you still following this ticket?

Hi Vipul,

Thank you for your message. I will follow up with the relevant team to expedite a response to your support ticket. One of our team members will reach out to you as soon as possible to assist you further.

Thank you.

Pradeep

Thank you for considering...! 

Good to hearing some conclusive action from support team. Almost passing more than 10 days without any action on upwork is really difficult for me even there were no such active action on it as well.  

How is March 2017 in the last 30 days rather than 5 years ago?
The most recent one is 

"It's a 3rd fraud in a month - Upwork Account Got HACKED - MONEY STOLEN" 

So from March 2017 to till date there are many but I found 5-6 cases with same pattern of scam. Upwork have better answers and exact count actually. 

---

Vipul J wrote:

So from March 2017 to till date there are many but I found 5-6 cases

---

You found 3 in 5 years among millions of accounts., So writing that there were 3 in a month was simply untrue.

Generally, when accounts are compromised it is because the owners allowed someone access to their credentials.

You didn't even have two-factor verification enabled until afterward....

Thats what I am saying... There were tons of accounts and cases where reported. 

If you see the very FIRST post, it mentions clearly that between 14th February 2022 to 29th March 2022, actually there where total THREE cases (alogn with current) reported. 

So Ideally in 1 month 17 days there were total 3 cases are reported and all have no updates at last from support team. 

---

Vipul J wrote:

Its not about counting the numbers and cases happen, ideally we should have to focus on solutions and support community on correct way. 

---

Indeed. **Edited for Community Guidelines**

I am writing based on all the facts and evidence I found on community, related to same post. 
If we see from Feb - March 22 there were total 3 posts:

1. https://community.upwork.com/t5/Freelancers/MY-ACCOUNT-GOT-HACKED-AND-6000-WITHDRAWN-BY-HACKER/m-p/1...  (Feb - 2022)
2. https://community.upwork.com/t5/Freelancers/Hacker-stole-2800-from-my-account/m-p/1041788    (March - 2022)
3. https://community.upwork.com/t5/Support/It-s-a-3rd-fraud-in-a-month-Upwork-Account-Got-HACKED-MONEY/... (March -2022 - the current one)
   
   All the above posts are reported on community, I am not much active here but yes what is firstly get the related cases that is mention.  

Its not all about destracting any one but want to aware the other members of community to take an preventing them with such unwanted causes. 

Outright lying to get attention? If that's the case, he wouldn't write 2017, Feb & March, and "3rd fraud in a month" at the same time. 

You really didn't think that it's simply miscommunication from a non-native speaker? I'm not a native speaker but I can think of that.

Yes, most likely it's not UW that were hacked. Phishing, social engineering, someone close, etc.  But blindly defending them while blaming the victim is silly. He said in the first post that he doesn't expect UW to return the money, but wanted to share & see improvements. That's where I say to stop cooperation with known money-laundering institutions. UW don't adopt crypto? Why? Because money transferred into it is untraceable? What's the difference with this Japanese bank then?

I can understand if you're the type of person who'll simply blame an old lady after she got scammed, that's okay. But I believe it's better to find out how it could happen, and what can be done as prevention. Even if the old lady is scammed by her own grandson, I blame the grandson.

Yes, I think we are on same page Radia, Its not about fighting and returning back the money. My and Bhavdeep ALL PURE purpose it to get community awareness so that thay might be not get stuck in such scams or will have a bad day for any of freelancer even. 

Next, I would like to know what preventing things/plan Upwork have in road map? are they having any control to such scams ? the reason to asking is till date on our ACTIVE ticket there is no any active communication or root cause we hear from even didn't know the timeline when will receive. 

Hi Vipul,

Thank you for following up. I reached out to the team handling your case and one of our agents will follow up with you on your support ticket as soon as possible to assist you further. 

~ Nikola

Dhaval, 

Sorry to hear about you...!
Really its a big big problem with Upwork payments after reporting our incident, This is again happen with same FORMAT and BANK...!

Now have a question about Upwork Security team...! What actually they are preventing?

Hey Dhaval,

This was the same case happened with us on 29th March. This is a very serious matter for all the members who are running their business on Upwork, their accounts are not safe. Not sure what Upwork is doing as we aren't getting any updates from Upwork. Our account still has restrictions and is not fully operational. 

Hi Dhaval,

I'm sorry to hear about this, I went ahead and followed up directly with the team handling your support ticket. You should expect an update soon.

~Andrea

Same happened with us, still no response 😞

Yes, and when you try to take support,

Chat support person leave the chat, first time I thought it could be by any reason, but second time - I understand that this is happening by purpose.

I have proof this time : https://prnt.sc/jhFUBJVIDZVY

Radia, 

Thank you for continue your post about money-laundering-friendly institution. 

I/we all should have to understand every eco- system and process need incremental changes in order to sustain their workforce/businesses. 

While repling to you, we as community and Upwork platform knows the most recent scams are incresing with same pattern and Bank, so I was surprise being an tech savy people in community is that any single thing is not in control till date? 

Good to know state govement and federations have a control on such money-laudering cases and believe in near future it will have more stick actions to prevent such incedents even. 

Samuel,
It's a matter of worring of community, such a trusted brand, are they really take a serious action on such scam? 
Hoping in near release upwork will have more preventive stepts to avoid such incident. 

Hi Iqbinder Pal Singh,

First of all sorry to hear that same incident happened with you. To answer your question about getting money, So they said 'NO', Upwork said,

• We have tried our best and our banking partners also did put in significant efforts in recalling these funds
• Unfortunately, attempts were unsuccessful in reversing these transactions

I am really not sure, what actions they took with that japanese bank where the money was goes. But the most important point is Upwork has to accept that they have to tighten their security in many areas like they must need to implement multifactor authentication while adding new payment method, transferring fund, users permission etc. 

I agreed they are slow in investigation & updates, you can take continues followup. 

---

Radia L wrote:

1.  
2. As far as I can see, this happened to freelancers in South Asia only. Am I wrong? What other similar point between these cases? If it's a phishing or social engineering case, how and where it happened?

 

 

 

---

I'm in information security. The attack vector here is the end-user (as it is unlikely that Upwork is being hacked). To be able to pull such an attack, the following logical steps need to be done:

1. The attacker must get the FL/Agency Upwork account credentials (e.g., username/password) via compromising a computer or a mobile device. The attacker either has RAT (remote access tool) that captures typing or malware that is harvested the passwords, for example, saved in Google Chrome (it's quite easy to read passwords saved in Chrome). 

Maybe there was a phishing email where the end-user clicked on a link and was tricked into providing the credentials. 

Possible mitigations: Have a proper AV system installed on the endpoints, have an up-to-date operating system, and learn about phishing and how to recognize it. ENABLE Multifactor authentication, so when a new IP, browser, or OS is trying to log in, an additional step is needed to verify the login.

2. The attacker has to add its bank credentials to Upwork. In order to do that: They must create an account which is matching the FL/Agency name. To get this, they may a) find a person with a similar name willing to cooperate, to open the bank account b) forger/fake an ID/company documents that can be used to open the bank account. Opening a bank account can be done within 24 hours nowadays, using an all-online process.

3) The attacker has to wait for the Upwork account verification process, which, when I had done it, took 3 days. I don't know what is the current timeline for this. 

Possible mitigation: Upwork should send an e-mail or text notification to the FL that a new bank account was added. I don't know if it is already done and the attacker has captured and deleted these messages, or it is not done at all.

4) The attacker pulls down the money from Upwork to the newly created and added bank account. The get paid now only requires the same password.

Possible mitigation: Upwork could require MFA confirmation for manual withdrawal. But that would only work if MFA is enabled on the FL account (which would prevent the breach).

Upwork is not a bank, so keeping money in the account is not a good idea. From UW's standpoint, they have followed all the procedures and safeguards related to the payment method, and the responsibility here falls to the FL to protect its account information. I'm pretty sure Upwork is investigating the case, and I'm certain that what they will find:

• During a period, there will be a number of IP addresses that have accessed the account
• They will filter down the ones that are regular IP addresses and try to identify the attackers IP, which should be only seen a couple of times accessing UW, as the attacker does not log in ofter to check jobs or do other activities, only to do the necessary steps for the attack.
• Once they have identified the attackers IP, they most probably will find it out that it is 1) belongs to a no-log VPN service, 2) a TOR exit node, 3) a compromised (zombie) host no matter what it is, but the attacker ensures that it is in the same geographical region as the freelancer legit address is.
• Now they can't identify the attacker by IP; they might be able to contact the MUFGs compliance and fraud team (if they will and have the drive for it) to report the incident and ask for cooperation, but there is a big problem here. This is something international; someone's money - who is from Pakistan, India, etc. - was stolen from a US company (Upwork Escrow which is a Delaware registered entity) which is not even a bank, to one of the largest banks in Japan.  So which police should investigate the case? Who should report the incident? To which jurisdiction? The MUFG Fraud team will not answer questions from a US company representing an FL in another country. They are not going to answer as in Japan (anywhere in the world), there is a bank secrecy act, privacy protection acts, etc.; they simply can't share by law the details of their customers without a formal law enforcement inquiry. 

I have worked at a small bank's Fraud and Security team; we were swamped in police requests, and our lead time to answer them was 30-45 days (and that was a very small bank compared to MUFG). So even if MUFG would answer any questions to Upwork (and they won't, but if they would), that would take, I guess, somewhere between 2-6 months. By that time, the money is gone from the account, and the person who opened the account is also gone.

So the summary is: while Upwork could improve in some areas (verification/notification if a new account is added to an account), it is not their responsibility to protect the FLs accounts. They have created the tools for it, but it is the responsibility of the FL to do it. I feel the loss of everyone who has been a victim of such an attack, and I would be pretty mad if it happened to me, but please try to understand, Upwork can't really do much in here.

1. As far as I can see, this happened to freelancers in South Asia only. Am I wrong? What other similar point between these cases? If it's a phishing or social engineering case, how and where it happened?
   
   It is look like the most victims are from South Asia,  Interesting thing is as Upwork know the pattern of withdrawals from same bank(Japanes bank) and they have no control to restrict. That mean It was already experienced with almost N number of incedents and their is no PUBLIC guidelines about taking care of the freelancer accounts.