๐Ÿˆ
ยป Forums ยป Support ยป It's a 3rd fraud in a month - Upwork Account ...
Page options
bhvadeepvyas
Community Member

It's a 3rd fraud in a month - Upwork Account Got HACKED - MONEY STOLEN

I have been an active user (agency) since 2009 when it was Odesk and my experience with Upwork so far has been good but recently Iโ€™ve had terrible incidents and experience with Upwork, which is really disappointing and an eye opener to the community. 

 

Although the incident is not new, it has already been reported many times and there are many victims and comments posted,  but the strange thing still persists and Iโ€™ve questioned Upwork didnโ€™t taking it seriously.

 

What is the case?


I was met with the strange issue of $ 21,239.04 withdrawals that was transferred to SOMEONE else account(which we never hold), I reported the issue to Upwork support team as soon I came to noticed on 29th March 2022 till date I was struggling to know the cause of such happening. We are an Indian agency and money was transferred to a Japanese bank.

 

I comply with the Upwork Support team, I have been verified for ownership of the account & etc, and an exception from Upwork is to closely look into my case on priority basis as this is not an usual thing from us.

 

Every request and follow ups, I was disappointed because Upwork Support team were not helping me with either any of my concerns or providing any SINGLE SUMMARY till date. A never ending clock of 24-48 hours response from the Support Team.

 

My concerns are,

 

  1. Being a Financial manager Why should I not get any notification of account withdrawals? Or any of my partners even? 
  2. How does someone else's bank account get added and verified? Does the account **Edited for community guidelines**match with my company name? 

 

In the community there are many victims having the same issue reported from the year 2017 to till date.  

  1. https://community.upwork.com/t5/Freelancers/Account-got-hacked-and-18000-withdrawan/m-p/319320    (March - 2017)
  2. https://community.upwork.com/t5/Freelancers/MY-ACCOUNT-GOT-HACKED-AND-6000-WITHDRAWN-BY-HACKER/m-p/1...  (Feb - 2022)
  3. https://community.upwork.com/t5/Freelancers/Hacker-stole-2800-from-my-account/m-p/1041788    (March - 2022)

What preventive measures Upwork have in place? 

 

Purpose:

My intention behind posting this in the community is to make people aware of this as it can happen to anyone on Upwork. Such cases may be more likely on Upwork, as I told you this is the third case in the last 30 days ๐Ÿ˜ž and this is officially posted on the community and who knows how many others are unofficially. Upwork must be knowing similar cases that have not yet been disclosed to the community by users.

 

I need Justice for all those who are suffering from all these (I am not saying return back the money) but what preventive steps take place so far from the first incident reported ? If we read each having the same culprit and method of withdrawals in JPY currency by adding others bank accounts. How is it possible?  Now I have a question about Upwork security. Believing they are treating support requests very lightly and in the traditional manner as I reported it was priority, I didnโ€™t find any active conversation to my request, doing as usual requests.  

 

I hope this post will spread good awareness among all Upwork users. Upwork needs to improve its support for specific critical issues and enhance system security by acknowledging some of the shortcomings. It is clearly seen that Upwork is lacking in the verification process and there must be LOOPHOLES in security. I wish no more HACKING would happen with anyone on Upwork.

52 REPLIES 52
yofazza
Community Member

I've been reading about these hacking cases and this Japanese bank and just got the bank name from this post. I searched:

 

https://www.nytimes.com/2019/02/22/business/mufg-bank-japan-money-laundering.html

 

Upwork should ban the bank if they blindly accept transaction and pass the money away easily like that? Even "online banks" , "e-money providers", will freeze suspicious transactions. Even Upwork freezes people's financial for unstated reasons I see.

 

This is one reason why I never put a 100% trust to any middleman / Freelancing platforms although I've been freelancing for almost 2 decades. $20k is a lot of money.

Ideally they can put a solid verification process to approve the payment method if anyone adding the account that belongs Japanese MUFG Bank. They should double check.

 

They must have to put a team who investigate such cases, I'm not sure they are doing or not becasue we do have any updates on this case.    My point is here what Upwork is doing, what actions/measurement they are taking  after knowing such cases.

 

Yes $21k is our hard earned money.

Yes, that's one thing they can do on their system. They should do it. But if it's a phishing case, social engineering case, they can say (which some financial institutions on the same case may also say), "sorry, that transaction was valid".

 

Basically if you got access, you'll have lots of methods to trick the system and the real owner. And they'll say it was valid and they can't do anything. It was a phishing case, right?

 

So, it's also needed to add a layer of protection by not cooperating with institution that is already known for money laundering. It's not about "transferred to a wrong account" which the bank should honor the account owner by not reversing/freezing anything without the owner's consent, but it's a money laundering crime.

 

It's actually very weird to me that a big Japan bank does this.

JoanneP
Moderator
Moderator

Hi Bhavdeep,

 

I understand that you are concerned about the withdrawal transaction on your account. I checked, and it looks like you already have an open ticket with the team. Please allow them time to review and update you directly on the same ticket. I'd also like to let you know that I have also followed up with them about this case. 

~ Joanne
Upwork

Ticket status is open but getting support is very slow. We have generated ticket on 31st and today is 08th April but till date we have not got any summary of the matter 'what happened and how'. Thank you for your heads up.

vipul_si
Community Member

Please allow them time to review and update you directly on the same ticket. I'd also like to let you know that I have also followed up with them about this case.
>>Thank you, 
Since this issue is has been reported on 31st March,2022 (12 Days) except freezing the account nothings has been take care, 

Didn't know what exatcly thing is communicated or investigation done so far.  No single response received from support team to any listed profiles.  even also following other community post it was the same. 

 

Are you still following this ticket?

 

Hi Vipul,

 

Thank you for your message. I will follow up with the relevant team to expedite a response to your support ticket. One of our team members will reach out to you as soon as possible to assist you further.

 

Thank you.

Pradeep

Upwork

Thank you for considering...! 

Good to hearing some conclusive action from support team. Almost passing more than 10 days without any action on upwork is really difficult for me even there were no such active action on it as well.  

vipul_si
Community Member

Bhavdeep, 
Obviously its really hard to digest, a over the the world  most trusted platform for freelancer having a such serious cases incresing day by day. How hard earning freelancer community can rely on platform? 

 

Disappointing news and progress about your case. 

b37ef987
Community Member

Bhavdeep,

It's aweful news, pray to have you justice , may upwork take a necessary steps for such scam preventions. 

75ceee1b
Community Member

Getting a support from Upwork Team is kind of your luck. we rare things you will hear from the team. ๐Ÿ™‚ I am dame sure still you'll waiting for Support team reponse. 
Good Luck...!

petra_r
Community Member


Bhavdeep V wrote:

as I told you this is the third case in the last 30 days ๐Ÿ˜ž


How is March 2017 in the last 30 days rather than 5 years ago?

 

vipul_si
Community Member

How is March 2017 in the last 30 days rather than 5 years ago?
The most recent one is 

"It's a 3rd fraud in a month - Upwork Account Got HACKED - MONEY STOLEN" 

So from March 2017 to till date there are many but I found 5-6 cases with same pattern of scam. Upwork have better answers and exact count actually. 

petra_r
Community Member


Vipul J wrote:

So from March 2017 to till date there are many but I found 5-6 cases


You found 3 in 5 years among millions of accounts., So writing that there were 3 in a month was simply untrue.

 

Generally, when accounts are compromised it is because the owners allowed someone access to their credentials.

 

You didn't even have two-factor verification enabled until afterward....

vipul_si
Community Member

Thats what I am saying... There were tons of accounts and cases where reported. 

If you see the very FIRST post, it mentions clearly that between 14th February 2022 to 29th March 2022, actually there where total THREE cases (alogn with current) reported. 

So Ideally in 1 month 17 days there were total 3 cases are reported and all have no updates at last from support team. 

vipul_si
Community Member

Petra

Its not about counting the numbers and cases happen, Ideally we should have to focus on solutions and support community on correct way. 

 

petra_r
Community Member


Vipul J wrote:

Its not about counting the numbers and cases happen, ideally we should have to focus on solutions and support community on correct way. 


Indeed. **Edited for Community Guidelines**

vipul_si
Community Member

I am writing based on all the facts and evidence I found on community, related to same post. 
If we see from Feb - March 22 there were total 3 posts:

  1. https://community.upwork.com/t5/Freelancers/MY-ACCOUNT-GOT-HACKED-AND-6000-WITHDRAWN-BY-HACKER/m-p/1...  (Feb - 2022)
  2. https://community.upwork.com/t5/Freelancers/Hacker-stole-2800-from-my-account/m-p/1041788    (March - 2022)
  3. https://community.upwork.com/t5/Support/It-s-a-3rd-fraud-in-a-month-Upwork-Account-Got-HACKED-MONEY/... (March -2022 - the current one)

    All the above posts are reported on community, I am not much active here but yes what is firstly get the related cases that is mention.  

Its not all about destracting any one but want to aware the other members of community to take an preventing them with such unwanted causes. 

yofazza
Community Member

Outright lying to get attention? If that's the case, he wouldn't write 2017, Feb & March, and "3rd fraud in a month" at the same time. 

 

You really didn't think that it's simply miscommunication from a non-native speaker? I'm not a native speaker but I can think of that.

 

Yes, most likely it's not UW that were hacked. Phishing, social engineering, someone close, etc.  But blindly defending them while blaming the victim is silly. He said in the first post that he doesn't expect UW to return the money, but wanted to share & see improvements. That's where I say to stop cooperation with known money-laundering institutions. UW don't adopt crypto? Why? Because money transferred into it is untraceable? What's the difference with this Japanese bank then?

 

I can understand if you're the type of person who'll simply blame an old lady after she got scammed, that's okay. But I believe it's better to find out how it could happen, and what can be done as prevention. Even if the old lady is scammed by her own grandson, I blame the grandson.

vipul_si
Community Member

Yes, I think we are on same page Radia, Its not about fighting and returning back the money. My and Bhavdeep ALL PURE purpose it to get community awareness so that thay might be not get stuck in such scams or will have a bad day for any of freelancer even. 

 

Next, I would like to know what preventing things/plan Upwork have in road map? are they having any control to such scams ? the reason to asking is till date on our ACTIVE ticket there is no any active communication or root cause we hear from even didn't know the timeline when will receive. 

 

vipul_si
Community Member

It's been went almost 24 days to actual incident and still waiting the resonse from Upwork team. 

During this 24 days, Support team is tried to communicate an reply to ticket, It feels me like we are passing ticket and just enlarging our coversation thread. 

Nothing get concreate to our initial questions ask to manager or company owner. 

 

Are Upwork support team really serious to our ticket?

Hi Vipul,

 

Thank you for following up. I reached out to the team handling your case and one of our agents will follow up with you on your support ticket as soon as possible to assist you further. 

 

~ Nikola
Upwork
dhavaljobs
Community Member

**Edited for Community Guidelines**

 

**Requesting for support**
As I have undergone a big scam on the Upwork, I have raised many disputes to the Upwork for the same scam but have not got any answer from them. A huge amount of dollars has been withdrawn from my account by a Japanese bank, where I have an Indian agency. @Upwork should have used their brains that how can an Indian agency withdraw money from a Japanese bank????!
I did not get any verification email or notification that someone is trying to open my account that such a scam is happening. When I got an email that the amount has been withdrawn from my Upwork account from a Japanese bank, within 3-5 minutes I immediately raised a dispute and complained to Upwork through live chat. But they said they will work on it within 24 hours. I don't know what sense it makes by blocking my Upwork account as the matter was of money that should be refunded but instead, they have blocked my account. Now since last Thursday, I am taking several follow-ups from Upwork and am not receiving any replies to my follow-ups or E-mails. You can see the screenshot I've attached below, which also supports me to get my hard-earned money from Upwork. This is really a scam, it is today me it might be tomorrow someone else. Please support me to get my hard-earned money back.
Thank you.

Dhaval, 

Sorry to hear about you...!
Really its a big big problem with Upwork payments after reporting our incident, This is again happen with same FORMAT and BANK...!

Now have a question about Upwork Security team...! What actually they are preventing?

 

Hey Dhaval,

 

This was the same case happened with us on 29th March. This is a very serious matter for all the members who are running their business on Upwork, their accounts are not safe. Not sure what Upwork is doing as we aren't getting any updates from Upwork. Our account still has restrictions and is not fully operational. 

Hi Dhaval,

 

I'm sorry to hear about this, I went ahead and followed up directly with the team handling your support ticket. You should expect an update soon.

 

~Andrea
Upwork

Same happened with us, still no response ๐Ÿ˜ž

vipul_si
Community Member

@Dhaval and @Bhavdeep, 

Its a really strange and eyeopener thing to Upwork Community. I believe there are tons of others and we are not know.  

MOST RECENT SCAM TIMELINE

1)  14 Feb 2022              Hasnain R   -  https://community.upwork.com/t5/Freelancers/MY-ACCOUNT-GOT-HACKED-AND-6000-WITHDRAWN-BY-HACKER/m-p/1...

2) 20 March 2022         Walid H      -  https://community.upwork.com/t5/Freelancers/Hacker-stole-2800-from-my-account/m-p/1041788

3) 26th March 2022     Bhavdeep  -  https://community.upwork.com/t5/Support/It-s-a-3rd-fraud-in-a-month-Upwork-Account-Got-HACKED-MONEY/...

4) 13th April 2022         Dhaval  (A week ago)**Edited for Community Guidelines**

I am really worried with incident as its day by day incresing and highlights on various platform even. I don't understand since all those have a same pattern of scam, What actually Upwork team is investigating.

Do they have controll on such kind of scams? What preventive action they are taking on it? Please share the guidelines and process so that every once and rest assure on it. 

Yes, and when you try to take support,

Chat support person leave the chat, first time I thought it could be by any reason, but second time - I understand that this is happening by purpose.

I have proof this time : https://prnt.sc/jhFUBJVIDZVY

yofazza
Community Member

To continue my post about money-laundering-friendly institution, someone in my country just arrested for taking money from abroad. I can't find any foreign news about this, here's a translated one.

 

Yes it's a whole lot more of money. But there are smaller cases, such as $300, that can make a "receiver account" frozen even before the "online fraud case" is reported to the police (depends on the "proof" the victim can provide to the bank).

 

The point is, it should not be easy for a scammer to create a bank account, and to move money out from it. Especially if there are reports. This is not the crypto world.

 

I assume UW never reported any of this incident to the bank, but the bank itself appears in Google in relation to money laundering. That's why I conclude the bank isn't safe.

 


State regulators and other federal authorities have said for years that MUFG failed to properly monitor who its customers were and where their...

Banning this particular bank will not  affect Japanese freelancers. It's not 20 years ago, and you're not blocking the entire country.

 


Less than 20 years ago, receiving money in small transactions from abroad to local bank is impossible here. We can't even use PayPal. The reason is because, there's no way you can "complain" after you send money or merchandise here.  Not even your bank or your police.  So nobody wants to transfer money here. But it slowly changes to the $300 point I explained above.

You implemented security protocols, but we know they will "compete" with the scammer's tricks, and the technology itself (remember the old saying "do not connect if you want a 100% security"?).

 

Not to mention there are things beside techonlogy such as social engineering which will render all (or at least most) of your technological precautions including notifications useless.

 

So banning these banks is another precaution you can do, unless, like the scamhaven problem, this is not your priority which we must accept.

vipul_si
Community Member

Radia, 

Thank you for continue your post about money-laundering-friendly institution. 

I/we all should have to understand every eco- system and process need incremental changes in order to sustain their workforce/businesses. 

While repling to you, we as community and Upwork platform knows the most recent scams are incresing with same pattern and Bank, so I was surprise being an tech savy people in community is that any single thing is not in control till date? 

Good to know state govement and federations have a control on such money-laudering cases and believe in near future it will have more stick actions to prevent such incedents even. 


7e8ec0ff
Community Member

I have been with upworks for many years and contribute a lot to upworks. Can't imagine this kind of loophole can be treated so badly to you. Definitely will keep me worried what is this happening to me? Dhaval you have my support.

Samuel,
It's a matter of worring of community, such a trusted brand, are they really take a serious action on such scam? 
Hoping in near release upwork will have more preventive stepts to avoid such incident. 

ipsbrar
Community Member

Dear Bhavdeep, I am a victim of this same fraud, I lost $6730.17 USD on 30th May, and it's been over 10 days now no update is provided to my by Upwork, I have been following up with Upwork Support Team but they are not replying to on my request thread. I don't know what to do now.

 

I just want to know if you ever got your money back or not?

Hi Iqbinder Pal Singh,

First of all sorry to hear that same incident happened with you. To answer your question about getting money, So they said 'NO', Upwork said,

  • We have tried our best and our banking partners also did put in significant efforts in recalling these funds
  • Unfortunately, attempts were unsuccessful in reversing these transactions

I am really not sure, what actions they took with that japanese bank where the money was goes. But the most important point is Upwork has to accept that they have to tighten their security in many areas like they must need to implement multifactor authentication while adding new payment method, transferring fund, users permission etc. 

 

I agreed they are slow in investigation & updates, you can take continues followup. 

couturepopcafe
Community Member

I take my money out as soon as it's available. I never leave money in UW.

 

yofazza
Community Member

What I've seen so far including from other similar cases not written in this thread (money stolen/withdrawn to another bank):

 

  1. The bank is always MUFG Bank. Where there are articles about them failing to monitor their customers for money laundering.

    My comment (as explained in a few examples above), this behavior is unacceptable for a normal bank, they should switch operation to a crypto-bank instead. And what action have been taken by Upwork? Upwork should also allow crypto withdrawal so to be fair because it's the same result; transferred money is untraceable(sarcasm warning)

  2. As far as I can see, this happened to freelancers in South Asia only. Am I wrong? What other similar point between these cases? If it's a phishing or social engineering case, how and where it happened?

 

ps: 20k USD... In here we can buy (not rent) a decent studio apartment with it. Is there a way to offer like half of it (or something like that) to anyone who can help to get it back?

 


Radia L wrote:
  1.  
  2. As far as I can see, this happened to freelancers in South Asia only. Am I wrong? What other similar point between these cases? If it's a phishing or social engineering case, how and where it happened?

 

 

 


I'm in information security. The attack vector here is the end-user (as it is unlikely that Upwork is being hacked). To be able to pull such an attack, the following logical steps need to be done:

 

1. The attacker must get the FL/Agency Upwork account credentials (e.g., username/password) via compromising a computer or a mobile device. The attacker either has RAT (remote access tool) that captures typing or malware that is harvested the passwords, for example, saved in Google Chrome (it's quite easy to read passwords saved in Chrome). 

Maybe there was a phishing email where the end-user clicked on a link and was tricked into providing the credentials. 

 

Possible mitigations: Have a proper AV system installed on the endpoints, have an up-to-date operating system, and learn about phishing and how to recognize it. ENABLE Multifactor authentication, so when a new IP, browser, or OS is trying to log in, an additional step is needed to verify the login.

 

2. The attacker has to add its bank credentials to Upwork. In order to do that: They must create an account which is matching the FL/Agency name. To get this, they may a) find a person with a similar name willing to cooperate, to open the bank account b) forger/fake an ID/company documents that can be used to open the bank account. Opening a bank account can be done within 24 hours nowadays, using an all-online process.


3) The attacker has to wait for the Upwork account verification process, which, when I had done it, took 3 days. I don't know what is the current timeline for this. 

Possible mitigation: Upwork should send an e-mail or text notification to the FL that a new bank account was added. I don't know if it is already done and the attacker has captured and deleted these messages, or it is not done at all.

 

4) The attacker pulls down the money from Upwork to the newly created and added bank account. The get paid now only requires the same password.

Possible mitigation: Upwork could require MFA confirmation for manual withdrawal. But that would only work if MFA is enabled on the FL account (which would prevent the breach).

 

Upwork is not a bank, so keeping money in the account is not a good idea. From UW's standpoint, they have followed all the procedures and safeguards related to the payment method, and the responsibility here falls to the FL to protect its account information. I'm pretty sure Upwork is investigating the case, and I'm certain that what they will find:

  • During a period, there will be a number of IP addresses that have accessed the account
  • They will filter down the ones that are regular IP addresses and try to identify the attackers IP, which should be only seen a couple of times accessing UW, as the attacker does not log in ofter to check jobs or do other activities, only to do the necessary steps for the attack.
  • Once they have identified the attackers IP, they most probably will find it out that it is 1) belongs to a no-log VPN service, 2) a TOR exit node, 3) a compromised (zombie) host no matter what it is, but the attacker ensures that it is in the same geographical region as the freelancer legit address is.
  • Now they can't identify the attacker by IP; they might be able to contact the MUFGs compliance and fraud team (if they will and have the drive for it) to report the incident and ask for cooperation, but there is a big problem here. This is something international; someone's money - who is from Pakistan, India, etc. - was stolen from a US company (Upwork Escrow which is a Delaware registered entity) which is not even a bank, to one of the largest banks in Japan.  So which police should investigate the case? Who should report the incident? To which jurisdiction? The MUFG Fraud team will not answer questions from a US company representing an FL in another country. They are not going to answer as in Japan (anywhere in the world), there is a bank secrecy act, privacy protection acts, etc.; they simply can't share by law the details of their customers without a formal law enforcement inquiry. 

I have worked at a small bank's Fraud and Security team; we were swamped in police requests, and our lead time to answer them was 30-45 days (and that was a very small bank compared to MUFG). So even if MUFG would answer any questions to Upwork (and they won't, but if they would), that would take, I guess, somewhere between 2-6 months. By that time, the money is gone from the account, and the person who opened the account is also gone.

 

So the summary is: while Upwork could improve in some areas (verification/notification if a new account is added to an account), it is not their responsibility to protect the FLs accounts. They have created the tools for it, but it is the responsibility of the FL to do it. I feel the loss of everyone who has been a victim of such an attack, and I would be pretty mad if it happened to me, but please try to understand, Upwork can't really do much in here.

 

vipul_si
Community Member

  1. As far as I can see, this happened to freelancers in South Asia only. Am I wrong? What other similar point between these cases? If it's a phishing or social engineering case, how and where it happened?

    It is look like the most victims are from South Asia,  Interesting thing is as Upwork know the pattern of withdrawals from same bank(Japanes bank) and they have no control to restrict. That mean It was already experienced with almost N number of incedents and their is no PUBLIC guidelines about taking care of the freelancer accounts. 
Latest Articles
Featured Topics
Learning Paths