Cybersecurity researchers have issued a warning about an ongoing global job scam that has the potential to affect more than 100,000 individuals in over 50 countries. This scam is estimated to result in collective personal losses exceeding $100 million for more than 1,000 targeted companies.
Dubbed ‘Webwyrm,’ the hackers behind this large-scale job scam have impersonated over 1,000 companies spanning 10 different industries. This operation resembles a combination of tasks similar to the notorious ‘Blue Whale Challenge’ from a few years ago, which had a significant global impact. The cybersecurity company CloudSEK uncovered these activities and emphasizes the urgency of addressing the situation due to the scale and sophistication of the threat actors involved.
According to the researchers, more than 6,000 fake websites, over 600 websites sharing nearly 200 unique WhatsApp numbers, and 230 Telegram handles have been used to target individuals in more than 50 countries.
The report highlights the potential collective impact on victims, taking into account the multitude of impersonated companies and an estimated average loss of $100,000 per company based on reported financial losses. This impact could potentially exceed $100 million and affect more than 100,000 individuals worldwide.
The financial havoc caused by Webwyrm not only harms individual victims but also damages the reputation of the companies being impersonated. As people fall victim to scams promising thousands of dollars in their name, it erodes trust in these legitimate companies, leading to unintended associations between the companies and the orchestrators of these scams.
Webwyrm is believed to have been active since late 2022 and has expanded significantly since early 2023, employing various deceptive tactics. CloudSEK has collaborated with global law enforcement agencies to share details of the investigation, with the aim of implementing remedial actions that include dismantling the scammer infrastructure and informing the impersonated organizations.