Lead Project & Delivery Manager, VP R&D Mykhailo Kostynskyi told how he encountered scammers during an interview. Scammers try to lure leading IT professionals with promises of super-high salaries.
Lead Project & Delivery Manager, VP R&D Mykhailo Kostynskyi told how he encountered scammers during an interview. Scammers try to lure leading IT professionals with promises of super-high salaries.
«A scam at an interview. Interesting? I was also interested, so whoever is looking will definitely find it. A few days ago, Ahmed added me on LinkedIn — he’s from an Asian non-profit company, they work in iGaming, his profile looks quite professional. Okay, I’ll add him. A couple of minutes later — he writes to me in private. He says there’s an interesting offer, the salary is just WOW, the project is interesting, etc.,» the specialist says .
Such sweet promises of the IT guy alarmed me. «I’m like: hmm, something suspicious, such salaries from a cold contact on Linkedin? But it’s interesting, I think — okay, I’ll send him my resume (what if this is a real offer and I start earning a lot),» says Mykhailo.
After receiving the resume, the employer allegedly suggested that Kostynsky choose a time for the interview. «Okay, I chose tomorrow. Before calling, I Googled the company — it exists, everything looks more or less normal. I think: well, what if this is a real chance? Maybe a really cool job?», — describes the development of events IT worker.
The next day, according to Mikhail, Ahmed is 10 minutes late for the call. «No camera. He asks something very formal, like a checkmark. I answer the same way — the feeling that it’s not a real interview, but just something incomprehensible. And then bang — he says: here’s a link to Bitbucket, download the project, take a look and run it yourself,» the surprised IT worker describes his experience. «I’m in a stupor: firstly, I’m not a developer, the vacancy is not for a developer. Secondly, why would you run code from a stranger on the first conversation?»
The Ukrainian replied that he currently has no opportunity to launch the project. «I say that I don’t have a configured environment, and in general, it’s somehow strange. But he starts to press, says that it’s important. I already understood everything — it smelled like a scam. I say: okay, I’ll configure it and write. That’s it, we said goodbye,» Mykhailo reports.
After that, he turned to a friend who understands coding. “ He looks into the code, looks… And there is malicious code, masking itself through spaces, as if nothing is there. And he also wanted to download all my data to some server in the country of 404. That’s the end of the story. There will be no offer, but there is experience,» Mykhailo summarizes.
He urges the community: if at an interview someone asks you to run something locally, I highly recommend you think twice, or better yet ten times. Activate to view a larger image.
It turns out that such an experience is not unique among Ukrainian IT professionals.
Senior Software Engineer Serhiy Sikachev said in the comments to Mikhail’s post that he recently had a similar experience. «Usually such recruiters ask too simple questions and do not pay attention to the answers. What saved me was that I had already heard about this type of scam. I checked manually, but did not see any spaces, then AI found this code, I saw it through less next.config.js in the terminal and only then scrolled through it in the IDE. There, in that code, it downloads a Trojan from AWS to the computer, which hangs running and parses all sorts of private keys and who knows what else. Now I have a rule: do not install any projects from GitHub without checking and do not do any test tasks based on existing repositories.»
System Administration Specialist Vitaliy Duhnovskyi advises downloading the suggested insecure files to a virtual machine that has no Internet access, and then pretending to be a «fool» that nothing works.
And IT expert Stanislav Timar suggests that victims offer such employers to optimize the code. «And to start working, demand payment and hand over the addresses of crypto wallets to the cyber police,» he notes.
More reactions from IT people to the situation here.
