I’m going to cover what happened and the technical details of a crypto job scam that I’ve avoided. Let’s hope that it can be both entertaining and informative. It’s my second time encoutering this...
I’m going to cover what happened and the technical details of a crypto job scam that I’ve avoided. Let’s hope that it can be both entertaining and informative.
It’s my second time encoutering this kind of scam. In the first time, I just ignored it as the sign is too obvious: a non-fitting job (frontend heavy job for a backend guy) where the recruiter is “impressed with my technical skills” and think that I’m “an exellent fit”. For this second time, I got fooled at first as it is too good, and after I realized it’s too good to be true and likely a scam, instead of stopping early, I just got… more patient and curious about what’s behind.
Thanks for sharing, really nice writeup! In case you haven’t already, I would suggest contacting GitHub to report the repo. A whois lookup also shows that the malicious domain was registered very...
Thanks for sharing, really nice writeup!
In case you haven’t already, I would suggest contacting GitHub to report the repo.
A whois lookup also shows that the malicious domain was registered very recently at namecheap, so you could send them a report as well.
Noting how you followed up after determining that it was a scam might be a nice footnote after the conclusion.
I sent the information to GitHub, Namecheap, the related company that has its recruiter impersonated, and Telegram. I also updated my post accordingly. Personally I think it's a bit futile, but...
I sent the information to GitHub, Namecheap, the related company that has its recruiter impersonated, and Telegram. I also updated my post accordingly. Personally I think it's a bit futile, but let's hope that it can disrupt the scammer right between his/her scam, heh
I am always surprised by how willing people are to do so much work to not have to do actual legitimate work. It seems much easier to just get a steady job. Anyway, thanks for the nice write up....
I am always surprised by how willing people are to do so much work to not have to do actual legitimate work. It seems much easier to just get a steady job.
Anyway, thanks for the nice write up. It’s my first time hearing of this scam and also firejail. Will definitely look into using that for my future needs.
Just wanted to say thanks for the writeup. It's always cool seeing someone take the time to write something original, and thereby educating other people. For instance, I have never heard of...
Just wanted to say thanks for the writeup. It's always cool seeing someone take the time to write something original, and thereby educating other people. For instance, I have never heard of "firejail"... I am sure it will come in handy some time :-)
Hey thanks for the kind words!! I'm glad that you found my post useful! To be honest I'm not an expert in cyber security, but figured that on interacting with unsafe code, I need some kind of...
Hey thanks for the kind words!! I'm glad that you found my post useful!
To be honest I'm not an expert in cyber security, but figured that on interacting with unsafe code, I need some kind of protection. I asked Claude (I'm sure ChatGPT can help with these kind of questions, too). The bot suggested firejail, so I poked around using it and felt that it is a suitable straightforward tool.
I’m going to cover what happened and the technical details of a crypto job scam that I’ve avoided. Let’s hope that it can be both entertaining and informative.
It’s my second time encoutering this kind of scam. In the first time, I just ignored it as the sign is too obvious: a non-fitting job (frontend heavy job for a backend guy) where the recruiter is “impressed with my technical skills” and think that I’m “an exellent fit”. For this second time, I got fooled at first as it is too good, and after I realized it’s too good to be true and likely a scam, instead of stopping early, I just got… more patient and curious about what’s behind.
Thanks for sharing, really nice writeup!
In case you haven’t already, I would suggest contacting GitHub to report the repo.
A whois lookup also shows that the malicious domain was registered very recently at namecheap, so you could send them a report as well.
Noting how you followed up after determining that it was a scam might be a nice footnote after the conclusion.
I sent the information to GitHub, Namecheap, the related company that has its recruiter impersonated, and Telegram. I also updated my post accordingly. Personally I think it's a bit futile, but let's hope that it can disrupt the scammer right between his/her scam, heh
Thanks for the suggestion!! I'll follow it and let you know when there is an update
I am always surprised by how willing people are to do so much work to not have to do actual legitimate work. It seems much easier to just get a steady job.
Anyway, thanks for the nice write up. It’s my first time hearing of this scam and also firejail. Will definitely look into using that for my future needs.
Just wanted to say thanks for the writeup. It's always cool seeing someone take the time to write something original, and thereby educating other people. For instance, I have never heard of "firejail"... I am sure it will come in handy some time :-)
Hey thanks for the kind words!! I'm glad that you found my post useful!
To be honest I'm not an expert in cyber security, but figured that on interacting with unsafe code, I need some kind of protection. I asked Claude (I'm sure ChatGPT can help with these kind of questions, too). The bot suggested
firejail, so I poked around using it and felt that it is a suitable straightforward tool.