Was I a target of social hacking?

alfchee

alfchee

Posted on January 16, 2021

Was I a target of social hacking?

Few days ago I got a notification in LinkedIn about an invitation of a china man who saids to be a "Full-Stack Web Developer", I accepted it just to see what he wants to talk about, and what I got after the first message of greeting was a proposal of a deal:

that he wants to rent my Upwork account by 15% of his incomes by using my account.

I told to myself, "Am I reading well?", and I ask him what did he means with "rent" and why he didn't create a own account; and he explained that because of restrictions to US companies he can't activate an account, also told me that he would need my account credentials and that I was going to be the one that's going to withdraw from Upwork, retaining the 15% to myself. I stop to think about this and few minutes after he sent me the link of my Upwork profile telling me that currently I'm not using it, and then

Actually, I will pay for you $300 monthly if you rent your account, and If I earn over 2k+, I will pay 20% of my income

😑 "This is too good to be true", was the first thing I thought, so I checked his LinkedIn profile which has more than 200 contacts in between CEOs of many companies and startups and high profiles of developers, also has description of a lot of skills, but no projects, no GitHub, no links to any China website that proves he was doing something... so I asked for that, something that can demonstrate me he's a true developer, and how we can reach trust in each other. Also I shared to him this community thread about stolen Upwork account for a china man with a similar business model.

😏 - the expected, he avoided the topic, talking about friends with good profits about this kind of relationship, the usual is to avoid things instead of tell a lie, because lies has tracks. Time was going and as he wasn't getting any replies from me then tried to explain that he can't change credentials in Upwork, and added this lines

Upwork detect account's location and IP address, so If I use your account on my side, it will be blocked.

😕 and makes me think of how he was going to use my Upwork account? Why he wasn't using a VPN? Why he cannot get direct contract with such amazing list of contacts I envy?... and I asked.

😨 and after a few messages I got what he wanted to do

Actually, I should work remotely on your computer with Anydesk or Teamviewer,
You will know about Teamviewer and anydesk, it's remote accessing tools

What I considered the worst idea, for me, my security and my future in my current job and any next one. I just thought, that's an open access to my PC, my projects, my private life, my WiFi and any device on it... because, I'm a developer and you know that most of time, as users too, we will open a breach of security and someone with the plenty of the day to find it with a FULL ACCESS of TeamViewer or AnyDesk, it will.

👎 yeah... I told him that is not a deal for me and that I'm open to real jobs like software development, so I would like to hear about projects in which to work... 😶 no more replies from him.

Conclusion

I'm telling this story because I don't know how many people is being approached in this way and the promise of receive $300/month by doing nothing (more than give access to your accounts, PC included) is reasonable, and if there are many who accepted and lost more than the Upwork account... or in in deed I lose a deal (punishable by Upwork if they get to know) 😋.

If you know something about it, please let a comment.

💖 💪 🙅 🚩
alfchee
alfchee

Posted on January 16, 2021

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Was I a target of social hacking?
security Was I a target of social hacking?

January 16, 2021