Beware of Recruitment Scammers Impersonating XB Software
Recently, we have received a bunch of inquiries from people asking if the job offers they received via WhatsApp are really from the representatives of our company, because they lost money to these people and couldn’t contact the Customer Care Support.
They said that some individuals offered to register on a website that has a similar name to ours. However, to clear things out right away, please note that XB Software doesn’t offer jobs in DMs via any social media or messengers without linking to our official site. In case you are not sure if the offer is legit, please check our LinkedIn profile and our website. Our official website is xbsoftware.com, and any individual asking to visit xb-software.cc or any other site with our name in it doesn’t work in our company and has nothing to do with us. All those platforms are fake and are made to infect you with malware and steal your money. To be sure that you are using our site, we recommend you to bookmark it (Ctrl+D) and come to us directly if you need our help in developing software solutions.
To understand what is happening, we dug deeper into this issue, and here’s what we found out thanks to everyone who shared the details with us. In our post, we will provide you with the details of the scam and advise you how to recognise these fraudulent activities and what you should do.
What Happened?
People from different countries, mostly from the EU, shared their screenshots and messages of talking with individuals claiming to be from XB Software and offering jobs. You can see one of the examples below:
The scammers contacted people from different phone numbers, so this is not the only number you should be aware of. Most of those that you shared with us had the UK area phone code, however, please note that they may call you from other countries as well.
According to Euronews Next, it is suspected that the breach from WhatsApp in May, 2023, can be the explanation how the scammers found out about your number to contact you. However, we can’t claim that this is true, because the issue is under investigation of the relevant bureaus, but we highly recommend not communicating with suspicious individuals, who contact you via any messenger out of nowhere.
Our security team is reporting the malicious site, but unfortunately, we can’t guarantee that these individuals won’t create new ones. According to Cybersecurity News, these scammers created over 6,000+ websites, impersonating over 1,000+ companies in 50 countries. It means that as soon as one site is taken down, another one pops up with a slightly different URL. As far as we found out, they often use the .cc domain, because it is cheap. However, we are repeating again — they may use other domains and channels, including fake websites, email, messaging, and social networks.
We also contacted other companies working in the IT services and software development that was the target of the scammers. The goal is the same — they use companies’ names and brand logos in order to scam innocent people. Please pay attention that these individuals may impersonate companies from the following industries:
- IT Services;
- Software Development;
- Mobile App Development;
- User Experience;
- Digital Marketing;
- Web Development;
- SEO;
- E-Commerce.
Who Are They and How to Spot the Scam?
Supposedly, this is the work of the WebWyrm scam, which is a significant cybersecurity threat that has affected over 100,000 users. They are impersonating loyal companies for a combo task scheme akin to the ‘Blue Whale Challenge’, which caused a massive global impact a few years ago. The Webwyrm scam often manifests through social media and messaging platforms, like WhatsApp and or Telegram. The scheme is usually the following:
- You get an unexpected job offer from entities posing as reputable companies;
- They request for personal information or financial details;
- These individuals lure you with the promise of easy money and ask you to deposit cryptocurrencies on platforms, like KUCOIN or SHAKEPAY, for supposed security or returns;
- They offer to deal with a series of tasks and complete them, but as you progress, you are trapped in a cycle that drains your bank account.
For example, here’s one of the screenshots that was shared with us that shows the scheme that the scammers posted on their website:
The point of these tasks is to take as much money from you as possible, because each step requires a larger amount of money. As a result, a user receives nothing in return. None of the users we’ve talked with could be able to at least talk with their Customer Care Support Team, not to mention the return of their money. Because of course, they don’t have one, it is not the point of their scheme. Therefore, please be aware of the following team of scammers and block immediately these individuals if they contact you.
What Can You Do?
If you encounter such offers, it’s crucial to verify the legitimacy of the company and job offer and be cautious of any request for upfront payments or sensitive personal information, especially if it’s coming from an unexpected or unsolicited source.
The scammers may fabricate documents and certificates to imitate the legitimacy of their activities, but all these documents are fake. Their goal is to confuse vulnerable individuals. Here, as an example, you can see how the scammers tried to create a legitimate certificate and make their site look presentable, however, there are many little things that may go unnoticed. Therefore, please always check if these documents and sites are real, look for the company’s name in Google or Bing to search for similar results before giving your money to anyone.
Always report suspicious activities to your local authorities to help prevent further scams. Report the following authorities below and look for the websites of your local authorities where you can share the details of the cybercrime happened to you:
- European Fraud Europol — https://www.europol.europa.eu/report-a-crime/report-cybercrime-online
- European Anti-Fraud Office (OLAF) — https://anti-fraud.ec.europa.eu/index_en
- Federal Bureau of Investigation — FBI (IC3) — https://www.fbi.gov/how-we-can-help-you/scams-and-safety
- National Cyber Security Centre (NCSC UK) — https://www.ncsc.gov.uk/collection/phishing-scams/report-scam-website
- Action Fraud UK — https://www.actionfraud.police.uk/reporting-fraud-and-cyber-crime
And remember, don’t communicate with suspicious individuals that ask for your money or personal information for any reason. Always check before acting.