Fraudulent job ads promising easy money and remote work continue to flood social media, particularly in the Middle East and North Africa . Under the guise of part-time jobs that require no experience , scammers collect personal information and extort money.
According to Group-IB’s analysis, coordinated groups impersonating well-known brands and government agencies are behind this. The scheme begins with ads posted on platforms like Facebook, Instagram, TikTok, and Telegram. The ads are professionally designed, feature well-known company logos, positive reviews, and promise up to $170 for simple actions like “liking,” reviewing, and completing surveys.
The ads are localized by country and even dialect, using local currencies and familiar terminology, making them particularly persuasive. After responding, the user is directed to a messaging app where they can communicate with a ” recruiter ” who is supposed to verify their credentials.
The user is then directed to a fake website disguised as a job portal. There, they are asked to register , upload documents, enter banking information, and even deposit money, supposedly to activate tasks. Control is then transferred to another group member, this time on Telegram , who supervises the ” work ” and monitors further transfers.
To build trust, Group-IB analysts explain , scammers pay small sums of money in the initial stages of their scheme. However, they then convince victims to pay more for more profitable activities. Once the sum becomes large, payments stop, accounts disappear, and all contact is cut off. Identifying the scammers becomes virtually impossible.
Group-IB’s analysis shows that these schemes target a broad audience, from teenagers to the elderly. They primarily target countries in the MENA region: Egypt, the United Arab Emirates, Saudi Arabia, Algeria, Iraq, Jordan, and others. Most often, the websites and logos of marketplaces, banks, and government ministries are spoofed. The groups themselves operate in an organized manner: they manage multiple accounts, replicate messaging patterns, and use the same methods to transfer victims between platforms.
In 2025, Group-IB specialists identified over 1,500 such ads, although the actual reach is likely significantly higher . The slogans used— “earn money from your phone,” “easy work from home,” “easy money”—are repeated in different versions and across different countries.
The discovered websites share a common pattern: a login form, a fake “task” interface, and a quick link to messaging apps. The scammers’ accounts have similar names, photos, and communication styles. All of this points to a unified infrastructure operating according to a well-defined plan.
These ads are not isolated attempts at deception, but rather a large-scale scheme with a clear structure and targeted at the financially vulnerable.
By exploiting brand trust and the inherent characteristics of social media, scammers build a complex chain of interactions, where every stage is aimed at profit.
For private individuals:
For companies and platforms:
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
