The Gig Trap: Group-IB Exposes 1,500+ Fake Job Ads Draining MENA Wallets
Fraudulent job advertisements promising easy income and remote work continue to flood social media platforms, particularly across the Middle East and North Africa. Disguised as no-experience side gigs, these schemes are designed to harvest personal data and extract money from unsuspecting victims. According to analysis by Group-IB, the campaigns are orchestrated by coordinated groups masquerading as well-known brands and government institutions.
The scheme typically begins with advertisements placed on platforms such as Facebook*, Instagram*, TikTok, and Telegram. Professionally designed and adorned with familiar corporate logos, glowing testimonials, and bold claims, the ads promise earnings of up to $170 for simple tasks—liking posts, leaving reviews, or completing surveys.
These advertisements are carefully localized by country and even by dialect, employing local currencies and familiar terminology, which makes them particularly convincing. Once a user responds, they are redirected to messaging apps, where they engage with a so-called “recruiter” who claims to be verifying details for onboarding.
The victim is then directed to a counterfeit website styled as a legitimate employment portal. There, they are asked to register, upload documents, enter banking information, and even transfer funds—ostensibly to “activate” tasks. Control is subsequently handed over to another member of the group, usually via Telegram, who oversees the fictitious “work” and tracks further payments.
To establish trust, the scammers initially pay out small sums during the early stages. Soon after, however, victims are persuaded to deposit larger amounts in exchange for supposedly more lucrative tasks. Once the transferred sums grow substantial, payments abruptly stop, accounts vanish, and all contact is severed. Tracing the perpetrators at that point becomes virtually impossible.
Group-IB’s analysis shows that these schemes target a broad demographic, ranging from teenagers to the elderly. Their primary focus is the MENA region—including Egypt, the UAE, Saudi Arabia, Algeria, Iraq, Jordan, and beyond. The most commonly spoofed assets are the websites and logos of online marketplaces, banks, and government ministries. The groups operate with notable discipline: managing multiple accounts, reusing scripted conversations, and employing identical methods to shuttle victims between platforms.
In 2025 alone, Group-IB identified more than 1,500 such advertisements, though the true scale is likely far greater. Recurrent slogans such as “income from your phone,” “easy work from home,” and “fast money” appear in countless variations across different countries.
The fraudulent websites uncovered share a uniform structure: a login page, a fake task interface, and rapid redirection to messaging apps. The scammers’ accounts exhibit similar names, profile images, and communication styles, all pointing to a centralized infrastructure operating according to a well-rehearsed playbook.
These advertisements are not isolated acts of deception, but components of a large-scale system with a clear hierarchy and a deliberate focus on financially vulnerable individuals. By exploiting trust in established brands and the mechanics of social media platforms, the perpetrators construct a multi-stage interaction funnel in which every step is meticulously engineered for profit.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
