A Digital Nomad's Guide to Remote Job Scams 1.0

What the scammer is actually after

There are dozens of scam playbooks, and you can't memorize them all. But a scammer only wants three things:

1. Your device and wallet
2. Your money
3. Your identity

When an interviewer feels off, or you can't figure out the angle, ask yourself one thing: what do they want to take from me? The answer usually shows up.

Your device and walletmost common

This is the most-reported category in the community. They all share one move: at some step, they want you to install something or run something on your own computer.

• Getting you to download a meeting app you've never heard of. The usual video-interview tools are Zoom, Google Meet, and Lark. A scammer sends some unfamiliar app, and what installs is wallet-stealing malware or a backdoor. Mac and Windows can both get hit.
• Saying "I can't hear you," then having you install a plugin or change a background setting. This step is where the real damage happens. The plugin is the malware, and "changing a background setting" means handing it access to your device.
• Hiding malware in a take-home test. For dev roles, they have you clone a repo and run it locally. Something's buried in the code, and the moment you run it you're hit. It goes straight for wallet extensions, saved browser passwords, and SSH keys.
• No download, just "paste this command." A newer move. They use a fake verification page, or say "your audio's glitching, follow these steps," to get you to paste and run a command. With no obvious download, it's harder to notice.
• Asking to share your screen "to help you." They watch you type your passwords and verification codes.
• Getting you to connect your wallet "to check your blockchain experience." Once you connect a real wallet and sign, your assets can be gone instantly.

This kind of malware is fast. From the moment you run it to your assets being moved out is often seconds to minutes.

Your money, directly

Old tricks. They exist offline too, and they work just as well remotely.

• A "pre-job test" that's really task fraud. They have you do "test tasks": front some money, complete orders, "donate" to a project. The first few pay you back to hook you, you put in more and more, and once it's a large amount you can't withdraw. Then they say you "made a mistake" and ask you to pay more.
• Paid referrals and guaranteed offers. Someone takes your money and promises to get you into a big company or project. You can write this off. Legitimate hiring doesn't charge job seekers. The only thing you'd reasonably pay for in a job hunt is something like coaching or a resume rewrite. Nobody can sell you a real offer.
• Training loans and onboarding loans. Under the banner of "train first, start later," they push you to take out a loan to pay fees.

Your identity

• Asking for your ID, passport, bank card, or a selfie holding your ID before you're even hired. These get used to build fake identities, to open accounts, take out loans, commit fraud, or turn your account into a money-laundering channel.
• Legitimate companies do run background checks, but only after you've signed a contract and officially started, not during the interview.

One more to watch for: not getting paid after you start

Not every risk comes from a fake company. Sometimes the company is real and you actually start, but it uses "remote is hard to verify" and "cross-border is hard to chase" as excuses to dock or withhold pay, most often the final month. Remote plus cross-border makes that money very hard to recover, which is exactly why they dare to do it. Check the company's reputation before you join, and ask around in the community. It'll help you avoid some of the bad ones.

What almost every scam looks like

These signals don't mean much on their own. When several show up together, it's worth being careful.

• Too good to be true. The most common one: a low bar but an absurdly high salary, an interview that's far too easy (constant praise, no real questions). Put together, that's very suspicious. You don't need to understand the tech. Most people have that "this is too good to be real" instinct, and your gut is usually right.
• Only willing to talk in private chat. They reach out first, share no company info, and stay entirely on Telegram or similar. No calls, no camera, and never a mainstream meeting app.
• Rushing you. They're eager to set the next round but send the link only at the last second. A normal interview sends the link once the time is set; sending it right at the hour is about not giving you time to check, so you scramble.
• Offering you money before you've even started. Some scammers float a salary advance, a signing fee, or an onboarding bonus to seem sincere. Mostly it's to get you invested and afraid to miss out, so you stop asking questions. Once that money is on your mind, the things you should be verifying slip by.
• Communication that feels off. Their messages read like machine translation, with odd greetings, word order, and phrasing, and they claim to be from one country but the accent doesn't match. Often it's an overseas group using translation software to pose as a local recruiter.

That said, clumsy language by itself doesn't make someone a scammer. Plenty of legitimate overseas teams and foreign recruiters use translation tools with candidates; weak English or weak Chinese doesn't mean fraud. You get a better read by looking at several signals together.

Trying to memorize names doesn't help much either. Scammers swap aliases constantly. Today's account or app name is gone tomorrow, and you'll never keep up with a blocklist. Knowing the underlying patterns gets you a lot further.

How to protect yourself

Remotely, you often can't confirm whether the other side is real. So "seeing through the scam" isn't something to lean on. Flip it around: real or fake, there are a few things you can check yourself, and a few lines you can hold.

Roughly three things you can check.

• Use trusted channels. The safer move is to only trust an entry point you found yourself. To confirm a company is hiring, go to a trusted job platform or the company's own site and find the careers page, rather than clicking links, domains, or QR codes they send you. Same for meetings: even if they send a link, download the official app from the meeting tool's own site and join with the meeting ID yourself.
• Check the recruiter's background. See whether this recruiter is a real, specific person online, on LinkedIn or some other verifiable identity. Take a quick look at the materials they send too, like whether the update date makes sense, the way that GitBook hadn't been touched in a year. One more trick: ask something casual that needs cultural context. Machine translation and non-native speakers trip over it, and some scammers just hang up the interview when asked.
• Watch what they ask you to do. This one's the most useful, because it has nothing to do with whether the company is real. Before a real onboarding, a legitimate company won't have you install unknown software, run commands, pay, hand over a wallet or private keys, do a "test" involving transfers, or keep everything secret from everyone. The moment one of these comes up, no matter how real they seem, stop.

A few hard-to-judge situations

• Early-stage project, naturally little info. For some early projects, having little info is normal and doesn't make them a scam. A real early project leaves thin but genuine traces: a founder with a public identity that predates the project, findable funding, contracts, or a code repo. Scams tend to be the opposite, a polished website with mostly fresh accounts behind it and no real person who has a past.
• Says it's in a stealth period, won't give a company name. Stealth is real, and signing an NDA is normal. What's kept quiet is the project itself, the product, the token, plans not yet announced. But the person talking to you usually has no reason to hide who they are. Real confidentiality is about keeping you from leaking project info. This kind of "confidentiality" is the reverse: what it's afraid of is you verifying them.
• Claims to be a recruiter at a big company, with a full profile. The company is real; the question is whether this person actually works there. Check the email domain first: is it the company's official domain, or a gmail, a look-alike, or a domain with an added suffix. Stick to official email, the applicant-tracking system, and a verified LinkedIn.

If you've already been hit

Do these as fast as you can, roughly in order.

1. Disconnect from the internet, then power off. While the malware is still running, anything you do on that machine, it can see.
2. Switch to a clean device. Move whatever's still in your wallet to a new address, highest-value first. Treat the old wallet as compromised and stop using it.
3. On the clean device, change the passwords on your important accounts and turn on two-factor everywhere.
4. Save the evidence: chat logs, transaction records, the other party's account and links. Screenshot it, and you can post it to the community's exposure board to warn people who haven't been hit yet.
5. Report it. Cross-border crypto fraud has a low recovery rate, so be prepared for that, but it's still worth reporting, to open a case and to leave a record.

Everything has two sides. Remote work gives people more freedom, but it also breeds more scams and traps. Job hunting is hard enough, and scammers tend to prey on that anxiety, which can hit harder than a failed interview. Stay alert, and may you land the job you're after.