Unmasking Task Scams to Prevent Financial Fallout From Fraud

Task scams are false employment opportunities that promise compensation along with benefits (like time off, medical coverage, and maternity leave) in exchange for completing simple and repetitive tasks such as liking videos or submitting product reviews on a website designed to create the illusion of earning commissions with each submission. These fake jobs are usually advertised through social media or SMS text messages as easy remote work that pays well: an attractive lure for individuals looking to find a job, earn an extra buck, get a side gig, or supplement their salary from their day jobs.

We have seen that task scams are notoriously effective because they combine social engineering, psychological manipulation, and financial fraud. A lot of victims are willing to take the loss rather than admit that they were duped: they take on significant financial loss and try to chase these losses with the false promise of large rewards. In 2024, the Federal Trade Commission saw an increase in reported scams falling under the category of task and employment scams.

This report discusses the rise of task scams, their mechanics, and the sophisticated methods scammers use, such as creating professional-looking fake websites and initial small payouts to build trust. Our research explains the lifecycle of a task scam, including the gradual escalation of financial demands from victims that ultimately lead to significant financial and emotional damage, and how the lack of responsiveness to complaints with domain registrars plays a part in the proliferation of this criminal activity.

We also provide real-world examples, investigative findings, and strategies for identifying and avoiding such scams, emphasizing the importance of awareness and multi-faceted protection measures.

How a task scam works

Task scams typically begin with scammers reaching out through social media or text messages, claiming to represent reputable companies for jobs with vague descriptions. They usually claim that they received an application from the potential victim or offer a lucrative job opportunity. These fake employers require potential employees to be at least 25 years old, and have a social security number, which is never verified throughout the process.

In our investigation, we searched through Reddit, Trustpilot, and LinkedIn, and scoured court proceedings, and arbitration, and found that these scams target a variety of demographics and age groups. But the most common denominator among victims is their openness to the promise of earning easy money, online, from home. The job market also plays a part in making this type of scam riskier for more people: the hiring process is now a lot more complicated, and the allure of easy money for little work that can be done at home can be too tempting for a lot of people.

When potential victims are successfully convinced, they are given simple tasks, such as liking and subscribing to social media pages or providing product reviews, which are done in batches typically ranging from 30 to 40 tasks at a time. Many victims report receiving small payouts initially, which builds trust in the system.

At some point, scammers will offer what are called "double tasks" that promise higher earnings. However, scammers will demand a deposit to complete the next set of tasks; victims are told to add funds to their accounts to avoid losing what they've earned, believing they'll receive all deposited funds back, along with their commission, once they complete the task. Unfortunately, no matter how much is shown as earned, scammers will eventually find an excuse to withhold the full amount, requiring victims to deposit even more money to be able to withdraw the earnings. It eventually comes to a point where victims can no longer afford to meet the requirements and are forced to end their engagement and give up the money they have deposited and the amount they supposedly earned.

Hover or select the video to reveal controls to navigate and enlarge.

Real victims losing real money to fake job opportunities

In December 2024, a victim reported to the Better Business Bureau (BBB) that they lost US$75,000 to task scammers impersonating the real digital marketing company Cloverstone Digital. The person received an unsolicited message via LinkedIn.

Trustpilot also receives reports about scams: in November 2024, another victim reported losing US$800,000 to the site mac.suoosee.com, in an alleged scam. We talk more about how this malicious site is part of what appears to be a larger network of scams in the appendix linked at the end of this report.

Online forum Reddit has several dedicated subforums for victims. In the screenshots shown, the person lost US$6,000 before they successfully stopped engaging with the scam. They shared how they struggled with self-deception even after suspecting it was a scam, convincing themselves that their suspicions might be wrong.

It should also be noted that while most individuals might be equipped with the general knowledge to identify if an internet interaction is questionable, these types of scams are intentionally crafted to deceive, build trust, feel like a game, and be addictive — characteristics to engage potential victims and keep them hooked long enough for attackers to maximize profits from them.

During our research, we found that thousands to millions of dollars are coursed through the cryptocurrency wallets attached to these scams. The financial impact of these scams should not be understated, as well as the psychological impact on victims, both of which we discuss further in the third section of the appendix that is linked at the end of this report.

Meanwhile, in February 2025, another individual shared on Facebook a similar scam where an attacker impersonated a recruiter from the recruiting company Robert Half, offering a job at “Cloverstone Digital Group,” which had a page that was impersonating the real company Cloverstone Digital. In this case, the person knew it was a scam and mostly entertained themselves chatting with the scammers but did not lose or participate in completing any task. A Redditor in the subforum “r/scams” warned others that the “Cloverstone Digital Group” might be a fake site and a scam in April 2025.

Scammers often use the names of legitimate companies like Cloverstone and Robert Half to create the illusion of legitimacy and make it easier to trick potential victims. These legitimate companies, however, are not involved in any way with the scams and are also victims, since these impersonations harm their reputations.

Hover or select the video to reveal controls to navigate and enlarge.

Investigating task scams as undercover potential victims

For this research, we replied and posed as a potential victim to several task scams to understand fully how they work. First, we established contact after scammers sent unsolicited SMS text messages offering remote work.

In the initial messages we received from scammers, we observed that the phone number +136595***** is also linked to a Telegram account with the name “出私人微信【寻找长期伙,” which translates to “Send private WeChat Looking for a long-term partner,” with a profile photo of a woman seemingly of Asian descent.

Meanwhile, we found that the phone number +120229***** is associated with a WhatsApp account that had the name listed as Daisy Thompson. We found at least one other name associated with this phone number.

We believe that the first stage of the scam is done through SMS likely so attackers can leverage bulk SMS services. After expressing interest in the initial offer via SMS, victims receive a detailed explanation of what the job entails sent via WhatsApp, and all communication takes place through this chat platform. In this case, our point of contact, “Betty,” claimed to work for a nursing staffing company that we found to be a legitimate company located in Pennsylvania.

We noted that there are inconsistencies in the details of the job offer, including the discussion of salary expectations that are usually high and too good to be true. In the first text message, the job offer mentioned taking 30 to 90 minutes a day to earn US$100 to $800 with bonuses offered for certain tasks and milestones. However, in the WhatsApp conversation, the offer gave a bigger salary range, but only for a single hour of work. This could either be due to a lack of coordination between the two scammers working at different levels of the scam or could be meant to excite potential victims with more money for less effort.

Moving forward with the company impersonating as “Cloverstone,” our new handler, “Betty,” gave us more information. We recreated the messages we exchanged with Betty in the videos in this report. Hover or select the video to reveal controls to navigate and enlarge.

“Betty” provided proof the company was registered as a business in Georgia to further convince us of the offer’s legitimacy. In Georgia, a "Certificate of Organization" is a form to establish a Limited Liability Company (LLC). These can be downloaded for free, but we believe that the image was from a previous data breach: in 2022, citizens in Georgia were targeted with phishing scams related to corporate registrations. Individuals posing as the Secretary of State’s office sent emails to business owners with attachments likely containing malware or other malicious software.

“Betty” then discussed the salary again, but this time with another set of figures. According to the latest information “Betty” offered, victims can now earn US$800 for five consecutive days of work, US$1,500 for 15 consecutive days of work, and US$3,800 USD for 30 consecutive days of work along with a commission on top. These salary rates are par to the scam’s gamification to encourage continued engagement: victims must work in a streak, or else their progress and earnings resets if a day is missed.

“Betty” also explains why a deposit of funds is needed for cash flow. The additional commission is based on three tiers and requires an initial US$100 investment that victims should be willing to provide for “cash flow.” This becomes a “commission fund” that determines the commission amount that victims can earn later: the more money deposited to the fund for cash flow, the higher commissions can be made. The initial demanded value of US$100 eventually increases, as the scam plays out over several days or even weeks. Victims in these types of scams have reported having to pay hundreds to thousands of dollars out of pocket to start working each day for the promise of a higher commission later.

The victim is asked to create an account and complete a training session on the fake Cloverstone site at cloverstone-ek[.]com, a domain that has only been registered for a year in July 2024. Cybercriminals often register domains for one year in bulk since they are blocked quickly; these domains are used for phishing, spam, malware distribution, as well as botnet operations. It should be said plainly that legitimate companies would wish to secure their brand’s online presence for a longer term.

We discuss more about the task scam website and the role that domain registrar’s play in the proliferation of these fraudulent websites in the first section of the appendix linked at the end of the report.

Upon checking the link that “Betty” sent, it is obvious that scammers paid careful attention to make their fake site look as legitimate as possible: making use of the same logo, brand colors, and the same copyright footer from the legitimate company’s site.

A Google search revealed that the real Cloverstone website is located at cloverstonedigital.com. Many of these scams depend on cybersquatting, the practice of registering, selling, or using domain names with similar URLs to the real page.

Once set up, the handler started with a training account to explain the tasks that consist of clicking two buttons labelled “Start task” and “Submit,” with pictures of what appears to be product reviews.

After completing a few tasks, victims are informed that they can no longer finish the initially promised 40 tasks due to having what is called a “negative balance.” “Betty” explained that this can happen when victims are assigned a “bonus task,” and victims can remedy this by adding money to their account to clear the balance. To further coax victims into depositing money, they are promised a bonus submission that will earn five times their initial commission upon completion. The handler then explained how to top up the balance to make up for the negative “pending amount” and asks victims to contact customer support for instructions on how to request a deposit account using a unique ID that we believe could be tied to the handler. The handler, “Betty,” specified that the victim should not work directly with the customer service and instead send cryptocurrency details that customer service provided to her.

“Betty” then took a few minutes to add the funds we sent through the registration portal to the cryptocurency address provided. We believe this is so that the victim is not confused by having to handle cryptocurrency, and for “Betty” to have full control of the victim’s interaction with the other actors involved in the scam. The latter suggests multiple tiers of scammers.

When the fund transfer is out of the way, the victim can finish the remaining task. Once the victim completes all 40 of the daily tasks, the handler “Betty” said the victim can withdraw all funds via PayPal or CashApp. “Betty” asked us to provide a screenshot of how much we've made, which we found odd, but “Betty” explained this is because they did not have access to the application. We believe they are reading from a script and do not have computer access, furthering the theory of there being multiple compartmentalized parts of the scam operation.

According to “Betty,” we made a total of US$70.85 for the past hour’s work. To transfer the earnings to PayPal or Cash App, the victim must contact customer service to link our task account with our PayPal or Cash App details.

To start our next set of tasks, victims must add US$100 to the account the next day, which is explained as security for starting at a higher “VIP” level that promises bigger commission and payouts; this is where the task scam is gamified.

At this point, we (as the victim) contacted Betty and told her we do not wish to continue the job. Betty then sent multiple emails and messages a week later, asking us to go back to work. The handler even left a voicemail during holidays. Eventually, the text messages stopped.

Our investigation of how the scam works led us to believe that these scams are run like a legitimate organization with teams composed of workers with roles that have specific responsibilities, much like departments in a legitimate company. The scammers create professional-looking websites, social media profiles, and communication channels to gain the trust of their victims. These sites often mimic the appearance of legitimate businesses, including logos, brand colors, and user interfaces.

Just like legitimate businesses, these scams use marketing techniques to reach potential victims. They send out bulk SMS messages, emails, and use social media platforms to advertise fake job offers or investment opportunities. The use of bulk messaging also means that these operations are designed to scale, targeting thousands or millions of victims simultaneously. In the second section of the appendix linked at the end of this report, we provide more information on how task scams are enabled through legitimate messaging platforms, and how threat actors offer services in the underground and social media, which lowers the barrier of entry for this type of cybercrime.

When potential victims take the bait sent via bulk SMS messaging, task scammers maintain continuous contact to build relationships and trust over time. This can include personalized communication, follow-ups, and even addressing concerns, like how businesses manage customer and employee relationships.

While our investigation didn’t reveal the complete scale of the organization we were able to infer some of the roles that scams like this need: These scams are operated by a team of recruiters, trainers, team leads who managed the transfer of funds, technical support, and people familiar with building and maintaining websites and the associated infrastructure required to provide a platform for the scam operation. Scammers also manage their finances meticulously, using cryptocurrency and other methods to manage money and keep their operations running.

The cryptocurrency wallets we analyzed in this investigation showed transactions worth millions of dollars, demonstrating the enormous scale and profitability of these operations. A single scammer's wallet network revealed connections to multiple victims and higher-level operators, suggesting a pyramid-like structure to these criminal organizations. More information on this is available in the third section of the appendix linked at the end of the report.

During our investigation, the lack of communication between roles or the siloing of information stood out as unusual: when considering whether or not you are engaging with legitimate business practices, this should act as an indicator to potential victims that the job offer is not what it seems.

How to avoid task scams

To protect yourself from task scams and similar cyberthreats, it's crucial to be vigilant and aware of the warning signs. Here are some tips on how to identify and avoid potential job scams:

 1. Do not respond to unsolicited job offers received via text messages or messaging apps. If you are contacted by an unfamiliar number, it is best to verify the person’s identity before engaging with them. If they claim they received an application from you, double check if the company they claim to be is one you have actually interacted with.

 2. Verify the legitimacy of the employer through official channels. This can be done by contacting their human resources department on LinkedIn or calling the company directly. You can also verify the company’s legitimacy by checking the company's registration usually under a business entity search per city or state because scammers are impersonating or are masquerading as a legitimate company. Searching for the company's official website might reveal that the scammers are impersonating a brand.

 3. Be wary of job offers that don't involve an interview or those that request payment upfront. Remember that legitimate employers do not ask employees to pay for the opportunity to work and will not ask for payment for applications, training, or equipment. Instead, they cover these costs themselves. Legitimate employers will typically conduct an interview before making a job offer. In the US, they may ask you to fill out a Form I-9 used to verify the identity and employment authorization of new hires. Similarly, be cautious of jobs that offer payment in cryptocurrency instead of a traditional paycheck.

 4. Be skeptical of job offers that promise unusually high compensation for tasks like liking social media posts or reviewing products online. Remember, if an offer seems too good to be true, it probably is. In some cases, for the first few days, compensation is provided. The fraudsters do this to gain your trust and ultimately convince you further down the line that you will get your money back.

 5. Be constantly vigilant. Consult trusted friends and family members for an objective perspective on any job offers you receive. If you suspect suspicious activity, report it to the job board, social media platform, or authorities. Stick to reputable job search websites to reduce the risk of encountering scams.

 6. Be cautious when sharing personal information until you are certain the job offer is legitimate. Verify the contact details provided in the job offer using professional email addresses and phone numbers. Your safety and security should always be a priority.

If you suspect a task scam, we advise reporting it to the relevant authorities of your country or region. In the US, task scams and similar fraudulent activity can be reported to the FTC. Reporting suspicious activity can alert authorities and help increase awareness, preventing others from being targeted and victimized by these types of scams.

Trend solutions

Taking the actions listed above will help to reduce your risk of being scammed. However, technical assistance, in combination with knowledge and awareness, can help protect against the skill, scale, and constant evolution of scam campaigns.

Trend Micro ScamCheck provides various features to help protect against scams, including real-time scam detection for calls, texts, and websites, and the ability to check suspicious content on demand. ScamCheck analyzes content in a variety of forms, including image/screenshot, text or email message, URL link, or phone number, to determine the likelihood that it is a scam. You can upload an image, copy and paste content, or take a screenshot and share it with the tool. It also provides immediate answers to questions such as “Is this text message real?” “Is this phone number legitimate?” “Is this Facebook ad true?” “Is this website a fake?”

ScamCheck also features our ScamRadar technology, which utilizes an AI model to analyze all these communications channels and detect the subtle chain of scam tactics that individual detection methods can miss.

Scan the QR code to install Trend Micro ScamCheck. Hover or select the video to reveal controls to navigate and enlarge.

Conclusion

Our research has uncovered a complex and highly effective type of scam that combines social engineering, psychological manipulation, and financial fraud. This sophisticated scheme has evolved significantly in recent years, posing a substantial threat to individuals and organizations alike. Tasks scams are characterized by:

• Professional-looking impersonation websites hosted on domains registered through permissive registrars.
• Sophisticated payment systems typically using cryptocurrency to obscure money trails.
• Multitiered criminal organizations with specialized and often siloed roles.
• Connections to larger criminal syndicates and possible ties to human trafficking operations.

Beyond the financial losses, which can range from hundreds to hundreds of thousands of dollars per victim, these scams also exact a tremendous psychological toll. Victims report experiencing addictive behavior as they continue investing in the hopes of recovering their losses. These scams are gamified to feature game-like characteristics like levels, achievements, and rewards, specifically to exploit human psychology in insidious ways.

Even more disturbing are the connections to human trafficking operations in other similar scam operations, where some "scammers" are themselves victims, forced to work in scam compounds under threat of violence. This adds another layer of complexity to addressing the problem. While this has not yet been confirmed in the case of task scams, it is a growing trend in scam spaces that we are monitoring.

Our investigation highlighted how certain business practices in the domain registration industry facilitate these scams (see appendices). We studied one such provider that, while not directly involved in criminal activity, appears to have business practices that make it attractive to scammers. Their high representation in phishing domain reports, numerous intellectual property disputes, and poor response to abuse complaints suggest insufficient due diligence in their operations that makes them ideal for threat actors. The ease with which criminals can register domains that impersonate legitimate businesses, combined with virtual mailboxes and registered agent services, creates an infrastructure that enables fraud at scale.

Task scams will likely continue to evolve, incorporating new technologies like AI to create more convincing impersonations and automate victim engagement that will enable attackers to scale operations exponentially. The high profitability and relatively low risk ensure these scams will remain attractive to criminal organizations.

The work to lower the risk of task scams requires a multi-faceted approach:

• Individuals should be aware of what task scams and how to identify them so as not to engage with them.
• Domain registrars and hosting providers should improve their due diligence.
• Law enforcement agencies and policymakers should coordinate better with experts, technology providers, and enterprises to address the first two items.
• Technical solutions to detect and block scam communications should be made more widely available.

As digital communication continues to expand globally, the potential victim pool for these scams grows. Only through coordinated efforts between individuals, businesses, technology providers, and law enforcement can we hope to reduce the impact of these increasingly sophisticated criminal operations.

View appendix of "Unmasking Task Scams to Prevent Financial Fallout From Fraud"By understanding how these scams operate and the warning signs to watch for, individuals can better protect themselves from what has become one of the fastest-growing types of fraud in the digital landscape.

More information on this research is available in the appendix.

View appendix of "Unmasking Task Scams to Prevent Financial Fallout From Fraud"