How we did “not” get rich from a scam


Imagine getting a call from an unknown number. An automated voice in Slovak prompts you to add a contact on WhatsApp with the promise of a job. For many of us, this is a clear sign of fraud, but for us, it was a challenge. We decided to put ourselves in the victim's shoes and, with the approach of ethical hackers, explore how this scheme works from the inside.

If you've recently received an unexpected call from a number starting with +420 or +43, you're not alone. It all started with a recent leak of phone numbers and other data from one of the telecommunications giants, which saw up to 850,000 customer account records compromised. This blog post is the story of our "mission" that revealed how scammers in Slovakia and Europe use psychology, social engineering, and technology to defraud people.

Step 1: Entering the Lion's Den

With a dose of curiosity and all security measures in place, we added the suspicious number on WhatsApp. We weren't after any money, but purely research and confirmation that it was a scam. We created a completely new, temporary identity, with a new email address, bank account, and Telegram profile that the scammers couldn't link to our real identity.

The first task came immediately: like a TikTok video and send a screenshot. The promised reward? 5 euros. That sounds simple, so with the newly created account, we went for it and liked the videos. After completing the task, we were redirected to Telegram, where a "receptionist" contacted us, asked for an IBAN and our identity (a made-up one), and actually sent us the money.

It was a moment designed to instill a sense of trust and legitimacy. This psychological trick is key. Scammers give you a small amount to make you feel that the system really works, lowering your guard. As a result, the victim is willing to risk more.

Revolut payment 5 Eur

Step 2: Journey into the Work Group

After the first payment, we were excited and added to a huge "work group" on Telegram, which had over 3500 members. This group serves as social proof, designed to give the impression that it is a legitimate and large community that earns money. Tasks were regularly added – liking, subscribing, sharing. For each task, we earned 1 euro. Everything was suspiciously simple. And since we were promised up to 180 euros a day, we decided to continue.

Telegram work group

However, we soon ran into what we expected: premium, paid tasks. Our "earnings" in the system slowly climbed to 9 euros for likes and follows, so we decided to invest 10 euros in the first premium task. So, from our own resources, we had only invested one euro as an initial investment into the enormous wealth that was to follow.

Table of rewards for missions
Schedule of tasks and times

Step 3: The Cryptocurrency Trap

Our "receptionist" redirected us to a more experienced "trader" who would guide us through the investment process. So for the paid tasks, we were redirected to another Telegram account and to a fraudulent website that pretended to be a cryptocurrency trading platform: https://www.hdbtcjle.com//#/Reg?code=227, whoever wants to, feel free to register and legitimately get rich quickly :D. On this page, we deposited our 10 euros. Or rather, our 10 euros were already there, which the trader had transferred for us. The scammers, who called themselves "traders," guided us on how to "invest" and introduced us to the issue of investing in cryptocurrencies, and within ten minutes, we saw our fictitious deposit turn into 16 euros.

This experience, even if it was only in a fictitious environment, is huge for a real victim. Confirmation that the system works and generates profit suppresses rational thinking and evokes a feeling of greed. At this stage, most people would already believe and be willing to risk more.

Registration on crypto platform
Crypto trading platform

Step 4: Testing the "Bastards" and Exposing the Catch

Our main goal was to uncover the moment when we start losing more money than the 1 euro we had invested so far. That came with the next task. When we asked the trader to pay out our profit, a problem arose. And the trader warned us that he needed a password to unlock our money, and we would only get it after another investment. The required investment was already 50 euros, which would bring us a 15 euro commission.

  • Option 1: (180s) Payment amount: 【50】 Commission 【15】 (Commission 30%)
  • Option 2: (120s) Payment amount: 【60】 Commission 【21】 (Commission 35%)
  • Option 3: (60s) Payment amount: 【70】 Commission 【28】 (Commission 40%)

What followed was just a game. Instead of a real payment, we sent a fake screenshot of the payment. The scammer's reaction confirmed that we were doing the right thing. Instead of the usual phrases and politeness in business, he called us "You bastard". His behavior completely changed at this moment. At this point, we realized that it was probably a scam, such behavior towards a client is a red flag (no, of course, I'm kidding, we still had no idea it was a scam :D). This is the moment when the illusion ends and crude manipulation and threats begin. That was also the same moment that surprised us. Until now, we thought we were communicating with some BOT, but he probably wouldn't call us a "bastard." Even after trying to evaluate some agent model that could answer us, we found nothing, so there is probably a human on the other side, or some hybrid model where some messages are answered by a BOT and some by a human.

Fake payment 50 Eur

Throughout the entire process, we tried to gain as much technical information as possible about the scammers' infrastructure. We found that the domain on which we "invested" was registered recently, which is one of the main signs of fraudulent websites. We also found that payments were made through the Revolut platform. We sent the scammers the link for Canary Token, which was supposed to reveal more information about the scammers' infrastructure such as IP addresses, locations, and other information. Canary Token is mostly used as a system to alert defenders when an attacker performs some action on the system, in this case we used it to identify a scammer. Unfortunately, only the TelegramBOT server responded to us. Even our quick OSINT did not yield further fruit, only a few user accounts on various platforms.

Scammer's reaction

Our observations confirm that this is a classic "Task scam." Task scam (or task fraud) is a type of online fraud where scammers lure victims with the promise of easy and quick part-time earnings. These "jobs" involve performing simple tasks such as liking videos, writing fake reviews, or rating companies. The fraud unfolds such that after initial small tasks, the scammer requires the victim to pay a fee or "deposit" (often in cryptocurrency) with the false promise of unlocking access to better-paying tasks or being able to withdraw their "earned" money. After payment, the victim is either forced to pay more and more fees, or the scammer simply disappears with all the money. It's exactly according to the template of what happened in this case.

Finally, we decided to report the findings to Amazon as "aws resource abuse" and also the identified fraudulent account on the Revolut platform, and last but not least, to write this article, so that even if we didn't get rich, others wouldn't lose money.

Key Warning Signs to Protect You

Our experiment showed that this type of scam is not that difficult to detect. You just need to know what to look for. Here's our checklist:

  • Unsolicited Contact: Never respond to unexpected job offers via WhatsApp or Telegram. No legitimate employer offers a job without an interview and through an AI assistant.
  • You Must Pay to Get Paid: This is the golden rule. If they ask you for any fee—whether for “training,” “premium tasks,” or “withdrawal fees”—it's a scam.
  • Offer is Too Good to Be True: Promises of high earnings for liking videos or simple clicks are unrealistic. If it sounds too good, it's probably a scam in 99% of cases.
  • Pressure for Quick Decisions: Scammers create a sense of urgency so you don't have time to think. Legitimate companies will give you time to verify the offer and respond to it.

What to Do if You Become a Victim

If, unfortunately, you have become a victim, do not despair or be ashamed. You are a victim of "professional" manipulators. It is important to act immediately:

  • Cut Off Contact: Immediately block and ignore all communication with the scammers.
  • Contact the Bank: Immediately inform your bank about suspicious transactions and block all cards you handed over to the scammers. Remember that money transferred to cryptocurrencies is almost impossible to get back. In this case, it was only the IBAN, which is not exploitable by the attacker on its own.
  • Share Your Story: Talk about what happened to you with friends and family. You will not only help yourself but also raise community awareness and protect others from similar attacks.

Our experiences and findings show that the most effective defense against these scams is public awareness. Educating the public about these schemes and their psychological tricks is crucial. Remember: if someone promises you easy money, the only person who truly profits is the scammer.

Don't wait for attackers – reveal your weakest spot with a penetration test now!

Book Now