Task Scams Are Exploding and They Are Impersonating Your Brand

Your brand is making job offers you don’t know about and paying fake employees in cryptocurrency.

Task scams, sometimes called “gamified” job scams, ask victims to perform simple tasks online, such as liking a video, or rating a product, in exchange for commissions, then trap them into escalating crypto deposits to “unlock” accumulated earnings.

Job scam losses do not move slowly. In Q4 2025 alone, the FTC recorded $150.4 million in losses from job opportunity scams, across 25,002 reports in a single quarter. Task scams are driving much of that growth: reports quadrupled from roughly 5,000 in 2023 to 20,000 in just the first half of 2024, and overall job scam losses hit over $501 million across 2024. The trend has not flattened.

What is a task scam?

A task scam is a type of fraudulent job offer that pays victims small commissions for completing simple online tasks, such as liking videos or rating products, then traps them into depositing their own cryptocurrency to “unlock” earnings that never materialise. Task scams are also called gamified job scams, and are increasingly used as a vehicle for social media impersonation, brand fraud, and identity theft at scale.

How task scam brand impersonation puts your company at risk

One reason: your brand is bait.

Task scams do not succeed by getting victims to trust strangers, but by using the name, branding and history of legitimate companies that everyone already knows and trusts.

Scammers pose as recruiters from your company through social media impersonation (fake LinkedIn profiles, copycat Facebook pages, misleading WhatsApp numbers or email addresses), or by cloning websites and web applications to bait vulnerable job seekers and conduct financial fraud and identity theft.

When victims lose money, they call your HR or customer service lines, complain on your social media accounts, and walk away associating your name with the experience. The Telesign 2024 Trust Index found that 64% of global consumers report their perception of a brand suffers after a fraud encounter, even if the brand was being impersonated by fraudsters.

Anatomy of a task scam: how gamified job fraud works

The task scam pattern is consistent across jurisdictions and platforms, with variations in language and imagery to adapt to different regions and the trusted brands they are impersonating.

The victim is contacted through a WhatsApp or text message, or through social media (primarily LinkedIn or Facebook) from a “recruiter” offering unsolicited job offers to job seekers, who are flattered at having been noticed by a big legitimate company.

They are then added to Telegram or WhatsApp groups (due to untraceability of these channels) with a supervisor who acts as their point of contact at the company. From here they are pushed to a bespoke task platform, a web application with a dashboard, task queue, running commission balance etc. All these contact points will display your logo and branding.

Initially the victim is assigned a set of tasks which result in real early payouts, reflected in the user’s commission balance.

The trap closes: After a certain amount earned by the victim, either they are asked to pay for a premium subscription in order to be given more and higher-paying tasks, or a “negative balance event” occurs, wiping their earned balance. To recover their balance or to unlock the larger commission waiting in the next tier, the victim is told to deposit their own cryptocurrency, most often in USDT.

The demands then escalate, demanding more money for better jobs or in order to withdraw the earned commission. But the funds never return.

Why gamified job scams are so effective

Task scams do not succeed because victims are careless. They systematically exploit known weaknesses in a vulnerable demographic. The social engineering behind these scams targets three well-documented cognitive patterns:

Sunk cost fallacy: by the time the deposit is requested, the victim has invested hours and believes they have earnings to protect.

Loss aversion: the fear of losing the accumulated balance feels larger than the pain of the new deposit.

Reciprocity: when the “handler” covers the initial shortfall, or even the fact that the handler gave them a job opportunity, makes the victim feel obligated to return the favor back when required.

The target demographic reflects this. Task scams skew towards either students or people with inflexible schedules that incentivize them to believe in low-friction remote income.

Further, with the use of AI, traditional markers of a scam, such as bad grammar, typos and clunky logos, are no longer reliable red flags, as scammers now achieve high levels of refinement in their delivery. With the help of artificial intelligence, scammers are also able to reinforce their impersonation of your brand by creating fake business registration documents, and even directing the victims to domains that mirror your legitimate website.

Additionally, the scam infrastructure is designed to defeat takedowns. The web applications on which the scams are hosted are linked to newly created domain names with little to no history, attached to open shared IP blocks impossible to trace to a singular person. The domains are live for hours to a few days, with group chats on WhatsApp or Telegram used to push the daily URL. Often the domain itself is not enough to access the scam portal. Users are given new URLs daily with new access codes that allows fraudsters to both protect themselves and track the activities of each individual victim.

CybelAngel investigations have also identified increasing use of wildcard-DNS subdomain setups, where the top domain remains empty to bypass cybersecurity teams and law enforcement, while an unlimited pool of subdomains resolve to the same impersonating portal.

How task scammers profit: crypto, PII, and click farms

The cash-out for task scammers and fraudsters who implement such employment scams can be multifold:

Victims’ cryptocurrency deposits are the primary cash-out method. When provided in USDT, this translates to hundreds, if not thousands, of US dollars per victim.

The false hiring and onboarding process often includes harvesting real PII and identity documents which can be sold in criminal markets, leading to identity theft.

Money mules also tend to be a meaningful share, routing proceedings from other scams into the victim’s bank account while leaving the victim’s name on the paper trail.

The “tasks” themselves, liking videos on social media platforms, rating products and so on, produce engagement that resells to click-farm or bot-farm clients, so the scammer gets the money from the victim, as well as the revenue from the victim’s output.

Credentials to the fake work platforms are often reused passwords and personal email addresses. Scammers frequently install infostealer malware on victims’ devices to extract credentials and sell them on dark web forums.

Industries most targeted by gamified job scams in 2025

Task scams are not sector-agnostic. They concentrate on industries where layoff pressure has produced dense pools of active candidates and where compromised credentials have downstream value.

The finance sector leads with roughly 35% of observed job scams targeting them, followed by the IT sector at 30% and healthcare at 15%. Retail, education and customer services come close behind. These rankings map directly onto 2025’s layoff topography.

In August 2025, pharmaceutical and finance industries drove job cuts. In finance and IT, the competitive squeeze makes candidates more likely to entertain offers from unfamiliar employers. In the healthcare sector, the persistent professional shortages mean unsolicited offers feel plausible, and scammers extend their scheme by offering to help with visas and training for overseas employment.

The common thread is that scammers target industries where people are already under pressure, and where impersonating a trusted brand in the sector is the easiest social engineering technique.

Task scam networks: global scale, local targeting

The task scam infrastructure operates overwhelmingly from Southeast Asia. Numerous “fraud factories” were found in former casinos and hotels of Southeast Asian countries, with roots in Chinese organized crime groups.

Though high income, English speaking markets tend to report the highest absolute losses, with Americans averaging $9,450 per task scam, rising economies such as Pakistan have reported a more substantial impact on their economy, equivalent to 4.2% of the country’s GDP in losses due to task and job scams.

The task scam playbook tends to follow the maxim of global hook, local flavour. The task scam templates are universal around the world. However, the bait is regionally tuned. For example, fake tech job scams targeting India or more formal employment promises in Mexico. Scammers choose the impersonating brand to fit each market.

The business cost of social media impersonation and brand fraud

Indeed the costs land on your books whether or not your name was on the scam, but here are some of the most common.

Loss of brand trust

People impacted by the fraudsters may not trust your brand even if they know you were impersonated. The cognitive association will forever link your brand image to the feeling of being swindled.

Social media impersonation and presence dilution

With increasing numbers of fake social media profiles and impersonating pages created by scammers, trust of your legitimate digital activity will reduce, and legitimate marketing or recruitment campaigns may be seen as suspicious activity.

Operational costs

Victims will call your legitimate company to confirm their fake new job. Customer support fields complaints from people who lost money to a platform they believed was yours, your marketing and cybersecurity team will file takedown requests, leading to large amounts of effort, time and cost for your company.

Candidate pipeline damage

Job seekers who have been burned by a fake recruiter using your legitimate company name, or have watched it happen to someone else, will deprioritize or ignore your legitimate outreach. Recruitment reputation is slow to build and fast to lose.

Widening regulatory exposure

The US FTC’s Government and Business Impersonation Rule took effect in April 2024, and in its first year the FTC brought five cases and shut down 13 impersonation websites. Australia’s Scams Prevention Framework Act passed in February 2025. The UK’s Online Safety Act is already in force. Governments are starting to expect impersonated brands to monitor and act against scams.

How to detect and respond to task scam brand impersonation

A security-led program against task-scam impersonation rests on four things, each of which should be continuous rather than episodic.

Visibility across social media impersonation and the web

Monitoring that only reports at the domain level will miss social media impersonation on platforms such as LinkedIn, often the first step in fraudulent activity. Detection needs to track subdomain enumeration patterns, fake social media profiles and group chats, and fake paid-ad placements that route through short-lived redirect chains.

Coordinated response across security, HR, legal, brand, and support

Pre-agreed ownership, pre-written evidence templates, pre-established escalation paths to major social media platforms and domain registrars.

A public hiring-and-communications posture that is unambiguous

A published hiring process, a verifiable recruiter directory, and explicit “we will never ask for payment” statements on your legitimate profiles. The goal is not to educate every user. It is to give the ones who check a clear, fast way to disqualify the scam.

Intelligence that feeds the rest of the security program

A cluster of fake executive recruiter accounts, or sudden creation of scores of copycat domains, are usually upstream of a targeted phishing campaign. A new wildcard-DNS infrastructure tied to your brand is upstream of a coming paid-ad push. The takedown feed belongs wired into the SOC and the fraud team, not running as a separate marketing workflow.

CybelAngel’s analyst team takes full ownership of the takedown process, from first detection to resolution.

Wrapping up

Task scams are a structured, scalable industry. Your brand is part of the infrastructure whether you know it or not.

If your brand is visible enough to be trusted, it is visible enough to be impersonated. The question is whether your security program is built for the threat that is actually happening.