Someone we know in India received an job offer from an acquaintance in the Middle East to work at a Skyspring hotel in New York. They needed to front $600 for the visa and he’d received instructions via an email.
They come from a modest background (his mother is a cook) and she asked my mother to help check if this was a real job – $600 is a lot of money after all. The “pay upfront to get this job” rang all kinds of alarm bells. But, it was hard to dismiss it outright since it came from someone they knew.
And, it didn’t help that Google had a very convincing looking card show up on search.
Of course, it all unravels the moment you spend more than a minute investigating. The hotel has no trace on Tripadvisor or Booking.com and the phone number doesn’t work. The email has a few typos (why do scammers not get that right?), was sketchy on details of the work visa, and it came from a questionable looking “@consultant.com” email address.
All in all, it was more sophisticated than the traditional Nigerian prince scam and it could have fooled someone who wasn’t discerning. I think the Google card was the most convincing piece of the scam and I couldn’t find a way to flag it on my phone (I found it on my laptop and did so).
It did get me thinking about how important it is to design products with scam/bad actor use cases in mind. It isn’t enough to just think of the happy path.