Loading
{ "global": { "icon": "info", "start": "", "end": "" }, "responsive_group_1": { "country": "All", "usertype": "all", "icon": "info", "start": "", "end": "" }, "responsive_group_2": { "country": "All", "usertype": "all", "icon": "info", "start": "", "end": "" } }
| Help Center
[ "filter-int" ]

**Phishing

Articles in this section
Recently viewed articles

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card or banking details by masquerading as a trustworthy entity.

The phishers’ goal is to acquire access to Upwork accounts, add their own withdrawal method, and eventually steal the victim’s earnings and/or identity. If they compromise an account that has the ability to post jobs (such as a client, hiring manager, or admin account), they will usually take advantage of the ability by posting more phishing jobs and continuing their attack.

Phishing is most often seen in the form of fake login pages (such as a page that looks like the Upwork login page but which is actually controlled by phishers):

Note the URL shown below - it’s obvious this is a fake login page because it’s not located at https://www.upwork.com/login, but is being hosted on a Google Drive account.

What to Look For

Do NOT click any links to suspicious files yourself! If a user clicks on any suspicious link(s), inform the user to reset password and security questions

The phishing that we most commonly see on Upwork usually has the same type of messaging and tactics.

Key Points to look for:

    • Job posts are created in various categories, and invites are spammed out to many freelancers
    • Applicants receive a response with multiple links included in the messaging, one leading to a fake Upwork login page, and others leading to .zip files containing fake login pages for Gmail, Hotmail, and Yahoo


Example of what it looks like in the Message Center:


Example (within OBO) shows a client messaging multiple FLs phishing links:


In order to access the page above, the job opening must be “Open”. Agents will not be able to access this page if the Job opening has been “Closed”. To access, open the client account in OBO:

In the “Contractor” box, under the “# of active candidacies” click on the number link:


Click on the Job name in question:


Scroll to the “Opening” box, under the “# of applicants” field click on the number link.

How can I tell the difference between a legitimate account and a phisher account?

Phisher accounts are new, do not have a UPM, have not spent or earned any money, and are always created as a client account.

Phishing activity on any account that does not match the above patterns indicates a legitimate account that has been compromised and used for phishing.

How to Handle User Reports

Report coming through a channel that doesn’t create a ticket? (i.e. social media / community form) Send the info via email to accountsecurity-escalations@upwork.com (internal only email address)

Process Map

Articles in this section
Recently viewed articles

Was this article helpful?

Upwork Help

Do you need additional help?

Contact Support

Get Support

Log in for personalized service and assistance.

Login

Learning Hub

Expand your Upwork knowledge.

Learn