A coordinated wave of fake online job advertisements targeting countries across the Middle East and North Africa (MENA) has been uncovered, exploiting the region’s sustained shift toward remote work.
The campaign relies on professionally designed social media ads that promise easy income for simple online tasks, while concealing an organized fraud operation aimed at stealing money and personal data.
The activity, detailed in findings published today by Group-IB, shows how scammers have capitalized on behavioral changes that followed the COVID-era expansion of remote work.
An Rcademy report referenced in the research noted that more than 60% of workers in the Middle East now prefer full-time remote roles, creating an attractive environment for abuse.
Rather than isolated attempts, these scams operate at scale. Group-IB researchers identified more than 1500 fraudulent ads in 2025, with the highest concentration directed at Egypt, Gulf states, Algeria, Tunisia, Morocco, Iraq and Jordan.
Each campaign is carefully localized, using regional dialects, local currencies and familiar brand imagery to increase credibility and engagement.
How the Scam Operates
The fake job ads typically appear on Facebook, Instagram and TikTok and often impersonate well-known e-commerce platforms, banks or government bodies. Once users respond, conversations are quickly moved to private messaging apps such as WhatsApp or Telegram, where the core fraud unfolds.
Victims are asked to share personal and financial information under the pretext of recruitment or onboarding. In many cases, they are later required to deposit money to access higher-paying “tasks,” with small initial payouts used to build trust before communication abruptly stops.
Read more on online job fraud: Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer
According to the research, the campaigns are run by organized groups that reuse the same scripts, branding, fake websites and Telegram infrastructure across multiple countries.
This level of coordination allows the scams to scale rapidly and makes them harder to trace than traditional one-off fraud attempts.
Impact on Users and Platforms
The scams exploit trust in recognized institutions and the low cost of social media advertising. By offering daily earnings of $10 to $170 for tasks that take minutes, the ads frequently promise income above local averages, drawing in financially vulnerable users.
“Overall, this scam is not a set of isolated ads. It is a coordinated, multi-step operation with shared infrastructure, repeated phishing methods and consistent behavioral patterns,” Group-IB warned.
“By combining ad keywords, platform distribution, brand impersonation, website indicators and scammer profiles, defenders can better track, block and dismantle this activity across regions.”
To defend against threats like this, the company recommended greater caution from users and stronger safeguards from platforms.
Individuals should avoid sharing personal or financial information with unverified recruiters, question unrealistic income promises, verify employers through official websites or trusted job portals, and report suspicious ads.
Businesses and social platforms, meanwhile, are urged to tighten ad verification for job listings, monitor brand or ministry impersonation and run multilingual awareness campaigns to alert at-risk users.
