Unmasking a Sophisticated Job Scam in 2025
A job scam impersonated Keepnet and used LinkedIn, Google Meet, and Slack to deceive job seekers. Learn how it unfolded and how to recognize the red flags.
2025-04-18
'%3e%3cpath%20d='M4%204L15.733%2020H20L8.267%204H4Z'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2020L10.768%2013.232M13.228%2010.772L20%204'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_8149_16006'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
A highly sophisticated job scam has recently surfaced, targeting individuals looking for a job. What makes this scam so alarming is its use of trusted professional platforms—including LinkedIn, Google Meet, and Slack—to build an illusion of legitimacy. Even more audaciously, these scammers have falsely adopted the Keepnet brand in an attempt to appear reputable.
This article dissects the scam at every stage, exposing the red flags and Indicators of Compromise (IOCs) that can alert potential victims. Given the rapid growth in crypto-related jobs and the industry’s global, decentralized nature, job seekers need to remain vigilant and conduct due diligence before sharing personal or financial information.
Below is a comprehensive breakdown of how the fraud unfolds, what warning signs to look for, and how to protect yourself from falling prey.
The Scam Breakdown
Here is the step-by-step breakdown of the scam, outlining the typical sequence of events and interactions that victims experience.
1. LinkedIn Connection and Initial Contact
The scam typically begins with a LinkedIn connection request from what appears to be a professional profile. In the documented case, Serdest Onat received a request from a user named George Lin. After the victim accepted, George followed up with a friendly message, likely tailored to appeal to the victim’s professional background in cryptocurrency.
The use of LinkedIn—a platform synonymous with professional networking—encourages trust.
2. Google Meet Interview with “Roman”
Once the connection is established, the scammer suggests a Google Meet call under the guise of a formal interview. This video call further legitimizes the process:
- Roman conducts the interview, speaking fluent English and appearing polished and professional.
- He requests the victim turn on their camera—a common practice in legitimate interviews to foster a personal connection.
This step is often enough to persuade the unsuspecting individual that they are dealing with a legitimate recruiter or HR representative, especially when they see a real person on the screen. However, these scammers rely on this fleeting credibility to distract from glaring inconsistencies—such as mismatched email domains or the suspiciously rapid pace of “hiring.”
3. Fake Job Offer via Email
Following the interview, the scammer sends an email from a generic Gmail address (e.g., angel126mic@gmail.com), attaching or linking to a Google Form. The email outlines a “job offer,” instructing the recipient to fill out personal information like name, contact details.
4. Slack Channel Invitation
In the final stage, the victim is invited to a Slack workspace supposedly affiliated with Keepnet. Once inside, they communicate with a user named Dhanh Tanh Ngo, whose profile photo is the same individual who appeared on Google Meet under the name “Roman.”
Slack is widely recognized as a leading collaboration tool, which makes this step especially deceptive. Victims might believe they are simply joining their new team’s workspace to finalize onboarding. In reality, they are stepping deeper into the scammer’s well-crafted trap.
After scammer's LinkedIn profile who started initial conversation with victim, the personed seemd based UK, but after we taled to JobSecta company that we understood this person based in Singapore and worked for Jobsecta in the past and not actively working with them.
The scammer, who initiated contact with the victim via LinkedIn, appeared to be based in the UK. However, after contacting the JobSecta company, it was discovered that this person was actually based in Singapore and had worked for JobSecta in the past, but was not currently employed by them.
Key Red Flags and Indicators of Compromise (IOCs)
Let’s dive into the most suspicious elements and warning signs that were present in this scam, which can be used to identify similar scams in the future:
1. Email Address
- angel126mic@gmail.com
- roman.shalak12@gmail.com
These are personal Gmail accounts, not tied to an official company domain.
2. LinkedIn Profile Anomalies
- George Lin’s profile claims to be in the UK but shows ties to Singapore. Discrepancies in location and background often point to fabricated identities.
3. Unusual Tactics
- Rapid Escalation: Jumping from a LinkedIn chat to a video interview, followed immediately by a Slack workspace, is atypical for legitimate companies, especially without multi-step interviews or background checks.
- Rapid Escalation: Jumping from a LinkedIn chat to a video interview, followed immediately by a Slack workspace, is atypical for legitimate companies, especially without multi-step interviews or background checks.
Why This Scam Stands Out
The bold misuse of the Keepnet brand, coupled with the abuse of trusted platforms like LinkedIn and Slack, makes this scam particularly noteworthy. Adding to the concern is the scammer's focus on cryptocurrency, exploiting its untraceable nature for quick, illicit gain:
1. Misuse of the Keepnet Brand
One notable twist is the fraudulent usage of “Keepnet”—a genuine cybersecurity company—to add legitimacy. By co-opting Keepnet name and referencing their services, scammers hope to reassure prospective victims. Ironically, using a cybersecurity brand for criminal activity underscores the scammers’ brazen nature.
2. Abuse of Established Platforms
This scheme takes advantage of trusted online platforms, including LinkedIn, Google Meet, and Slack. Each platform’s credibility assists the scammer in masking fraudulent behavior. Victims may become less suspicious simply because they recognize and regularly use these reputable tools.
Psychological Tactics at Play
Scammers employ a variety of psychological tactics to manipulate their victims. Some of the most common tactics include:
1. Professional Presentation
A slick Google Meet interview with a camera-enabled conversation creates an instant aura of authenticity.
2. Urgency & Exclusivity
The promise of a high-paying role or urgent need for a specialized skill in cryptocurrency can override initial skepticism.
3. Overlapping Identities
Using the same face (“Roman”) across email, Slack, and video calls provides consistency that initially builds trust.
Protecting Yourself From Job Scams
1. Verify Through Official Channels
When you receive a job offer, always confirm by contacting the company directly via their official website or verified phone number. For instance, Keepnet’s egitimate domain is keepnetlabs.com—anything else is suspicious.
2. Check Email Domains
Legitimate companies typically use @companyname.com email addresses. Be wary of offers from Gmail, Yahoo, or other free email services.
3. Report Suspicious Activity
Flag questionable profiles on LinkedIn, Slack, or email as soon as you suspect fraud. Reporting helps prevent others from becoming victims.
4. Look for Inconsistencies
Mismatched locations, unprofessional communication, and immediate transitions to Slack with no formal HR steps are all red flags.
Broader Trends Job Scams
As cryptocurrency adoption expands, so does cybercrime focusing on digital assets. This scam is part of a larger wave of frauds leveraging trusted platforms and well-known industry brand names to target unsuspecting victims. Whether you’re a seasoned crypto enthusiast or exploring digital assets for the first time, remaining educated and cautious is essential.
Check out our blog on 2025 common phishing scam examples to learn more.
How Keepnet Human Risk Management Combats Social Engineering Scams
In 2025, cybercriminals exploit trusted platforms like LinkedIn, Google Meet, and Slack to launch sophisticated scams, Keepnet Human Risk Management emerges as a critical defense. By addressing human vulnerabilities—the weakest link in cybersecurity—Keepnet empowers organizations to proactively mitigate risks through a multi-layered approach.
- Security Awareness Training: Keepnet’s adaptive security training programs educate employees on identifying red flags in social engineering tactics, such as unsolicited cryptocurrency requests or fake job offers. Training modules include real-world examples of hijacked brands, spoofed communication channels, and urgency-driven scams, fostering a culture of skepticism and critical thinking. Employees learn to see anomalies in emails, meetings, or collaboration tools, transforming them into vigilant first responders.
- Phishing Simulations: Keepnet goes beyond theory with hyper-realistic phishing simulations that replicate current threat patterns, including AI-generated fraudulent video calls, and cloned corporate websites. These exercises test employee readiness in a controlled environment, providing actionable insights into gaps in detection and response. Over time, repeated exposure reduces susceptibility to social engineering by reinforcing muscle memory for safe practices.
By combining awareness education, hands-on practice, and real-time protection, Keepnet Human Risk Management transforms human behavior from a liability into a shield. In a landscape where scams evolve daily, organizations equipped with these tools not only react to threats but anticipate them, ensuring trust in digital interactions remains intact.
SHARE ON