Threat researcher infiltrates Telegram job scam, reveals sophisticated use of real brands and hybrid automation
In a revealing new investigation titled “Telegram Tango: Dancing With a Scammer,” Infoblox Threat Intelligence exposes how scammers are using AI, spoofed domains, and social engineering to lure victims through fake remote job offers on Telegram.
The report details how a threat researcher was contacted by “Arabella,” a convincing persona who claimed to represent Corner Office Consultants — a real company with a legitimate domain. The scam deepened when another fictitious employee, “Maria,” introduced a role at Marble Media, again leveraging a real business name but redirecting the victim to a lookalike domain: marblemediaseo[.]cc.
“Cybercriminals are blending AI with social engineering, creating scams that look disturbingly real.”
— Infoblox Threat Intelligence Spokesperson
The researcher was made to complete meaningless tasks like clicking “Start” and “Submit” repeatedly, only to be told that a cryptocurrency deposit was required to continue. Throughout the interaction, the scammers alternated between lightning-fast, detailed replies and slower, simpler ones — indicating a likely mix of AI-generated responses and manual intervention.
In a surprising twist, the researcher was able to deceive the scammers and withdraw a small sum of money before they caught on. While the amount was minimal, the moral victory shed light on the inner workings of a global scam operation.
Infoblox warns that crypto scams remain a massive threat, with consumers losing an estimated $9.3 billion in 2024 alone. The report serves as a timely reminder for CIOs and CISOs to educate users, monitor emerging scam tactics, and scrutinize any unsolicited job or financial offers.
