Today, I was the target of an email outreach job posting scam. This article documents my recent experience with what appears to be a job scam attempt to impersonate Meta (Messenger). I’m writing this in detail to help others recognize similar red flags and avoid potential harm to their online security.
It was instantly clear to me that this is a scam after finding a fresh Reddit post from a few hours ago that was describing the exact situation I had. You may find the Redding post here: https://www.reddit.com/r/Scams/comments/1jdghjn/messenger_job_social_media_manager_scam/
How it begun
I’ve received the following email:
Address:
<[email protected]>
Message:
Dear Petar,
At Messenger, we value creative professionals who can drive engagement through compelling content. Your expertise in content strategy and storytelling has caught our attention, and we’d love to invite you to explore the Social Media Manager role.
In this position, you’ll design interactive campaigns, create engaging content, and develop localized social strategies tailored for Serbian users. You’ll collaborate with engineers and designers to optimize user experiences and enhance brand visibility.
Let’s connect to explore this opportunity. Reply to this email, and we’ll be happy to share more details.
Best regards,
Milica Jovanović
Head of Recruitment, Messenger Serbia
The email address is suspicious
The email address <[email protected]> is suspicious for several key reasons.
Firstly, while it uses the term “messenger,” it originates from the domain messenger-talentnetwork.com, which is not an official Meta (Facebook) domain. Legitimate email communication regarding job opportunities from Meta would almost certainly come from an @facebook.com or @metacareers.com address.
Secondly, the generic “hr” prefix is common but less specific than what a large organization like Meta might use (e.g., a recruiter’s name or a more specific department alias).
Finally, the hyphenated and somewhat generic nature of the messenger-talentnetwork.com domain itself lacks the professional and branded feel expected from a major tech company’s recruitment efforts, making it appear more like a hastily created or less reputable entity.
Understanding the Email message
This email from Milica Jovanović at <[email protected]> regarding a Social Media Manager role at “Messenger Serbia” is riddled with suspicious elements. Firstly, the message itself appears too good to be true, immediately raising a red flag. The overly enthusiastic tone and direct invitation to a seemingly attractive role, especially without a prior application, are common tactics used in scam emails to lure recipients.
Secondly, my research into Milica Jovanović, particularly on LinkedIn, has yielded no credible results for an individual with that name holding a Head of Recruitment position at Meta, Facebook, or specifically Messenger. This lack of professional presence for a supposed recruiter from a major company is highly unusual and strongly suggests a fabricated persona.
Thirdly, the very premise of “Messenger Serbia” as a separate entity with its own recruitment department is factually incorrect and therefore deeply suspicious. Messenger is a feature and product of Meta (formerly Facebook), not an independent company, and it does not operate with localized departments structured in this manner. The idea of a dedicated “Messenger Serbia” with a Head of Recruitment is a clear fabrication designed to lend a false sense of legitimacy to the scam. These inconsistencies collectively paint a picture of a deceptive outreach attempting to impersonate Meta for potentially malicious purposes.
The second email
After I replied to the email, I’ve received the second message:
Hi Petar,
Thank you for your response and for your interest in the Social Media Manager role at Messenger Serbia! I appreciate your curiosity about our work in Serbia and would be happy to provide more details.
This role is part of our effort to expand Messenger’s engagement and digital storytelling strategy in Serbia, focusing on localized campaigns, interactive content, and audience engagement strategies tailored for the market. During our conversation, I’ll share insights into our ongoing projects, company culture, and expectations for the role.
And no worries—there’s no three-hour assessment before an initial conversation!
Scheduling Your Interview:
- Click on Schedule a Call.
- Scroll down and select the Social Media Manager position.
- Choose a suitable time for your interview.
- Once scheduled, you’ll receive a confirmation notification via email.
I look forward to discussing this opportunity with you and exploring how your skills can contribute to our mission. Let me know if you have any questions before the call!
Best regards,
Milica Jovanović
Head of Recruitment, Messenger Serbia
Landing on the Suspicious Website:
Upon clicking the link, I landed on what appeared to be a Meta (Messenger) careers page. The initial homepage had a design that, at a quick glance, could resemble a legitimate tech company’s career site. It used a clean layout, a white and blue color scheme, and even featured a logo that looked similar to Meta’s branding.
The homepage prominently displayed sections like “Areas of Work,” “Jobs,” “Locations,” and “Career Programs,” all standard elements you’d expect on a legitimate career portal. There was even a banner highlighting “Messenger” as an area of work, which further reinforced the initial job listing’s theme.
However, the first hint of something being amiss came when I tried to navigate these sections. Clicking on any of the main navigation links – “Jobs,” “Areas of Work,” “Locations,” etc. – all redirected me to the same login page: https://recruit.messengerjobhunt.com/login. This behavior was immediately strange. A genuine career site would have dedicated pages for job listings, descriptions of different work areas, and information about various locations. Funneling every navigation link to a login page felt like a forced attempt to get users to that specific point.
The Login Page and the Persistent Error:
The login page itself was relatively simple, featuring fields for email and password. Below the password field, the text “There was an error processing your request, try again!” was consistently displayed, regardless of what I entered in the email and password fields. I tried various combinations, including intentionally incorrect credentials and even leaving the fields blank, but the same generic error persisted.
This behavior struck me as highly unusual for a legitimate login system. Typically, a failed login attempt due to incorrect credentials would result in a specific error message indicating that the email or password was wrong. A generic “error processing your request” that never changes suggests a more fundamental problem.
Investigating Further: The Browser’s Developer Tools:
My suspicion growing, I opened my browser’s developer tools (usually by pressing F12). I navigated to the “Network” tab and attempted to log in again. I expected to see an HTTP request being sent to the server with my login credentials and a response indicating failure.
However, to my surprise, no such network request appeared in the “Network” tab when the error message was displayed under the password field. This was a crucial observation. It strongly implied that the error was not originating from a failed communication with a server. Instead, the error seemed to be generated purely on the client-side, likely by the website’s JavaScript code, without even attempting to send my input to be authenticated.
Analyzing the Website’s Source Code (Homepage):
My next step was to examine the source code of the website’s homepage (as I couldn’t get past the non-functional login page). By viewing the page source, I noticed several concerning details:
- META Copyright on a Non-Meta Domain: The footer clearly stated “© Meta 2023,” yet the website was hosted on
recruit.messengerjobhunt.com. This is a significant red flag. Legitimate Meta career pages are always on official Meta domains (likefacebook.comormetacareers.com). - Inconsistent Branding: While the title mentioned “Meta Careers” and the logo seemed Meta-related, the domain name was completely different. This inconsistency is a common tactic in phishing attempts.
- Suspicious Hidden Input Fields: I found several hidden input fields in the HTML with names like
sessId,appMessage,appToken, andappChatId. TheappTokenandappChatIdfields, in particular, resembled identifiers used by third-party messaging platforms (potentially Telegram based on the format). This suggested that any information I might enter on the site could be being directed to an external, non-Meta service without my knowledge. - Generic Error Handling: The lack of specific error messages and the client-side nature of the error (no network request) pointed to a poorly implemented or intentionally misleading login process.
Conclusion and Lessons Learned:
Based on these observations, I am highly confident that my interaction with recruit.messengerjobhunt.com was a scam attempt, likely a phishing scheme designed to steal Facebook credentials. The combination of the unofficial domain, the inconsistent branding, the non-functional login with a generic client-side error, and the suspicious hidden fields all paint a clear picture.
This experience serves as a crucial reminder to:
- Always verify the website domain before entering any login credentials, especially for sensitive accounts. Look for official domains.
- Be wary of job postings that link to unfamiliar or non-official websites.
- Pay close attention to website behavior. If navigation links redirect unexpectedly or login processes fail consistently with generic errors and no network activity, it’s a major red flag.
- Examine the website’s source code for inconsistencies, unusual elements, and branding discrepancies.
- Never assume a website is legitimate based solely on its visual appearance. Scammers can easily create convincing replicas.
I am sharing this detailed account to help others recognize these tactics and protect themselves from similar potential scams. Always prioritize your online security and be cautious when interacting with unfamiliar websites, especially those asking for your login information.