A real job is built around interviews and an offer. A scam is often built around getting something onto your device. When the first real step is "download this" or "click here," slow down.
The rule
Legitimate onboarding software arrives after a signed offer, from the company's own verified website, the one you reach by typing the company name into your browser. No real employer asks a stranger to install an unfamiliar app or open a portal link from a chat message before any interview.
What the app or link is for
The download is usually the scam, not a step toward a job. Depending on the version, it can connect to and drain a crypto wallet, capture the logins you type, install malware, or feed you into a fake "work portal" that collects your personal and banking details. Crypto and "web3" job scams in particular lean on a wallet connection or a trading app to do the theft.
What it looks like
A quick approach, often on WhatsApp, Telegram, or text, with high pay for simple work. Before any interview, you are told to download an app, open a link to "set up your account," or connect a wallet to "activate" tasks. The link domain is often a near-miss of a real company's.
What to do right now
- Do not download the app, open the link, or connect any wallet.
- Find the company yourself and confirm the role exists on its real careers page.
- Check the sender's email domain against the company's real one.
- If it does not check out, report it to the FTC.
This pattern travels with off-platform recruiter messages and lookalike domains. For the wider set of signals, see is this job offer a scam and the complete guide.
Not sure about a link or message? Paste it into the free checker before you click.