Virtual assistant work is legitimate, but scammers copy the language, logos, and hiring processes of real remote employers. A polished offer letter or a long interview is not proof. The safest habit is to judge the transaction, not the presentation: Who is sending money, what information is requested, and what happens if you refuse to leave the platform?
The Federal Trade Commission (FTC) puts the core rule plainly: do not pay for the promise of a job. The FBI’s Internet Crime Complaint Center (IC3) also warns about “task” jobs that show fake earnings, then demand cryptocurrency to unlock more work or withdraw the balance.
The non-negotiable rule
A client pays you for work. You do not pay a client or recruiter to release work, wages, or equipment. Stop when an opportunity asks for any of these:
- A registration, training, security, or background-check fee paid to the recruiter
- Cryptocurrency to unlock tasks, raise your account level, or withdraw earnings
- Gift cards, wire transfers, or a refund from an “accidental” overpayment
- Equipment bought from the recruiter’s chosen vendor using a check they sent
- Access to your bank, email, freelance, social media, or payment account
A real freelancer may choose to buy a laptop or take a course independently. That is different from a supposed client making payment to them a condition of hire.
Eight common VA job scams
1. The impersonated recruiter
The message names a real company and may copy an employee’s photo. The sender uses a free email address, a look-alike domain, or WhatsApp or Telegram only. You receive an offer before a meaningful interview, then the “onboarding” form asks for banking details or identity documents.
Verify the person through the company’s website or switchboard using contact details you found yourself. Do not use the phone number or link in the message you are checking.
2. The fake check and equipment purchase
The recruiter sends a check for a home-office setup and tells you to buy from an approved vendor or return the extra amount. Your bank may show funds as available before discovering that the check is fake. The FTC warns that you can still be responsible for the money you sent. Never forward money from an unfamiliar check.
3. The task or “optimization” job
You rate products, click buttons, or “optimize” listings on a professional-looking dashboard. Small early withdrawals build trust. Later, the system shows a negative balance and demands crypto to finish a task bundle or withdraw your supposed commission. The displayed balance is not real earnings. Do not deposit more money to recover earlier deposits.
4. Reshipping and money-movement work
A “personal assistant” receives parcels, opens accounts, processes payments, or transfers funds for a client. The goods or money may be stolen, and your name becomes part of the trail. Legitimate admin work does not require you to use your personal bank account as a client’s payment rail or hide the source of packages.
5. Account rental
Someone offers to rent your Upwork, Fiverr, LinkedIn, bank, or payment account, or asks you to complete identity verification for them. You lose control of your identity and may be tied to fraud. Never share passwords, one-time codes, session cookies, or remote access to your device.
6. Free “test” work that is the real project
A short paid test can be reasonable. A request to manage a live inbox for a week, produce a full lead list, or create a campaign for free is unpaid work. Define a small test, remove real customer data, agree on payment, and use a funded milestone where available.
7. Off-platform payment pressure
On marketplaces, scammers often push you to another app before a contract exists. Upwork says pre-contract communication and payment should remain on Upwork, and Fiverr similarly warns that off-platform transactions lose platform protection. Follow the rules of the specific platform you use. For direct clients, use a written agreement, a traceable business identity, and an agreed invoice and payment process.
8. A phishing “brief” or login page
The attachment may claim to contain project requirements; the link may imitate Google Drive, Microsoft, or a freelance platform. CISA recommends checking for mismatched sender addresses, urgent language, shortened links, requests for personal information, and unexpected attachments. Open the real service in a new browser tab instead of signing in through the message.
A 10-minute verification routine
Before accepting, run this check:
- Read the scope. Look for specific tasks, deliverables, working hours, pay, and who owns approvals. Vague work plus unusually high pay deserves scrutiny.
- Find the company independently. Search its official site, careers page, legal name, and public contact details. Search the company, recruiter, email, and distinctive message text with “scam” or “complaint.”
- Inspect the sender. Read the full email address and domain character by character. A real company’s name in the display field proves nothing.
- Confirm the person. Contact the company through an independently found channel. A video call adds context but is not sufficient by itself; identities and video can be faked.
- Check the payment path. On a platform, confirm that the contract and funded milestone or verified billing method exist before work starts. For direct work, agree on an invoice, deposit or milestone, due date, and payer name in writing.
- Refuse urgency. A genuine client can answer reasonable questions. Pressure, secrecy, or anger when you verify details is information.
Pair this routine with the application steps in How to Start on Upwork With No Experience or Fiverr for Virtual Assistants.
Share information in stages
Early in the conversation, a client normally needs your portfolio, work history, availability, and general location or time zone. They do not need your password, one-time code, PIN, full bank login, or remote control of your computer.
Tax and payment details may be legitimate after identity, terms, and the hiring relationship are verified. Share them through the official platform or a secure company process, not a chat link. Ask why an identity document is needed, how it will be stored, and whether a less sensitive alternative works. Redact unrelated fields when permitted.
Turn on multifactor authentication, use a password manager, and keep unique passwords for your email, marketplaces, and payment accounts. Your email is especially important because password resets for other services arrive there.
If you already responded or paid
Act quickly without blaming yourself:
- Stop contact and do not pay a “recovery” service.
- Call your bank, card issuer, crypto exchange, or payment provider through its official channel and ask whether the transfer can be stopped or recalled.
- Change exposed passwords from a clean device, sign out other sessions, and enable MFA.
- Save the job post, messages, email headers, usernames, wallet addresses, receipts, and transaction IDs. Do not edit the originals.
- Report the account and messages to the platform. Report U.S.-connected fraud to the FTC at ReportFraud.ftc.gov and internet crime to IC3.gov; also use the appropriate cybercrime or police reporting channel in your country.
- If identity documents were exposed, follow your country’s identity-theft and credit-monitoring process.
For a realistic picture of legitimate work, read Is Being a VA Legit or a Scam?, then use How to Get Your First Client With No Experience to focus on opportunities you can verify. VA Starter Hub publishes educational resources; it does not recruit or hire applicants through these guides.
Official sources
- FTC Consumer Advice: Job Scams
- FTC Consumer Alert: Job Scammers Are Looking to Hire You
- FBI IC3: Scammers Defraud Individuals via Work-From-Home Scams
- CISA: Secure Our World
- Upwork: Recognize Red Flags and Avoid Scams
- Fiverr: Avoiding Spam and Staying Safe
Video references
Watch the workflow
Before you act: platform rules, fees, eligibility, and local requirements can change. Check the official links in this guide and verify the current terms for your country and account.
