Two Sketchy Tech Job Offers I Turned Down

Note on privacy: I anonymized names and company details. This post is about patterns and safety, not calling out individuals.

From the outside, both offers looked promising:

Case #1: A React Native job for a shiny AI nutrition app (contacted via a reputable job board).
Case #2: A Discord DM from someone in a shared developer server offering an “internship now, management later” path.

What followed: mismatched company records, a proctored test wanting camera-on and fast turnaround, and a request to use my LinkedIn/Upwork accounts via VPS. I said no to both. Below is the full story, with chat excerpts.

Case #1 — The “AI nutrition app” via job board

How it started

I got a DM on a well-known European tech job board about a full-time React Native role (mid-level, remote). The message felt normal: friendly opener, a link to the posting, then a list of questions.

Excerpt (anonymized):

Hi! I came across your profile and found it interesting… Would you be open to a quick process?
Here’s the role. If you’re interested, could you answer:

Your most recent project and your exact role.

When you can start.

Can you work 40h/week? Any other projects?

Are you open to a paid technical test at your hourly rate?

Remote experience: how do you organize and communicate?

I replied with my projects, availability (one-month notice), and tooling (GitHub Projects, Notion, Discord/WhatsApp). So far, so good.

The follow-up email

Soon after, I received a structured email outlining the hiring steps:

Excerpt (anonymized):

If you’re interested and can start within 5–10 days, here’s our process:
– Take a proctored screening test (camera on, no ChatGPT/AI tools).
– If you pass, do a half-day live coding session inside our app (paid $35).
– Final interview with the lead dev + short founder call.

On paper, “paid test” sounds fair. But $35 for half a day is very low for EU norms, especially if it’s real product work.

What looked legit

There was a website and social profiles for the app.
The product concept was plausible, with some public presence.
(General) the posting itself included a clear stack (React Native + Node/Supabase).

What I checked—and what bothered me

Registration mismatch. The job was presented as a France-based role. When I checked public records, the trail pointed to a dissolved UK entity linked to an overseas company (UAE). This doesn’t prove bad intent, but it must be explained before you hand over data or write code for them.
Proctored test + privacy. Camera-on testing typically means webcam snapshots, device/IP logging, possibly location, and months of data retention. If you’re not comfortable, you need details and an alternative.
Urgency. “Start within 5–10 days” clashes with a normal one-month notice in many EU jobs. Time pressure is often used to push candidates past due diligence.
Low pay for live coding. If the test touches their real codebase, you want scope, IP ownership, and rate in writing. $35 for half a day is not serious compensation in most EU contexts.
Social footprint oddities. One account had many followers with little visible content; another language account had fewer followers but some videos. Not proof of anything—just inconsistency to ask about.

My decision

I passed. Even if the product is legit, the risk vs reward was not. Between the entity mismatch, invasive test model, rushed timeline, and low “paid test” rate, it was too many yellow/red flags together.

Case #2 — The Discord DM

This one started in a shared developer server (JavaScript/React community). The person was friendly and told me they were a blockchain dev with a team. They also had a website and a GitHub profile with many starred repos—which looked convincing at first glance.

The chat flow (anonymized excerpts)

Hi, nice to meet you. I won’t scam or steal money. I just want to collaborate. You can work as an intern. If you show good results, we’ll pay. Later you could be a manager. AI coding is not welcome on our team. Can we have a meeting in 1 hour?

During the call, it escalated:

It’s better that you let him use your account instead of you. We can use VPS.” You can only share your freelance marketplace account. We are a remote dev team, not a company. We don’t have a website — you can make that.

When I asked for transparency (legal entity, registration, site, LinkedIn), the answers were vague or “later.”

Why this is a hard NO

Account access request. Never let anyone operate your Upwork/LinkedIn/other professional accounts. It violates platform rules, risks permanent bans, and puts your identity on the line if they scam a client.
No legal entity. “Just a team” + “use your accounts via VPS” is a classic account-rental setup to bypass geo/KYC/risk controls and to launder reputation using your profile.
Fast pressure + moving goalposts. Instant calls, demands during the call, and “pay later if you do well” is not how a trustworthy employer behaves.

My decision

Immediate pass. A polished GitHub and a website mean nothing if they ask for your accounts and can’t show basic company proof.

What these two cases were likely after

Personal data (Case #1). Proctored tests can capture images and metadata. If you also upload ID or paperwork, that’s even more sensitive.
Free/cheap product work (Case #1). Half-day coding at a nominal rate, potentially into their real product, without clear IP.
Your identity (Case #2). Using your Upwork/LinkedIn to bid, pass filters, or recover from bans—you take the hit if anything goes wrong.

Red-Flag Library (save this)

Identity & paperwork

They can’t give you the exact legal entity, registration number, and registered address from their country’s official registry.
Names/locations don’t line up across job post, email domain, website, and public records.
They push non-company arrangements: “just a team,” “we’ll sort it later,” “make our website.”

Process & pressure

“Start in 5–10 days” or “today/tomorrow test” that encourages skipping due diligence.
Proctored tests with no clear privacy policy (what’s collected, how long it’s stored, who sees it).
Low-paid live coding that touches their real codebase without scope/IP/rate in writing.

Access & control

Requests to share your accounts (Upwork, LinkedIn, GitHub) or to operate them via VPS/remote desktop.
Requests to move off-platform for payments or communication when a marketplace has rules.

Too good / too soon

“Intern now, manager later” with no path or contract.
Vague “we’ll pay later if you do well” with no written terms.

What I would ask for next time (and you can copy-paste)

Thanks for the opportunity. Before I continue, please share:
• Your legal entity name, registration number, and registered address (from the official registry).
• A link to your privacy policy and details of any assessments (proctoring, data collected, retention).
• Confirmation that you will never request access to my personal or platform accounts (LinkedIn/Upwork/etc.).
• For any “paid test” touching your codebase: scope, rate, IP ownership, and how test code is handled after.
Once I’ve verified these, I’m happy to proceed.

Safer ways to handle tests

Non-proctored alternative. Ask for a take-home task with public data and no webcam.
Sandbox repo. If it’s live coding, request a throwaway repo (no production code) and clear IP terms.
Fair pay. For half-day+ tasks, expect a market-rate fee.
Minimal data. Don’t upload passports/IDs unless there’s a clear, legal reason and a proper privacy notice.

Final thoughts

A slick website and an active-looking GitHub can be decoys. They’re not proof of a trustworthy employer.
Your accounts are your identity. Never let anyone use them.
Due diligence is part of the job. A few checks up front can save you months of headaches.

If you’ve seen similar tactics, share them with the community. The more we talk about this, the harder it is for bad actors to succeed.