We take great measures to keep our global marketplace safe, and we’re committed to doing our best to prevent or address suspicious activity.
However, with so many users in the Upwork marketplace, suspicious activity may appear on the platform from time to time. We count on your help and diligence to make the Upwork experience as safe as possible.
Never get paid or pay someone outside of Upwork. You may open yourself up to scams or fraud, and lose Upwork Payment Protection. Learn more here.
Do not let anyone else use your Upwork account. Learn more about identity theft and paid Upwork account fraud here.
A real client will never ask you to give them money to start working, cash a check for them, work for free, or provide your personal information. Report suspicious behavior.
Getting Started with Online Safety
As with any online business, it’s always important to be diligent in protecting your information, your computer, and your access.
- Educate yourself
- Trust your instincts
- Communicate with other users only on the Upwork platform
- Check our general electronic security guidelines for more tips!
Keeping communication with other users on Upwork will allow us to assist in protecting your security.
Online Safety Best Practices
These tips can help you identify and avoid potential phishing, malware, or scam attacks. Keep them in mind whenever you see suspicious activity.
Taking work or payments outside of Upwork can be an easy way to get involved in a scam. Freelancers put themselves at risk of not getting paid, getting paid in a fraudulent manner (e.g., fake checks), or similar, and it is against Upwork’s Terms of Service. All users who take work or payments outside of Upwork lose the security of Upwork’s Trust and Safety programs, including Hourly Payment Protection.
If someone pretends to be an authority or a trusted service in order to steal from you, it’s called phishing. False emails with company logos, fake login pages, and fraudulent personal messages and calls are all phishing attempts. Double check who is communicating with you. When in doubt, never share your personal information.
"Bad actors" attempt to use the Upwork platform to commit fraud. If anyone asks you for your Upwork username and password, or offers to pay you to use access to your account, this person is a bad actor. Consider your Upwork username and password as private as your bank account information. When in doubt, never share your private or personal account information and flag these requests for the team.
All original work on the Upwork platform should be paid work. If you are pressured to create work without payment or secured funding, it is against our Terms of Service and you should flag it for our team.
The following types of payment are inappropriate on the Upwork platform.
- Payment from a freelancer for a client to consider a proposal/application
- Payment from a freelancer to work for a client
- Upfront payment for a project’s costs or needs
- Upfront payment from a client for a freelancer’s needs
- Direct payment for a project’s needs
If someone asks you to process payment on their behalf to send somewhere else, it may be fraudulent. Your bank can hold you liable for the funds, even if you have already sent the money to the fraudster.
- PayPal payments
- Purchasing gift cards
- Favors to cash or deposit checks
- Favors to cash or deposit money orders
- Requests to buy, sell, or transfer currencies of any kind (regular or crypto currency)
- Payments to buy supplies or send something of value up front before starting work
If a user has asked to have goods shipped to you for you to repackage and mail elsewhere, it could be a shipping scam. These items can be stolen or purchased with a stolen card, and you could be acting as the middleman.
If you’re asked to click on external links or sign up for websites you don’t know, it could be clickbait. Some websites make money off of the click-through traffic from these links. Research the website before clicking anything, and look for reviews or red flags that show signs of clickbait or dangerous malware/ransomware.
Other users do not need access to your personal information, payment account information, driver's license, passport, social security number or other tax ID, tax forms, etc. Do not share this information.
Jobs that advertise benefits, medical insurance, and training programs are often signs of a scam. Some scammers even use a real company’s name to make their job appear more credible. Be extra cautious with these posts.
Email Scams and Malicious Links
Pay close attention to email and messages, especially if you don’t know the sender. Check the details below.
Take a moment to look at the email address. Do the alias, sender, and domain look legitimate?
Does the content of the email make sense? Watch out for messages urging you to act fast -- think first.
Never respond to an email requesting your personal information. If the sender requests your contact information, financial information, Upwork username and password, date of birth, social security number, or other tax ID, STOP and ask yourself:
- Do you know this sender?
- Do they have a legitimate reason to be asking for this information?
- Even if you answer "yes," don't reply to the email or call the number provided. Contact the company that appears to need your information directly. For example, call your bank or the number on the back of your credit card if the email appears to be from that company.
Beware of emails containing unknown links and attachments. Be careful before clicking or opening them. Don’t click suspicious links.
Malicious links are the most common scam tool. They're also one of the easiest to spot if you’re careful. The link may appear legitimate, but check these details.
- The true URL could be hidden. A link's text may look like a URL, while the link itself leads somewhere else. Hover over the link to see where it goes.
- A link shortening service might be used to hide the link’s details.
- The URL may contain misleading typos, such as upvvork.com instead of upwork.com. Read it carefully.
Ask yourself whether you're expecting an attachment from the sender.
- The only attachment file format that isn't a potential threat is .txt. Treat all other attachments as potentially malicious.
- Attachments, especially Microsoft Office files like .xls, could contain hidden malware, even if they pass your virus protection scan.
- When being provided with a file you need to access, either in Messages or directly, we strongly recommend running it through Virus Total or a similar file scanning software before downloading. We also strongly advise against enabling macros. Macros are part of a document. When opening a document (doc, zip, xls, etc.) if a macro is present, you will be asked in a pop-up message whether you’d like to enable it. Macros can contain hidden malware, and if enabled it would allow a scammer access to your computer and compromise your personal information.
In very specific cases, Upwork may reach out to you for information via email. Always be sure to check that the message comes from an @upwork.com email. Review communications that appear to be from Upwork to be sure they are real, and reach out to our customer support team if you have any questions.
When in doubt, confirm the message content with the sender before taking any action at all. Reach out via a method other than email, if possible. If not, compose a new message. Do not reply to the suspicious message – that could go to the phisher.
For more information about reporting suspicious activity on Upwork, click here.
Security Best Practices at Upwork
For an overview of online safety and security best practices, please visit our Security Center. Or check out our complete online security series by clicking the links below: