Ask HN: How to protect yourself from coding challenge scam?

11 pointsazophy_21y ago4 comments

These past months, I've seen several social media posts about people getting scammed during coding challenges or take-home tests. The cases usually involve cloning a GitHub repository that claims to contain the coding challenge and being asked to run the code, which actually contains malware or steals your data.

Do you have any advice on how to protect ourselves from this? Are there any recommended tools to scan such code? Is regular antivirus software sufficient?

I've seen several suggestions, such as always running this type of code in a VM or emulator. However, I think this solution only isolates the environment. Ideally, we need a way to determine if the code is malicious so we can decide to abandon the interview if it already seems suspicious.

4 comments

grajaganDev1y ago

It takes quite a bit of effort to determine that a repo is free of malware - very likely more effort that the coding challenge itself. And I would not rely on antivirus software.

Checking the background of the hiring company may help. Check the investors, board of directors, founders to make sure they are real and have a backstory. Search TeamBlind or Glassdoor for complaints.

grajaganDev1y ago

Some useful ideas here:

https://www.aura.com/learn/how-to-identify-job-scams

andersco1y ago

I’d say only complete coding challenges that are sent directly from a prospective employer or that you yourself access via a coding challenge site. I’d never click on a coding challenge link posted in a social media link.

shahbaby1y ago

Remember that interviewing goes both ways. If an employer showed this level of incompetence at the interview stage, do you really want to work for them?

j / k navigate · click thread line to collapse

Ask HN: How to protect yourself from coding challenge scam?

11 pointsazophy_21y ago4 comments

Do you have any advice on how to protect ourselves from this? Are there any recommended tools to scan such code? Is regular antivirus software sufficient?

4 comments

grajaganDev1y ago

It takes quite a bit of effort to determine that a repo is free of malware - very likely more effort that the coding challenge itself. And I would not rely on antivirus software.

grajaganDev1y ago

Some useful ideas here:

https://www.aura.com/learn/how-to-identify-job-scams

andersco1y ago

shahbaby1y ago

Remember that interviewing goes both ways. If an employer showed this level of incompetence at the interview stage, do you really want to work for them?

j / k navigate · click thread line to collapse