Sending you a fake job offer costs a scammer almost nothing. A stolen profile photo, a domain spun up in ten minutes, an email that imitates a real brand’s name, and a few thousand names scraped from job platforms. Verifying it, on the other hand, costs you: searching company registries, checking when the domain was registered, testing whether the email is actually deliverable, running a reverse image search on the photo, looking up the crypto wallet they gave you in scam databases. Nobody does this for every message — because nobody can. The entire scam economy is built on this asymmetry: attacking is cheap, defending is expensive. And the job seeker — usually unemployed, in a hurry, and hopeful — stands on the most vulnerable side of that equation.
Worse still, the platforms that are supposed to protect you are not on your side here. Job platforms only remove the fake profile after you report it; your email provider never tells you the domain was registered four days ago; the “hiring process” slips off to WhatsApp or Telegram after the first message, where there is no oversight at all. The only line of defense left is your gut — that “something feels off” instinct — which is exactly what scammers design their scripts to bypass: urgency, authority, a small upfront payment, “you’ll be reimbursed.” Instinct doesn’t scale; evidence does. What’s missing isn’t technology — these OSINT queries are all already public and free — what’s missing is the ability to run them, in seconds, while a human is looking at a single message.
Think about how these scams actually land. It is almost never one obvious red flag; it’s a hundred small details that each look fine on their own. The salary is a little high, but not impossibly so. The company name is real — or real enough that a quick search returns something. The recruiter is polite, professional, and never in a rush until the exact moment they need you to be. By the time a request feels wrong — buy this equipment, pay this onboarding fee, send your ID to “verify” you — you’ve already invested days of hope into the conversation, and hope is a terrible auditor. The scam doesn’t beat your intelligence; it beats your bandwidth. You would have caught it if you’d had the time and the tools to check ten things at once. You almost never do.
JobVerify exists to close exactly that gap: an MCP server that collapses the dozens of checks an investigator would do by hand — company registration, domain age, look-alike domain detection, email/phone verification, crypto wallet reputation, the real age of a profile via the Internet Archive, known scam patterns — into a single question. You paste the message, your assistant runs it, and you get back not a decision but an evidence file. It pulls out every entity in the text — the company, the links, the email, the phone number, the wallet address — and checks each one against public records, phishing and malware blocklists, and website history. Then it hands you a plain-language verdict: looks legit, be careful, or this is almost certainly a scam — and, more importantly, exactly why.
A concrete example. You forward it a message like: “Hi! I’m a talent partner at Example Corp. We loved your profile and want to offer you a remote role at $45/hr. To get started, please purchase $200 of onboarding equipment through this link — you’ll be fully reimbursed on day one. Let’s continue on Telegram.” JobVerify picks out Example Corp, the link, and the Telegram hand-off, and comes back with something like: “High risk — the company has no public registration, the link’s domain was registered four days ago and mimics a real brand, and asking you to pay upfront and move to Telegram are textbook scam signals.” What took the scammer ten minutes to build takes you ten seconds to unravel. That is the asymmetry, finally running in your favor.
And it does all of this without becoming a liability of its own. No API keys, no sign-up, no data retention; it logs into no platform and only reads what is already public. It never scrapes or logs into anyone’s account — it reads website and profile history through the Internet Archive, the safe, legal way to see how long something has really existed, because a brand-new throwaway account is the one weakness every scammer shares. Your messages aren’t stored, sold, or sent anywhere. It runs straight from a repository on demand, so there’s nothing to install and nothing to trust with your data.
This isn’t a “job-hunting assistant.” In a world where attacking is cheap and defending is expensive, it’s an attempt to drive the cost of defense to zero — and to build an order where that weakest link is no longer you.
— -
The project is open source and completely free: https://github.com/yessGlory17/job-verify
If you find the idea worthwhile, drop a star to help the project reach more job seekers. Every star is a “this works” vote for the effort to reverse the asymmetry against scammers. If you’ve spotted a scam in the wild or noticed a gap, don’t hesitate to open an issue in the repo — defense only gets stronger with more eyes on it.

Top comments (0)