Ask HN: How to protect yourself from coding challenge scam?
These past months, I've seen several social media posts about people getting scammed during coding challenges or take-home tests. The cases usually involve cloning a GitHub repository that claims to contain the coding challenge and being asked to run the code, which actually contains malware or steals your data.
Do you have any advice on how to protect ourselves from this? Are there any recommended tools to scan such code? Is regular antivirus software sufficient?
I've seen several suggestions, such as always running this type of code in a VM or emulator. However, I think this solution only isolates the environment. Ideally, we need a way to determine if the code is malicious so we can decide to abandon the interview if it already seems suspicious.
It takes quite a bit of effort to determine that a repo is free of malware - very likely more effort that the coding challenge itself. And I would not rely on antivirus software.
Checking the background of the hiring company may help. Check the investors, board of directors, founders to make sure they are real and have a backstory. Search TeamBlind or Glassdoor for complaints.
Some useful ideas here:
https://www.aura.com/learn/how-to-identify-job-scams
I’d say only complete coding challenges that are sent directly from a prospective employer or that you yourself access via a coding challenge site. I’d never click on a coding challenge link posted in a social media link.
Remember that interviewing goes both ways. If an employer showed this level of incompetence at the interview stage, do you really want to work for them?