Looking for work? Some jobs ARE too good to be true.

Filed Under: SophosLabs, Spam

In this time of increasing unemployment, it appears the money fraud scammers have found a new target demographic. Traditionally, "money mule" scams have involved beleaguered survivors of fallen third world political regimes claiming to have money they want your help getting out of their country -- send your banking information to an anonymous e-mail address and they will wire you untold riches. Some money scammers must now realize that people have caught on to this plot device, as more elegant schemes are appearing that appeal not just to human greed, but also human desperation.

Take, for example, the following email from a "large multinational," sent via an anonymous free email address:

Sample job phishing message

Sample job phishing message

While the message does have the requisite spelling errors, typos, and "large amounts of money, all you have to do is..." ring to it, it actually has the gall to suggest you'll have to work for your untold sums -- but don't worry, anyone in the US is eligible, and they'll hide your income from the IRS.

Sounds great, doesn't it? You don't even have to quit your day job if you have one, and you can still make (up to) $500 per week! Just click on the link and fill out the application form....

Sample target phishing web page

Sample target phishing web page

It seems that their company is looking for people who know how to handle money. You just have to know how to fill in an exhaustive amount of your personal information.

Here's the entire list of information they want (their text):

Title, First name, Middle name, Last name *, Street, City, State/Province, ZIP/Postal Code, Country, Home phone, Mobile phone, Fax. E-mail address, IM Add. Please Specify (Yahoo,Msn,Aol), Current or Previous Occupation, POSITION APPLYING FOR, Date of Birth (12/31/1998)

Whew... I think that covers everything but your Western Union number. Amazingly, while the email says the positions are open to anyone in the United States, the web form lists an additional 251 countries you can work in.

The site is quite thorough... as well as having a Jobs page, it also has a Home page which outlines what the company does (handles other people's money), a Products page that lists the types of money they handle, an About Us page that tells you you can trust them with your money, a Management Team page that lists an impressive number of people in management positions, a Contact Us page, where you are yet again invited to send them your personal information, and the best... their News page:

We received some important information from relevant Authority that some impostors are claiming to be an affiliate of our company and thereby defrauding innocent people of their valuables.

If you received any email from anybody claiming to be an agent, employee or affiliate of our company, contact our company for confirmation or verification before proceeding.

Thanks.
<company name>.

January 2009
* <company name>' UK Larger Companies Fund won the 2018UK Large Companies 2019 category at the Investment Week Awards 2008.
* <company name> wins £90m UK equity portfolio from Fujitsu Services 2019 DB pension schemes.
* <company manager> of the UK Larger Companies team was ranked 1st in the Thomson Reuters Extel Pan-European survey 2008.
* Private equity team strengthened by Boston appointment.

November 2008
* Investment Week - Emerging easing.

So, they want to assure you that even if you received an email that your mail scanner identified as fraudulent (which Sophos' offerings do), or you see anything written on the Internet regarding the site, not to worry -- just make sure you use the contact information on the site to contact them -- which consists of their submission forms, a UK telephone number and an email address. Yes, their contact page has both an email submission form AND an email address, probably to make up for the fact that it contains no physical address. Fortunately, they're still hiring, assuming you're willing to send them your personal information. Unfortunately for them, Sophos' web appliance identifies their web site as fraudulent.

So a word of caution to any of you looking for work: remember never to take a company's website at face value -- check what others have to say about the company before you provide personal information. For instance, Google's only reference to this company's web site is its own web site. The company also mentions that it started its financial transactions in 1998; unfortunately, it appears it took them over ten years to join the Internet revolution, as they just registered the domain name for their web site three months ago. They don't appear to intend to use it for very long either, as the registration expires next year. On a search for this company's name, a third of the search results are fraud alerts, a third are job postings on job sites and networking sites, and the last third are a collection of websites that have the unfortunate luck to have the same name as the company in question.

Job hunters beware. Even the jobless have something to lose.

,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Andrew Ludgate is a Threat Researcher for SophosLabs Canada. His research areas include Mac, Spam and Data Leakage related threats.