Huawei UK makes a blunder with its online careers page

Filed Under: Malware, Phishing, Security threats

HuaweiTechnology giant Huawei has been in the news lately, with US investigators pushing for the Chinese company's telecommunications products to be banned because of spying and surveillance concerns because of the firm's close ties to the Chinese Communist Party and People’s Liberation Army.

As Mikko Hypponen pointed out on Twitter, it's odd that China hasn't responded with a tit-for-tat warning to Chinese companies not to do business with Cisco and Intel because of their US government links.

Anyroad, maybe the news stories have piqued your interest in Huawei, and you are wondering if there are any career opportunities with the world's largest maker of telecommunications equipment.

So, you might visit their website. Here's their UK site, for instance..

Huawei's UK website

And if you scroll down the page, you'll find a link to their careers information entitled "Job Seekers"..

Navigation on Huawei's UK website

The link takes you to www.huawei-careers.com, which seems reasonable enough.

But there's a problem. Because when you visit that page, you are actually taken to a GoDaddy page instead.

Huawei Careers?

At first, I worried that Huawei had forgotten to pay the bill to have their domain renewed, and that any malicious phisher or cybercriminal could purchase the page and hijack it for their own purposes.

The risk would then be that a cybercriminal could buy the domain for themselves and either post up a convincing replica of what a Huawei Careers page would probably look like, and steal personal information from potential job hunters - or simply plant malware on a page infecting anyone who visits.

And the malicious webpage would be all the more convincing because Huawei UK's legitimate site would be pointing at it.

But it looks like Huawei bought the domain in 2011, and simply hasn't done anything with it - leaving an ugly GoDaddy holding page in its place. Yes, GoDaddy is offering to help people buy the huawei-careers.com domain, but only by brokering a deal with Huawei Technologies.

GoDaddy says it will help you buy huawei-careers.com

I guess Huawei aren't really that keen on hiring people in the UK if this is where British job hunters are directed.

We informed Huawei's UK office about the issue by telephone and email. Hopefully they can fix the error quickly, and point to a genuine careers page.

All in all, it's not a big disaster - but it certainly looks unprofessional. And it could have been much worse.

It's certainly not quite as embarrassing as how the Serious Organised Crime Agency (SOCA) allowed the domain of the National High Tech Crime Unit (NHTCU) to expire, and be grabbed by a third party opportunist, as we reported back in 2008.

There's a clear message here - all organisations must take proper care of their website domains, and check that your site is linking where you think it's linking.

Hat-tip: Thanks to the anonymous Naked Security reader who sent us a tip about this.

, , , , , ,

You might like

One Response to Huawei UK makes a blunder with its online careers page

  1. Chao · 732 days ago

    Hello,there
    Is there still a same problem as you descibed? I made it icareer.huawei.com/globalv/default.html when I clicked "Job Seekers" button.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.