Today, SophosLabs witnessed a new job spam campaign targeting Australians.
The email message claims to provide part-time jobs with excellent pay. The interesting part of this spam campaign is that the link in the spam message directs the clickers to a website pretending to be seek.com.au – Australia’s number one website for job hunters.
As you can see, the spammer steals a job advertisement from HAYS (Australasia’s number one recruitment consultancy) and offers unbelievable benefits to attract more people. Also it is noticeable that the job ad’s website requests the applicant’s name, contact phone and email address, but no resume.
The job spam campaign uses a sophisticated technique which works all too well – social engineering. The technique takes advantage of the trustworthiness of famous brand names to lure the victim into revealing information.
But worse than that, what do you imagine the job of Payment Processing Assistant really involves anyway?
Normally when we see jobs advertised that involve processing and reshipping money, forwarding cash and wiring it to others via Western Union, it only means one thing: money laundering.
Typically “money mules” are used by criminal gangs to transfer money from bank accounts, once they have been compromised through phishing or the use of malware.
Mules are often recruited via spam email with promises of how they can make fortunes by working from home for a financial institution, and usually earn a percentage of the money transferred for their efforts.
The message is clear – don’t be an ass. Reject money mule jobs offered by cybercriminals, even if they do pretend to be legitimate recruitment websites.
Sophos recently published its 2011 Security Threat Report, which covers a wide variety of topics, including spam, phishing and social engineering attacks. Why not grab a free copy of the report for yourself?