Technology giant Huawei has been in the news lately, with US investigators pushing for the Chinese company’s telecommunications products to be banned because of spying and surveillance concerns because of the firm’s close ties to the Chinese Communist Party and People’s Liberation Army.
As Mikko Hypponen pointed out on Twitter, it’s odd that China hasn’t responded with a tit-for-tat warning to Chinese companies not to do business with Cisco and Intel because of their US government links.
Anyroad, maybe the news stories have piqued your interest in Huawei, and you are wondering if there are any career opportunities with the world’s largest maker of telecommunications equipment.
So, you might visit their website. Here’s their UK site, for instance..
And if you scroll down the page, you’ll find a link to their careers information entitled “Job Seekers”..
The link takes you to http://www.huawei-careers.com, which seems reasonable enough.
But there’s a problem. Because when you visit that page, you are actually taken to a GoDaddy page instead.
At first, I worried that Huawei had forgotten to pay the bill to have their domain renewed, and that any malicious phisher or cybercriminal could purchase the page and hijack it for their own purposes.
The risk would then be that a cybercriminal could buy the domain for themselves and either post up a convincing replica of what a Huawei Careers page would probably look like, and steal personal information from potential job hunters – or simply plant malware on a page infecting anyone who visits.
And the malicious webpage would be all the more convincing because Huawei UK’s legitimate site would be pointing at it.
But it looks like Huawei bought the domain in 2011, and simply hasn’t done anything with it – leaving an ugly GoDaddy holding page in its place. Yes, GoDaddy is offering to help people buy the huawei-careers.com domain, but only by brokering a deal with Huawei Technologies.
I guess Huawei aren’t really that keen on hiring people in the UK if this is where British job hunters are directed.
We informed Huawei’s UK office about the issue by telephone and email. Hopefully they can fix the error quickly, and point to a genuine careers page.
All in all, it’s not a big disaster – but it certainly looks unprofessional. And it could have been much worse.
It’s certainly not quite as embarrassing as how the Serious Organised Crime Agency (SOCA) allowed the domain of the National High Tech Crime Unit (NHTCU) to expire, and be grabbed by a third party opportunist, as we reported back in 2008.
There’s a clear message here – all organisations must take proper care of their website domains, and check that your site is linking where you think it’s linking.Follow @gcluley
Hat-tip: Thanks to the anonymous Naked Security reader who sent us a tip about this.