The new ESET blog format must be striking a real chord with people. At any rate, job offers are just pouring in. Except that they don't seem to be jobs for security bloggers, or for web developers like the team that maintains this site.
What qualifies us for an unspecified role in a hotel in Canada, I wonder? Perhaps they need someone to polish their emails. Some of the wording has a strong whiff of the West African 419, and after all, we're not short of editing talent round here. But as our colleagues at ESET Ireland pointed out recently, at a time when the global economy is in crisis, there are all too many people solving their own employment and financial problems by scamming the unemployed, and job scams are an obvious way of grabbing their attention.
Let's take a look at the danger signs we can see in some recent examples. Some text has been redacted and reformatted, but I haven't corrected spelling or grammar - I'm not here to make scammers look better.
Dear Sir/Madam,
Lack of personalization usually suggests spam, if not an outright scam. In this case the message was sent to a contact address, not a real person, which in itself indicates that the message was sent to a list of randomly harvested email addresses in the hope of finding a few victims. I can't say I'm not pestered from time to time by agencies wanting me to apply for positions that have very little to do with my skillset and employment history, but at least they usually know my name. Sometimes, however, the scammer does know something about you because he found your details on Craigslist or CareerBuilder, so the use of your real name is by no means a guarantee that the offer is genuine.
I am Miss Eliza Johnson from Canada,am The Manager Of Travelers Inn Hotel,The Hotel Need Man And Woman Who Can Work And Live In Traveler Inn Hotels here in Canada.
The lack of information on what these jobs actually are is highly suspicious. There are jobs that don't require any specific experience or vocational qualifications, of course, but if they can't even be bothered to invent a job title, that suggests that all they're interested in is in making money out of applications for a job that doesn't exist.
On the other hand, it's not unusual to see other versions of this scam where there's a long list of available jobs from pool attendant to restaurant manager. (The list below is extracted from one such message: hence the different text colour.) But is unemployment really so low in Canada that hotels are prepared to offer a packages like the one below for jobs that (in some cases at least) require no particular skills?
**Free Air Ticket To Canada
**Paid Vacation benefit
**Regular training and promotion
**Study scholarship to one child of each Employee
**Medical care and accommodation for full time employees pension and Gratuity
The hospitality industry must be a heck of a lot more generous than it was when I worked in pubs and hotels in the 70s... In fact, I've held senior management positions - rather more recently - that didn't include a relocation package as generous as that.
Contact Email : [hotel_related_name]@worker.com
This is a major red flag. While worker.com sounds like an appropriate domain for the content, it's actually one of around 200 domains offered by mail.com, a provider of free email accounts associated with a popular website provider. While this is an entirely legitimate service, the availability of addresses on domains like lawyer.com and accountant.com has obvious attractions for scammers looking for credible email addresses. (Though it's hard to imagine an address at politician.com inspiring much trust, but maybe that's just me.) Next time you're halfway tempted by an email with a confidence-inspiring reply address, that list of free address domains is worth *checking.
The yahoo.ca mail from which the mail appears to have been sent is not the address to reply to. This is a common feature of 419s. It's sometimes suggested that this is because they want a fallback address in case the other is closed down. (Yes, sometimes they are closed down, though not often enough.) In fact, the sender address is often forged. In such a case, the initial mail doesn't really come through a major mail service like Gmail because of the risk that it will be picked up by outgoing spam filters. (It may be that the scammer doesn't just send the first mail from his mail.com address because that service also has spam/AV filtering.)
The Hotel management will take care of your accommodation & flight ticket . Also exercise on your visa processing.
Scams like this almost invariably offer help with visa processing. In fact, if you follow one of these through (though that's not generally a good idea), you'll usually find that they insist on processing your visa. Not to ensure legality, but because this is advance fee fraud, and this is one of the fees they'll want to charge you for. However, there will probably be all sorts of other administrative fees and charges for purely imaginary services. I particularly like an example here where a job offer is dependent on the payment of £990 for an Active Secret UK Security Clearance Certificate and Affidavit of Oath of Terrorism. No doubt via Western Union, another legitimate service that scammers love.
If you have interest to work in the Hotel with us , please write to us back as soon as possible by copy and paste the email contact below :In order for us to move ahead in our selection process, could you please send your resume directly to the H.O.D Human Resources Department via their official email address been;
[name]@worker.com
Who would have thought that an organization large enough to have a Human Resources Department would be so tightfisted as to restrict it to a free email account on mail.com? The poor English is also an indication of malfeasance. However, there are variations on this theme that look far more convincing than this, better written and with graphical content that resembles real hotel site content.
they shall send to you the Hotel Official Application Form along with the job description details for you to choose the best position you can fit in for processing of your invitation and employment letterafter your resume/CV screening
Applicants Personal Information
Full Names.................
Date of Birth..............
Sex .......................
Country of Origin..........
Occupation.................
Marital Status.............
Job applied for............
International passport no......
One passport photograph..... (scan & attach)
Phone number......................
Residence Address.............
Resumes/Qualifications ... (if you have any)
I'm not sure why you would want to fill this in as well as the Hotel Official Application Form. I'd certainly worry about giving away any information that might be useful for identity theft. (A criminal could carry out a successful impersonation with a lot less than this.) Especially at the very beginning of the job interview process. Though in fact, there's no indication of an actual interview here, which is a big red flag in itself. However, sometimes there is a fake interview, usually over the telephone, so the offer of an interview is no guarantee that the job is genuine.
We wish you every success.
Best regards
Eliza Johnson
Good luck,And Welcome to Canada
Heartwarming. Unless you realize that this is a scam aimed at a particularly vulnerable social group, i.e. those who are desperate to find work. There's something particularly chilling about the fact that this kind of exploitation is so often carried out by people who use their own poverty and lack of employment to justify their criminal activities.
There's some good advice on the UK's Crimestoppers site for dealing with this kind of employment scam, which I've paraphrased here with some added thoughts.
- Check that the company exists
- If it does, check with the company directly that the jobs exist
- Be suspicious of poor English and presentation
- Get information about the visa process and costs from the embassy of the country where the job is offered. (Unfortunately, some countries do have a convoluted and outsourced visa application process: in such a case, though, I'd expect the embassy to be able to confirm the bona fides of an officially approved agency.)
- If they won't let you make independent travel and visa arrangements, be deeply suspicious. Actually, run like the wind in the opposite direction.
- Look out for email addresses from providers who offer free addresses with minimal or no identity checking.
Let's be careful out there...
* By the way, I'd love to know why chemist.com and atheist.com are considered suitable domains for musicians. Feel free to contact askeset@eset.com with your suggestions, but there's no prize. Not even iTunes credits. Scammers wishing to avail themselves of our editing services are also encouraged to write in: a good chuckle helps brighten a security blogger's day.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow