A different kind of scam
Recently there has been a rise in phishing scams and other types of scams surrounding recruitment. This is performed via email, so not entirely following the attack vector of this blog (SMS) - but it follows the same theme and I wanted to call this out as I was recently targeted by one. The premise of this scam is that you receive an email from someone fraudulently posing as a "senior recruiter for senior level positions" at top companies like "Google, IBM, etc...". They claim that they came across my profile via LinkedIn and they would like me to forward my resume to them as they say "we have a good fit for you at the client we are working with".
Of course, I was intrigued. Why would I not? I receive communications from recruiters once in a while so this is not entirely unexpected. I did some digging, however, I couldn't find this person anywhere online and I could not find the company they claim they work for. Plus there was a slight misspelling in the email. This did raise some red flags but I went ahead and sent them my resume regardless.
After a few weeks, the recruiter emails me back saying that they have "received my resume" (weeks later which is immediately suspicious for a "Senior Executive Recruiter") and that they cc'd someone else who is leading the recruitment project. This person would reach out and schedule an interview call.
After this, I came across multiple accounts of recruitment scams that have been reported by the FBI & FTC. Essentially at some point in the process, the recruitment firm attempts to extract some sort of monetary value out of our email correspondence. Usually this is surrounding a follow up email by the recruitment firm claiming that they would love to schedule a call but they are having trouble uploading my resume to their candidate management system. They then go on to ask for me to send another email with a resume. I also referenced this blog, which solidified my belief that this was a scam attempt: https://www.techlicious.com/tip/how-to-avoid-fake-job-scams/comments-/CP4/
Long story short, I just received this email (below) from the recruiter that matches this story flow. What happens next is that if I send my resume to this person again, they will email me back in a few weeks to claim it still doesn't work and they will redirect me to some website that will charge me some arbitrary amount of money.
As a note, if you are unable to locate any individuals you are virtually corresponding with via LinkedIn, nor their company, and they claim to be Senior Executive Recruiters that take weeks to respond and then seemingly can't open a PDF (which in my experience is in direct contradiction to that level of role/experience you would expect) - please stop your correspondence immediately.
Lastly, it has come to my attention while looking into this that this is also a type of scam related to collecting personal identifiable information (PII) on a person. To what extent and why is a large question that we can't necessarily understand as there is no reason for the scammer to divulge that information. However, what we can do is make sure that any information you divulge on a resume is appropriate and if the information is divulged that it is either already publicly available or you are okay with being publicly available.
If you receive an email from anyone claiming to work for "The Lead Corp", or have the email of "email@example.com" or "firstname.lastname@example.org" please be cautious.
Two strange attempts
I had to make a post about these two recent texts that were received. Both are extremely strange in nature. The first here on the right, is a text stating that "We are unable to decline a charge...". What does that even mean? The shear oddity of this text would at least make someone click the link. Maybe that is the point. However, why would I receive a notification if a charge was UNABLE to be declined? Let alone, why would I need to verify this? It does hit on the same vein of text alerts of potential fraudulent charges that you may receive from you bank/card issuer.
"[ORGANIZATION]: We are unable to decline a charge, visit [LINK] to verify."
The next text that was received was out of this world. First, the sender of this text is outrageously fraudulent. Domain name of "jocemp.website"? I don't think that is in any way legitimate Next, the context of this text is that somehow I got locked out of my Amazon account, my account is suspended, and I need to take action by clicking this link. It is more clever. The login IP is suspect, I live in the West, so why would I be logging in from Turkey? However, the more I read this the more and more it reads like a phishing attempt. Since when does Amazon text you that your account was suspended due to an UNUSUAL login? It would just be an alert if anything. Lastly, the link that is provided is "...buildacool.com...". Red flags.
Bottom line, be vigilant - these phishing attempts are becoming more aware of our legitimate text alerts and are piggybacking off the structure. Best mode of practice is that if you didn't take an action that resulted in this text AND the link/sender looks odd - it is 100% a phishing attempt.
"Security Alert: We've suspend your [ORGANIZATION] account due to unusual login. [RANDOM IP]. Our system has suspend your [ORGANIZATION] account for security reasons. To unlock your [ORGANIZATION] account, please verify with link below [LINK]. You need to take action within 2 days before account will be suspended. Regards, [ORGANIZATION] Teams."
Welcome to my phishing documentation blog. You can see a running list of attempts HERE. If you experience a fraud attempt please report to the FTC here: LINK