Preying on the job seekers

I’m now heading towards the end of an “era” as my time as a student is almost finished. That means, I can no longer delay getting a real “job” (not saying the one I currently have is not real), and that means having to deal with applying for jobs and getting spam sent to me by recruiters, or possibly malicious parties.

Advertisements

This time, I happened to receive a phishing e-mail. It looked very odd, made me feel suspicious and reassured at the same time. Someone was claiming there are job opportunities in my area with a company called “GJC Logistics Ltd”. Looking up company details definitely increased my suspicions, as the company appeared to be registered for barely 2 years, yet the money declared was less than £5k (so how would they afford to pay new staff?). They did seem to have a website, although, looking back to it, a lot of the features are not actually working.

phishing.PNG

(Click on the images to get a better view)

I suppose I should’ve got suspicious from just the fact someone tried to contact me for a job, not the other way around, not to mention the offer sounds too good to be true. I mean, c’mon 13.50 for a job where no experience is required?

I am a bit gullible by nature, and I really wanted to believe someone is actually interested to hire me and offer me decent pay! Sadly, that was not the case.

So yes, I tried to schedule an interview. In hindsight – bad move, what if I had downloaded something malicious? The interview was cancelled under the reason that something else has happened and that I’ll receive an e-mail about more information shortly. It was also rather odd that “Tim Marshall” who is a Recruitment Manager does not have a Linkedin profile.

The day after the interview was supposed to take place I received an e-mail telling me that they would like to make me an offer, although no formal interview has been conducted and sent me a copy of a contract with my name on it, which looked convincing enough. Close to my flat, 13.50 an hour, only aspect I didn’t like is that the job was too easy, and not very fulfilling (also, why would they pay 13.50 for a receptionist job, with no formal interview?).

There was a trick though:

phishing2

In order to complete the contract you needed to provide them with your NI# and a SC1 Basic, criminal background check, also including the name of a website that would be able to complete it. Thus, it became even clearer that something is definitely off about it, so I chose to investigate further.

Firstly, a criminal background check is called a DBS check (so why would you call it SC1 Basic?), and normally conducted by the employer not the employee. They try to convince you to pay for it by reassuring you they would pay you back for it during your first week. If they would pay back for it, why not conduct it themselves?

phishing3.PNG

Going to  www.smart-checks.com you get a list of features you can order, however you’d have to e-mail them to get a quote. So, since I didn’t have to pay anything for a quote,  I wanted to get more information. I received a reply within an hour with my quote – totalling it at £100 (typically £54), just for a criminal background check on fraud history (ironic, isn’t it?).

phishing4

So, they are trying to avoid “Merchant accounts” under the excuse the order would not be completed in time (in the e-mail “Tim Marshal” asks you to provide this in less than 10 days”).

Quite an elaborate phishing scheme, aiming at a large target pool (receptionist job, no experience required). They have attempted this scheme under several company names(e.g. Orange Duck Marketing), and websites for background checks (e.g. http://elitebackgroundchecks.com), however, Tim Marshall appears to be a common factor in most of them.

This is definitely not new, as it appears to be going on for over 2 years. The only possible explanation for it lasting so long is that the internet is still full of possible (uninformed) targets (and desperate job seekers).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s