Sophisticated employment phishing

I got something interesting in the e-mail today. Note that such phishing attempts are not uncommon for overeducated lumpenproles like me (I personally get at least three robocalls per day from various “employment services”, and that doesn’t even include “sales opportunities” which are at least real). This one is significant for its relative sophistication, and passing the Gmail spam filter.

Below, I will explore some implications of this incipient phenomenon. We here at da blergh like to stay ahead of the curve, and to refer to ourselves by invoking the royal “we”.


Subject: Hello $myName. Vacancy is opened. O-N-9426-37
Sender: Shavonna D. Littleton

Our Logistics company is in search of competent candidates for the position of Procurement Manager.

Our requirements for those who would like to be comcerned are not strict:
-Authorized to work in the USA;
-Must have an individual initiative and flexibility in a dynamic enviroment to accomplish his/her tasks meeting deadlines;
-Solid comminication skills (both verbal and written) and interpersonal skills.

VACANCY INFO:
-Base pay rate is about: USD 83,760+ yearly plus regular bonuses;
-Buy goods and services for our customers all round the world;
-Ensure safe and timely delivery of goods;
-Generate requisite documentation according to schedule.
-Your resume copy will be a great advantage.

Dear candidates, feel free to inform us and we will provide you an Application Form.
Thank you for considering our offer.


Now, if I weren’t such a sensible, salt-of-the-earth type (ha!) this might be somewhat believable. If I showed this to my parents, I’m 100% certain they would lend me money and demand I wire it to this Nigerian princess. Fortunately, they’ve been conspicuously making bad financial decisions for decades so I don’t even feel the temptation to show it to them.

Why do we know it’s fake? The first reason is that headhunters are lazy, people-stupid, and risk-averse. No “headhunter” is interested in filling entry-level jobs with underutilized talent, they are all looking to shuffle superstars with long resumes between competitors, and skim a small percentage of the worker’s increase in yearly income. The second reason is that 84K is an absurdly high number for an unskilled entry-level candidate, but I only know this from my incredible reserve of common sense (ha!). It’s plausible that a random barista with a master’s degree would believe that number and fill out an employment application with his or her SSN. The third reason is that no legit business seeks out talent proactively, preferring to hire whoever walks through the door with the right demographics and a warm smile. Now, I’m not saying this is smart on their part- 80% of good management is hiring- but it’s normal. Businesses are so used to having overwhelming “hand” that they are incapable of even imagining that taking the initiative would make them a lot more money and save work in the long run.

So what it comes down to is that this is a mass e-mail offering a high-paying management position, ergo spam.

(One thing to get out of the way is the small but non-negligible possibility that I’ve attracted a little extra NSA attention by helping to create the SJW list. It wouldn’t be unreasonable considering their budget, their ceaseless hunt for the great white defendant, and the fact that I’ve possibly made personal enemies of several Google, Facebook, and Twitter employees. Social justice warriors are the Silicon Valley version of regulatory capture. But let’s not get out of hand- even if I get randomly SWATed by an SJW, that’s probably going to work against the Narrative.)

If we disregard the possibility that I’m special, that means this prototypical e-mail indicates a new wave of sophisticated phishing attempts preying on the new college-educated underclass, and their hopes to somehow break into the shrinking middle class. Let’s look at what we can learn.

Whoever wrote this e-mail is extremely familiar with the hiring process and culture in America. The sender has a female name, slightly black (but not quite ghetto), and the subject heading includes a (fake) job number. So the sender is a very precise archetype of the HR worker. If the salary hadn’t popped out as absurd, it is not immediately obvious that it’s spam- at first glance it seems legit. This was not written by a Russian, a Nigerian, or even a European with excellent English. This was written by an American. If anything, it errs on the side of being too concise: I’ve never seen a real job posting that wasn’t filled with two dozen garbage bullet points, even for the most mundane job like the one I’m doing right now (“take groceries out of boxes and put them on shelves…that’s it”). The bullet points it does include are generic, but they would not be out of place on a legit job posting.

(I know, I know, smart Americans predating on fellow Americans for financial gain? Well I never. It’s like the farmers and small businesses who hire Mexican day laborers, you’d almost think they aren’t motivated by the altruistic desire to offer those poor people an opportunity to work hard and succeed.)

What this suggests is that these will become even more sophisticated and thus extremely dangerous in the very near future. Probably they’ll knock the salary number down to something more believable but still desirable like 40K (desirable if you’re a barista or grocery boy with an MS and student loan payments to match). Because it’s a mass e-mail, they have to use generic bullet points- but they might fill it out a bit or change things around to throw off human pattern recognition.

For the time being, here is a starter list for ways to distinguish this particular fraud from genuine employment offers:

1. The name of the business is not included in the e-mail.
2. It is not possible to find a corresponding job posting on a company’s web site or a job site like Monster.
3. There are no hyperlinks or contact information other than the return address from a generic e-mail service.
4. The e-mail is somehow too good to be true. Maybe it offers a high salary and high-status, white-collar work to generic unskilled candidates. (See the explanation above.)
5. Offers to send you an application form, which undoubtedly requests personal information (i.e. SSN) that can be used to easily commit identity theft. Unfortunately, 99% of legitimate job offers also require this pretty much right off the bat.
6. The offer is completely unsolicited. If you haven’t already expressed an interest through their website or network connections, it’s probably a financial trap.

Last thought: what does it say about our economy that such a high-effort, high-risk fraud seemed like a good bet to some enterprising and smart native spam artist?

Advertisements

About Aeoli Pera

Maybe do this later?
This entry was posted in Uncategorized. Bookmark the permalink.

16 Responses to Sophisticated employment phishing

  1. Young Heaving Bosoms of Liberty says:

    -Generate requisite documentation according to schedule.
    -Your resume copy will be a great advantage.

    C’mon, Aeoli, you can practically smell the curry reek rising off this.

    • Aeoli Pera says:

      That hadn’t occurred to me and I don’t consider it obvious, though I’d take your word for it. Have you seen this already?

      • Young Heaving Bosoms of Liberty says:

        I don’t even understand what “your resume copy will be a great advantage” is supposed to mean.

        • Aeoli Pera says:

          I took it to mean the position was an opportunity to buff up one’s credentials. Maybe it’s because I’m a prole, but in my experience this is not unusually poor writing. I had a boss once who couldn’t spell his name correctly on a regular basis. (Despite having an IQ in the 70s, he was probably a millionaire.)

      • Young Heaving Bosoms of Liberty says:

        Please to be generating the requisite documentation, according to schedule. Vhart is wrong?

  2. XOF says:

    Second sentence, immediately obvious it is rubbish. “Our requirements for those who would like to be comcerned are not strict:”

  3. You know damn well who this is asshole says:

    Two things:

    Firstly a Question: Do you have your account linked with LinkedIn or any of the other farmer websites?

    Secondly: “One thing to get out of the way is the small but non-negligible possibility that I’ve attracted a little extra NSA attention by helping to create the SJW list.” If your ISP starts acting funny you will know you are being watched. That is to say your internet will go out for no reason while connected to Ethernet. It usually happens later at night.

    • Heaviside says:

      >One thing to get out of the way is the small but non-negligible possibility that I’ve attracted a little extra NSA attention by helping to create the SJW list.

      They are probs too busy sacrificing goats at INSCOM.

      >One thing to get out of the way is the small but non-negligible possibility that I’ve attracted a little extra NSA attention by helping to create the SJW list.

      If your dreams will start to become funny, you will know you are being remote viewed.

      • Jdc says:

        Do you really believe that?

      • Aeoli Pera says:

        >They are probs too busy sacrificing goats at INSCOM.

        I think they have bigger fish to fry, like that Reddit stuff jsl has been talking about.

        >If your dreams will start to become funny, you will know you are being remote viewed.

        My dreams are so weird to begin with that it might be impossible to tell the difference. For instance, last night’s included a rainbow made of yellow light (like the sun) which danced around the sky like a ribbon, followed by a deluge. In a theme park.

        I will say this, my sleeping schedule has been extremely disturbed lately.

    • Jdc says:

      We’re probably all being watched in some capacity or the other. ISP outages late at night are usually due to software upgrades as that’s the most opportune time.

    • Aeoli Pera says:

      1. Yes.

      2. Thank you, I haven’t noticed that in particular.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s