Posing as a target in an employment scam to see how deep the rabbit hole goes…
This afternoon (8/30/17), I was checking up on all the chats I missed on Slack while I was away on my epic adventure. I noticed that in one of our local security groups, someone mentioned that a scammer was impersonating a company employee, and attempting to trick people by means of offering them a job. Intrigued, I asked if anyone had followed up… and to my delight, no one had.
Note: Names of some of the affected people and companies have been anonymized per request.
Red Flag #1: The “employee’s” email address was firstname.lastname@example.org.
They were impersonating a real person who works at The IT Company, a managed IT services provider.
Step 1: Engage the Scammer
I knew the pretext already, so I emailed the scammer’s email with a rather… enticing request. If you’re gonna investigate a scam, you’re gonna have to appear to be as easy going and be as much of a victim as possible. You’ll see that more as the conversation goes on.
Simple enough, right? I’m just a candidate looking for a job. 7 minutes later, they replied.
Red Flag#2: The reply was poorly worded and appeared to be a jumbled copy/paste.
Again, I’m trying to play the victim, so I just pretended that everything was groovy. After all, I’m hoping to get enough information from the scammers to actually shut them down.
It’s interesting to note that the scammer is using an actual identity and picture of one of the employees of The IT Company. However, after looking at the “Meet Our People”, it’s seems the identity the scammers are using wouldn’t be conducting technical interviews in the real world.
Red Flag #3: The scammer then wants to use Google Hangouts from this point forward to communicate.
If you ever find yourself in a similar scenario, try to find the job posting listed on the “jobs” page on the company website. I’ve also found that Glassdoor is a great resource for this.
Step 2: Answer Enthusiastically to Everything!
From this point forward, all communications were done over Google Hangouts. This is how they conducted their “job interview.” If all of this sounds fishy, it’s because it is VERY fishy (or phishy… heh).
Take note that they say “your quick response is highly appreciated” in an effort to create a sense of urgency and rush me through the process. I assume this is similar to pushy sales techniques found at used car lots, and could also be another red flag.
Again, you can see the poor copy paste job from our scammer. I was trying to emulate an actual interview and asked about negotiating salary, and this is where I thought I goofed, but they didn’t seem to care, and I never brought it up again. I was trying to go through this with as little friction as possible.
I also noticed that anytime I asked a question that may have them deviate from their script, they would tell me that they would ask or inform Human Resources. This leads me to believe that I’m just talking to a lower level minion.
I continue on, attempting to establish rapport. One way I do this is by complaining about “bad places” I’ve worked after the scammer tells me what a fun place it will be to work! I’ve found that people love to complain, and you can actually build rapport by complaining with them.
The rest of the interview is just making up answers to their questions. In the end, I don’t think the answers mattered too much, but it was better to be safe than sorry.
Eventually (below) they ask about payment information and whether I prefer check or direct deposit. Due to information given to me about a previous victim, I know how they handle direct deposit: once they have your account number and routing number, they empty your account. Yes, unfortunately it’s just that easy to take someone’s money. Knowing this, and wanting to see how they handle the other option, I decide to go with a check.
This doesn’t seem to faze them, but later they seem to have a way to scam me out of my money regardless, in that they insist I buy my equipment from their “preferred vendor” (they never gave a name).
Guess what everyone!? I’m hired!!! Wow, all my dreams are coming true!
Part 2, coming soon!
In the next part of the series, we will uncover the responsibilities of my new position, learn of other companies involved in the scam, utilize some PDF analysis to try to uncover more details about the scammers, and most importantly, figure out how I’m going to be paid in my new job!
*** This is a Security Bloggers Network syndicated blog from Savage Security Blog - Medium authored by Kyle Bubp. Read the original post at: https://blog.savagesec.com/scammer-meet-hacker-part-1-287144fd84b6?source=rss----8fb937e95e56---4