On Saturday morning I got a follow up reply to an email I hadn’t seen. The text of the original email was requesting an interview with me for a job I’d apparently applied for at a company whose name I kind of remembered (they’ll remain nameless since they’re entirely blameless in this circus). I replied in a curt but excited manner before going to sift through spam for the original email. My paranoid nature was doing its very best to tamp down the actual excitement I was feeling as they’d done a good job of baiting the hook.
“We’re urgently looking for a Security Analyst to fill in the open position that I think you would be a good fit for. We believe you are an excellent candidate and we would like to invite you for an interview.
It is a 100% remote and full-time position. Below is the proposed time and date:”
The time and date in question were a remarkably quick turn around, suspicious but it fit the narrative they were crafting around immediate need.
I hit the barbers Sunday as the interview was scheduled for first thing Monday morning and the state of my face was immediately determined by the authorities as “needing work”. A few minutes before I was scheduled for examination I emailed Cody (such a nice name!) and asked about a conference link. The reply was further evidence that my inner cynic was for once a friend instead of a foe.
“Hello,
Please confirm that you have received the interview questionnaire. The test questions are included. It's important to keep in mind that there are no "correct answers."”
I smirked; I looked way too good for this baloney. 90 minutes, 15 questions, and finally something that looked enough like a job description that the innocent inner geek I keep around for laughs momentarily felt hope. I hammered through the questions, dutifully ignoring lack of letterhead or any kind of control system. Amused by the formatting and font choices I played along and kept at it for 48 minutes. I didn’t even hate my answers looking back!
The remainder of the interaction slow rolled what I’ve come to suspect is a check fraud scheme. It’s possible they’re just gathering information, but the return on investment for that can’t really work out profit-wise, even if it is largely bot driven. Below is where they try and fix the hook.
“Congratulations! I am glad to inform you that due to your level of experience and your working skills, the company has decided to hire you as one of its Security Analysts. On behalf of the company, I congratulate you. You are now offered an opportunity to be part of the FauxCorp team”
The key points to note;
- Job is entirely work from home
- Training lasts between 5-7 days
- You’ll receive your duties every day via email
- They’d asked for an hourly rate, then offered above my ask
- We are going to be communicating virtually till after 5 days of working with us
- Before you start work, you will receive a payment(check) which will be used to set up your workspace by purchasing the office equipment and software needed to start your training and work.
- You must send the following details right away so that HR can register you and create your offer letter:
Your Full Name:
Full Home Address:
Phone number:
Your Email :
It was at this point where I went into full action confirming my suspicions. I emailed and messaged the company they were impersonating (down to the domain being the company's domain with careers appended to it), checked the domain for blacklist, dns, and registration info. Was not shocked to find it had been recently registered and pointed at a fairly generic host. A great deal of my skepticism about the offer came from the lack of a real site on the domain, they hadn’t even bothered with a forward to the companies site. Before I’d even had a real chance to enjoy my sleuthing the Linkedin message chime rang and I found my secondary confirmation that the mediocre but sincere attempt did not in fact come from FauxCorp, my friend Cody was a fraud!
It was around this time that Cody followed up (an hour after the initial request for my information) asking if I would please reply if I was still interested.
I debated for almost a day before I replied;
“Just a heads up, the company has confirmed my suspicions that this
isn't an offer coming from them. I am curious about the details of the
situation if you'd care to share.
Seems like an awful lot of work for a bit of information, and maybe a
canceled check refund set up.”
Sadly I’ve gotten no reply thus far, I’ll update this if it comes!
Comments