Looking for a new job? Then the scammers want you!

Goodbye Job Security

Photo by Kayla Velasquez on Unsplash

By Mark Gibbs

*Article edited after publishing to correct an error

So, there you are, sitting in front of your computer at work bored and dreaming of new pastures, of striking out for new horizons, of boldly going where you've never gone before and, thwack! With the force of ten billion electrons give or take, an email lands in your inbox offering you a job! Ah, the mysterious workings of divine providence. You're intrigued. You just might take a chance and trade your job security and boredom for something new and exciting!

Here's such an offer I received a little while ago (spelling errors, grammatical lapses, and random formatting in this and all subsequent quotes are as per the originals):

From: <[email protected]>
Date: Fri, Jul 7, 2017 at 7:41 AM
Subject: New Candidates for Senior Administrative Assistant-!!
To:
Dear Applicant,
          Our HR Department has reviewed your resume for a Administrative Assistant, Customer service,Data entry, Data Analyst,Management, Project Manager, Sales,System Engineer Director, Social work and Payroll positions etc, and we are confident you will be able to perform all the duties attached to each positions after necessary training from our trusted supervisors.
The name of the company is   (NetApp INC). Your details have been forwarded to the Human Resources Department andMr Nityandha K, will be available to discuss the job details, pay scale, benefit and briefing about the opening in our company.
This is an immediate hire position, the interview will commence from 8am to 8 pm today and tomorrow make sure you are available within this period of time..
To participate furthermore with the interview: The supported platform for the interview is via Google Hangouts app for Gmail account users.
1.) Gmail account Users and non Gmail account users Option:
If you have a g mail account you can use it as your login details for the Google Hangouts App.  If not You can also have a G mail account setupvia this webpage ( mail.google.com) after that, you areto have a Google Hangoutsapp installed via this webpageto your phone or laptop (  https://hangouts.google.com) .
After this process is done, you are to invite the interview manager upon his Google Hangout app at ([email protected] )  After doing that you are to message Him with your verification code to proceed further more with the interview… He will be online waiting to proceed with you. Thank you.
Time : 8 am-8pm EST.
Venue :  Google Hangout s App for G mail account users.
Regards.
Human Resources Dept.
Admin.

Most likely to your experienced, world-weary, and relentlessly critical eye, this message positively screams, "scam" but, alas, many of your fellow citizens will be fooled; in 2016 alone the Federal Trade Commission received 1.3 million fraud reports involving a total loss of $744 million of which around 8% or $59 million was due to a scam via email (and remember that many people who get scammed don't bother reporting their loss).

Now, the above pitch is actually one of the better ones I've seen and it piqued my curiosity. So it was at 9:30AM on the day I received the pitch—and with evil and malice in my heart—that I opened a Google Hangout chat with "Mr Nityandha K." of "NetApp INC."

It was obvious from the start that English was not Nityandha K.'s mother tongue and the delays in responding implied that I was not the only potential victim he or she was grooming. Here's Nityandha's completely convincing LinkedIn profile picture:

netapp-profile-picture.png

I love this because nothing says "NetApp corporate executive" like a scruffy beard, multi-colored sunglasses frames, a mug of IHOP coffee, and someone apparently bestowing bunny ears on you. I've tried to find the original photo but so far, no luck; if you know anything about who this might be, please let me know.

Over the course of the next few hours, Nityandha "persuaded" me to accept a job with "NetApp" then sent me a PDF containing the image of a check for $3,000 for "equipment" for my "employment" to be deposited by the Bank of America iOS app into my BofA account (I have neither). Nityandha then wanted to see that the check had been deposited so I had to scramble to find a screenshot of the app and edit it in Photoshop. Voila!

 
front-back-check.png
 

He then wanted to see a screenshot of my account showing how much was credited so again, I turned to Photoshop and modified another screenshot:

 
bank-details-overview.png
 

Despite the account number changing, Nityandha seemed to believe BofA had released $300 so now my account had $1,252.13 available. He instructed me to transfer $1,050 as the first payment for "equipment" to the following account:

Bank name: BB & T bank
Account holder name: Cheryl Murphy
Account type: Checking account
Account number: 0000247060790
Rounting number: 263191387
 Zip code: 33701

The account is, of course, at a bank in Florida (where else would it be?) and, yes, he wrote "Rounting number." He now wanted to see that the transfer had been done so it was back to editing screenshots:

 
success.png
 

By now it was—and I am not making this up—5:30PM! He had spent five hours grooming me and he seemed pretty happy:

NK: You have done well so far for today..
Me: Thanks. What's next?
NK: I need you to be prompt here on Hangout, 8:00 AM tomorrow your time. Okay?
Me: I can't get online until about 9:30, I've got a doctor's appointment.
Okay..
NK: Report online 10am, okay?
Me: Okay. See you then. By the way, where are you located?
NK: All we need from you is good work and trust,you will enjoy every moment working with us.
NK: I believe the company can ensure your commitment and full trust right ?
Me: Sure, but who do I contact? Should I use the main number?
NK: You will be reporting directly to me on here..
Me: Do you have direct phone number?
NK: Yes, you will be contacted
Me: I've got a couple of friends who might be interested in this kind of work.
NK: Okay.. Let's talk about that tomorrow morning okay?
Me: Hope, to begin with, you and working with you will be our pleasure.
NK: Bye and have a wonderful night ahead. Stay Blessed. Goodnight.

I sure felt blessed. It's worth noting that he believed I had a doctor's appointment on a Saturday, which meant he knew nothing about the U.S. healthcare system—or lack thereof.

Before I continue, I should explain what scam Nityandha was trying to pull. As you probably know, when you make a deposit your bank will usually release a percentage of the value on the understanding that if the check doesn't clear, they'll take the money back. I'm told that when you deposit via a banking app, clearing can take considerably longer than the typical one business day needed for an in-bank or ATM deposit and add to that this whole exchange started on a Friday, Nityandha had perhaps four, maybe five, days before the deposit failed to clear.

*Thus, after the funds I had supposedly transferred had cleared to the proxy's bank followed by my bank reversing the released funds from the deposit, I would be out $1,050 and Nityandha and his cronies would have had my money.

The next day, Saturday, I logged onto Hangouts at 10AM as arranged and he gave me a BS essay to write. I found a chunk of text online and waited until 4PM, and then sent it to him. He obviously didn't read it because he said "well done" and asked me to connect the next day, Sunday. I said I couldn't as it was my mother's 80th birthday party and we agreed to reconnect on Monday. My storytelling was just getting started.

Throughout these exchanges, I was trying to get clues as to who and where he really was but he didn't give anything away. We'd exchanged email several times but email tracking doesn't work with Gmail accounts (the front end caching put an end to that a few years ago) and he wasn't about to make it easy.

I contacted the proxy's bank which politely thanked me but that was it, I've heard nothing from them since. The same applies to the Secret Service and FBI, which I filed reports with but I'm told the crime wasn't of a high enough value for them to be immediately interested and if my reports contribute to bigger investigations, I might hear something in six months or more, if I'm lucky.

Over the next couple of days I was busy and so I avoided connecting with him. When I did, he got a little pushy so I told him that my mother had had a heart attack during her birthday party and I'd been at the hospital and my phone had died. He relented, said he was sorry to hear that, then started to give me more nonsense tasks to do but I said my brother was waiting to drive me to the hospital to see my mother and I'd have to go.

I also told him I'd received a UPS shipping notification but it didn't say whom it was from. I asked whether he could check out the notification and reroute as necessary then emailed him a rigged email. In this message, if he clicked on the tracking ID it would send his browser to my server first where a PHP script would silently grab his real IP address and his browser profile then redirect immediately to the UPS site but, damn it, his grasp of scamming was obviously better than his grasp of English so he didn't take the bait.

Anyway, to cut the rest of a very long story kind of shortish, over the next week or so, as far as he was concerned, I'd gone back to the hospital to visit my mother, been in a car accident on the way to the hospital and broken my leg, been on serious pain killers and totally gorked for a few days, then my mother's health had improved, and, and, and … At one point Nityandha told me that he'd learned the transfer had been cancelled and asked me to check it out but, posing as my brother, I told him that I'd had complications and had to be admitted to the hospital for surgery.

While all of this was going on, I was consulting with lots of smart people I know (thanks IRRen) as to what I could do to track the bastard down but, alas, there was nothing more to be done. I do have another ploy to try but I've not had time to attempt it and it may be too late anyway.

Now, why do I tell you this slightly tedious but somewhat amusing tale of scammer-baiting? I do so because there are thousands of people online who get conned every day and from the amount of time ol' Nityandha put in to grooming me, you can guess he must be making a reasonable amount for his trouble.

But here's another thing: Nityandha has set up a LinkedIn profile that claims he is a NetApp employee and apparently NetApp isn't aware of this or maybe doesn't care. I have since received two more job offer messages from different fake NetApp "recruiters" with LinkedIn accounts so there are at least three fakes working the Intertubes.

Should this matter to NetApp? Absolutely! And it should matter to every company that any one might be falsely claiming to work for or be associated with them; it's all about defending your corporate credibility and brand.

So, if you're a big company and you're not looking for imposters, you're making a big mistake. And if you, as an individual, get a job offer emailed to you out of the blue apparently from a big company, it's pretty much a certainty you're going to loose out big time if you get "employed." If you want job security, random Internet offers are not the way to go.

Next week, drones attack.


About Mark Gibbs

Mark is the author of four best-selling computer networking book titles and was a syndicated journalist and columnist for 24 years writing for Network World, Computer World, and other IDG publications.

More About Mark