How I Was Almost Scammed
January 8th, 2024
Topics Discussed: Phishing, Social Engineering, and Open-Source Intelligence (OSINT).
For my first post, I will be discussing the time I was almost scammed while applying for jobs. I will also look at how to identify misleading e-mails to avoid being scammed by potential bad actors.
First, let's talk about how I found myself in this position and how I responded to it. On October 7th, 2023, I was emailed by an "HR Team" member with the company 'Avalon Flooring' about a job position titled Network Administrator. I thought great! I was in the process of applying for IT and Cybersecurity related jobs. During this time, I sent out many applications and because of this, I forgot which companies I applied to. The initial email seemed legit from the outset; it had a solid sounding email name 'edward@avalonflooringrecruit.com' and had a company logo in the signature. Being the expert that I am in this industry *sarcasm* I should have caught this. Below is a screenshot of the first email that reeled me in.
In the red rectangles you will see both the email name and the signature of the email. At a quick glance this all seems normal but upon further inspection something seems phishy. It simply states "HR Team". Typically, employees of companies will list their position title along with what department they work in within their company. If I had caught this sooner, it might have raised some red flags. Regardless, let’s see how this email chain progresses.
I replied letting "Edward" know that I was interested, and he followed up with an email containing an attachment. This attachment was a PDF file that required you to fill out your name and then answer a series of questions pertaining to computer networking. In this same document it further stated the work schedule, benefits, and the pay range for this position. So of course, I answered the questions to the best of my knowledge I had relating to computer networking and here was their response.
"Edward" let me know that his "team" would review my answers and decide as to whether I passed or not. To me this was the most realistic part of the scam. Using the sense of scarcity and urgency, these scammers can get potential job applicants invested. Additionally, it took two days to hear back from the "recruiter" and this is what made me feel like this was legit. We have all been there, waiting on edge to see if we progressed in the hiring process, especially a remote job with lucrative pay. However, the content within this final email is what triggered the alarm.
In this fourth and final email, I have highlighted the key indicators of this being a fraudulent job offer. While debatable, I feel that 60 USD an hour is a high amount of money and in my experience amounts like these are usually discussed during virtual or in person interviews. This also leads me to my next point, there was no intial phone call or virtual meeting, only email correspondence. This factor should have also trigged some alarms, however I was caught up in the idea of this person being legit, I did not think twice to question logical steps in the interviewing and hiring process. Next, a user ID and password will be given to a new employee after 5 days? This seems a little odd to me because there is usually an onboarding process when you sign an offer letter. During this process new employees will be instructed and supervised by team leads before being given full administrative control over systems. Finally, the most important part of this scame for these scammers was the check they were going to send me. This is how they make their profit.
According to the FTC (2022) "in a fake check scam, a person you don’t know asks you to deposit a check". In the red rectangle we will see that this individual is asking for my full complete name, full mailing address, and further contact information such as my phone number. I believe that this information would have been used to generate a fake check that would then be mailed directly to me. At this point in the scam, the scammer would then ask for money back from the victim. Often times the scammer will ask for this in the form of a gift card.
At this point I began to do a little digging. Starting with the basics, I found Avalon Flooring USA on LinkedIn.
From here I searched the employees list for "Edward Robinson", no luck. Then, I called their number to inform them about a potential scam going around that is using their name to support it. Next, I was connected with a helpful customer service representative, and she explained to me that this scam has been ongoing for a while.
Topics Discussed: Phishing, Social Engineering, and Open-Source Intelligence (OSINT).
For my first post, I will be discussing the time I was almost scammed while applying for jobs. I will also look at how to identify misleading e-mails to avoid being scammed by potential bad actors.
First, let's talk about how I found myself in this position and how I responded to it. On October 7th, 2023, I was emailed by an "HR Team" member with the company 'Avalon Flooring' about a job position titled Network Administrator. I thought great! I was in the process of applying for IT and Cybersecurity related jobs. During this time, I sent out many applications and because of this, I forgot which companies I applied to. The initial email seemed legit from the outset; it had a solid sounding email name 'edward@avalonflooringrecruit.com' and had a company logo in the signature. Being the expert that I am in this industry *sarcasm* I should have caught this. Below is a screenshot of the first email that reeled me in.
According to the FTC (2022) "in a fake check scam, a person you don’t know asks you to deposit a check". In the red rectangle we will see that this individual is asking for my full complete name, full mailing address, and further contact information such as my phone number. I believe that this information would have been used to generate a fake check that would then be mailed directly to me. At this point in the scam, the scammer would then ask for money back from the victim. Often times the scammer will ask for this in the form of a gift card.
At this point I began to do a little digging. Starting with the basics, I found Avalon Flooring USA on LinkedIn.
Key Takeaways
I believe there are some important topics to discuss within this scenario. This email is a cleverly crafted socially engineering scam that preys on individuals who are in search of a job.References
FTC. (2022). How to spot, avoid, and report fake check scams.