Well paid job offer ends in data theft and disillusion

An e-mail offering a part-time job aims to trick people into believing they are presented with the opportunity to earn between $500 and $1,200 from the very first week of work. The teasing e-mail title (“This thing changed my life”) invites users to read the short message body and click the embedded link. You may think this has “scam” written all over, but then imagine a person in need for a job reading this and things suddenly are not so crystal-clear anymore.

The link takes users to an html page impersonating a newspaper with only the Finance category populated with a solitary article meant to build trust. This article presents the success stories of other employees whose lives have changed after taking up this offer.

The victim also learns from the article that the ideal candidate doesn”t need experience, studies, or other credentials that are usually critical to the success of a job interview. The only job requirement is to have a computer with an Internet connection. The training consultation is free of charge and, of course, the number of positions is limited.

The webpage points to an online form, where the applicants need to fill-in some personal information, including the email addresses and phone numbers. This appears to be a secondary purpose for the scammers. The primary scope being money collected in the form of a small start fee required from each applicant.

First time one fills-in the form, he or she “benefits” from a discount, asked to pay $ 4.97 worth of fee instead of $39.97. If the user leaves the page and tries to log-in a second time, he is required to pay $19.97, because the limited offer has just expired. This and the fact that the promotion ends tomorrow – Friday, November 11^th – is meant to make users anxious and maybe, just maybe, convince others to join in and benefit from this offer.

The tax form appears to be certified with a valid digital certificate, which leads users into believing this is a legit business. This would be a good time to forget everything you know about digital certificates: while the payment method is legitimate, the purpose is not, as all this money will end up in someone”s pockets and no well-paid job will be offered to any attendee. However, the certificate only authenticates the identity of the scammer, rather than the legitimacy of the transaction. Paying that fee, the user is in fact “donating” money to a stranger in return for a false promise.

Crooks invested a bit of time and effort into making this scam credible since the recipe is not new. They have appeared regularly in seasonal spam campaigns twice or thrice a year, but they mean to pay off since crooks reinvent this time and time again.

This article is based on the technical information provided courtesy of Doina Cosovan and Cătălin Liță, Bitdefender Virus Analysts.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.