The spam comes from a fake address, delivered from an illegally compromised PC. In this example, the spam appears to come from firstname.lastname@example.org (which is fake) through a well-known spam server in China, 188.8.131.52. Of course, faking the sender address breaks the CAN SPAM act in the US (where the sender pretends to be), as does the lack of real contact details.
Date: Sat, 3 Dec 2011 11:15:17 +0800
From: "Ralph Nguyen" [email@example.com]
Subject: Please Complete Your Job Application
Thank you for expressing your interest in open employment openings in your area.
We are happy to inform you that our placement specialists will be reviewing
available positions for you within the next hour.
Based on your profile, you may qualify for opportunities currently available with a monthly salary in the
$4000 to $8700 range.
To maximize your earnings potential, please complete our full application form first:
In addition to a highly competitive base pay, applicants that qualify will also enjoy additional benefits such as:
* 2 wks. paid vacation time (per annum);
* Tuition allowance;
* full benefits package
* generous retirement plan
To retain your priority placement, please complete your application at your earliest convenience.
We look forward to finding the right job for you.
Bringing the best candidates and the right jobs together.
The link forwards to rocksmithmanagement.com (but it could be any one of a variety of similarly named scam sites), as listed here.
Of note is the phone number on the first screen - (240) 718-4632 is listed in a number of similar scam sites. I don't know if it is valid or not, it might even belong to a legitimate company. There is no point in ringing it in any case as the scam unfolrd..
The next page is more worrying as it harvests personal details such as your name, phone number and email address. Yes, that would be acceptable for a job site.. but these details are not used at all by this process, so presumably they will be used for spamming purposes.
If you click on the prominent "Clicking Here" link, you get redirected through referer.us/moxiinternal.go2cloud.org/aff_c?offer_id=2&aff_id=1002&aff_sub=020 to a site called sixfigurekit.com run by an outfit called the "Six Figure Program". The BBB rates the Six Figure Programs as an F in Florida, an F in Illinois but bizarrely a B in New York. On balance it looks pretty poor.
Regardless of where or not the Six Figure Program is a legitimate business or not, it certainly isn't a credit check.. and in this case the spam victim has been duped into clicking the link in order to be exposed to this frankly ridiculous scheme.
So what happens if the victim clicks on the other link on the page? They simply get redirected to a page on indeed.com (branded "RockGrade Management" / rockgrademanagement.com) which returns exactly the same results as if the victim had gone directly to indeed.com in the first place.
But wait.. remember the name, phone number and email address you supplied? What happened to them? They're not needed for indeed.com, so it looks likely that the victim has just given themselves up for even more spam.
All the evidence that I have been able to find links this to a site called websitedesignbrisbane.org in Australia. You can complain about Australian companies at ACMA, although it is difficult to identify exactly which company runs that particular site, but it bills itself as "Jetstream Web Site Design + SEO", presumably of Brisbane.