Sponsored by..

Thursday, 18 February 2016

Fake job: resume@gbjobsite.com

This fake job offer looks like it might be from the creators of the Dridex banking trojan. It comes with various subjects:
Cooperation with the great company
We offer new vacancy
employees needed
cooperation with an international company
hi!
The crisis has finished! Work with us!
beneficial offer
Wanted regional manageres
Hello!
partial occupation
Working with partial occupancy
beneficial proposition
The part-time employment

The body text is always very similar:
Hello!

We are looking for employees working remotely.

My name is yvon, am the personnel manager of a large UK company.
Most of the work you can do from home, that is, at a distance.
Salary is 1000£ - 4000£.

If you are interested in our offer, mail to us your answer on resume@gbjobsite.com and we will send you an extensive information as soon as possible.
Best regards!
Personal Staff 
The spam appears to originate from within the sender's own domain, but this is just a simple forgery. Emails sent to the domain gbjobsite.com are sent to an innocuous-looking but nonetheless evil IP of 172.246.47.65 (Enzu Inc, US). Nameservers are using the domain abcdns.biz. Domain registration details are either fake or anonymous.

The nature of the job is illegal, and will most likely involve money laundering, handling stolen goods or other fraudulent activities. Avoid at all costs.

2 comments:

Bob Coyne said...

What can I do to stop these?

SF said...

I get several of these daiyl from different e-mail adresses with different fake names inside, I never opened them.

But where the hell do they come from and how they got my adress?