Job Search Phishing
I’m not sure if I should be irate or flattered, but someone decided to use our Web site as the bait in an e-mail phishing scheme. In this particular instance, the emails suggested that a Company (Hybrid Forge Inc. – almost right but not quite…) either found your resume on Career Builder’s Web site, or suggested you had expressed interest. The catch: “During the training you will be paid by Hybrid Forge Inc. directly to your bank account.” (See some examples of the emails here)
Oh, so I just fill out an application, include my bank account details and you’ll start paying me?
Sounds too good to be true.
I certainly hope no one has been fooled by this. Thank you to the people who checked out our Web site and contacted us directly to let us know what was going on. We’ve since put up a notice on the home page of our site to let people know that these emails haven’t come from us and they are a phishing tactic used by fraudsters.
What else can be done? Well, for good measure we reported the event to Google (both return addresses were Gmail addresses), and the incident was reported to the Federal Trade Commission at spam@uce.gov. But let’s be real, this probably happens thousands of times a day. I doubt those actions will have much of an impact.
There’s lots of tips on how to avoid being phished on sites like APWG and Fraudwatch. As always, you’re exposed when you’re playing on the dirty-filthy Internet. Play it safe:
- Never give out any personal information
- If it sounds too good to be true, it is
On the plus side we’ve never had so much traffic to our Web site.
Update: We just heard back from one of our contacts at Google and the Gmail account used to originate the messages have been disabled.
