Monday, August 11, 2014

Phishing Attempt Posing As Job Offer

I received this message three times within a week, each time from a different email address. It's worth mentioning that each of the senders' supposed addresses came from a CSUN.EDU (California State University, Northridge) account, which makes me think that each of these people received the email and clicked on the included link, which may have hijacked their accounts' and now the scammers are using them.

Whatever the case may be, here is what I received:
Dear Secret Shopper, 
Please click here to read about job description
www.Secretshopper.com
Regards,
© Secret Shopper Inc
Simple enough, eh? It looks just like a million other Secret Shopper scam letters being sent and received around the world.

But, it's not as innocent lame as you might think.

While most people might expect to actually go to SecretShopper.com - which is a real website, btw - when they click the link in the message, they are actually sent here
http://www.lencseonline.hu//components/com_contact/export.php
and obviously, this webpage is based in Budapest, Hungary.

But, don't worry, that account has already been terminated. When I visited the page myself, I found this image with these kind words posted at the top:

Oh Deer!

This Account Has Been Suspended.
Please contact the billing department as soon as possible. We will address your request during regular business hours.
Account Suspended
"Deer". Get it?

Yes, it seems that some of the scammers' intended victims filed enough complaints that the page was terminated. Either that, or the webhost detected unusual activity on its servers, investigated it and pulled the plug.

I have no idea how many people were actually affected by these clowns. Fortunately, they were stopped, for now.



Duane Browning
Post a Comment