by Diamond
Wed Apr 24, 2013 1:52 pm
It seems that I have received a scam email today which means a slightly more complicated scheme of scamming than just stupid scam emails with lots of spelling mistakes and nonexistent companies. This time the company is supposed to be from Russia and being Russian myself, I was interested at first. However, I quickly became suspicious, because although the email was much more readable than most of these scams, it still gave no exact position name, location, it was difficult to understand what exactly the company's business was, and it looked as if the"job" is to process payments part-time, also something about "virtual office", while the starting salary was already $2500 for part-time, while the requirements were very primitive. Finally, the email itself came from a free mailbox, not from a company one. All the familiar indicators of good old money mule recruiting scam.
I searched for ICN Software Labs in the Web and came up with a website called IcnLabs.com. It really seems at first that there is such a company and the business is some "software for mining industry" which sounds strange and their products do not seem to make much sense. But I know that there are sites specially created by scammers to lure people and make them believe they are real. So, when I saw the report from the WhoIs server for this site, I clicked on it and found out the following:
As I understand, it means that the address was registered only this year and for a minimal term of 1 year (tell me if I misunderstood this), so this is one more detail pointing to scam. So here's the text of the email itself:
And here are the headers:
I searched for ICN Software Labs in the Web and came up with a website called IcnLabs.com. It really seems at first that there is such a company and the business is some "software for mining industry" which sounds strange and their products do not seem to make much sense. But I know that there are sites specially created by scammers to lure people and make them believe they are real. So, when I saw the report from the WhoIs server for this site, I clicked on it and found out the following:
Registration
ICANN Registrar:
ONLINENIC, INC.
Created:
2013-01-08
Expires:
2014-01-08 Backorder Now or Hire a domain broker
Updated:
2013-01-08
Registrar Status:
clientTransferProhibited
Name Server:
NS1.JINO.RU (has 18,136 domains)
NS2.JINO.RU (has 18,136 domains)
Whois Server:
whois.onlinenic.com
As I understand, it means that the address was registered only this year and for a minimal term of 1 year (tell me if I misunderstood this), so this is one more detail pointing to scam. So here's the text of the email itself:
Dear XXXX XXXXX,
My name is Denis Morozov and I am the Senior Manager of HR department with ICN Software Labs. Following a thorough review of your resume published on CareerBuilder.com we decided to include you in the list of the candidates for the Payments Coordinator position. Below you can take a look at an overview on our company and detailed information about the open position.Our company has been tackling the most challenging tasks of varied oil E&P companies since 1993. Over 20 years of fruitful cooperation with customers from Russia and the CIS countries we have gained plenty of unique practical experience. The services we offer respond to a wide array of the customer needs; starting from universal business automation to development of sophisticated information systems and procurement of equipment by the world's leading vendors. Over the past five years we have opened branches in Kazakhstan and Poland, which helped us to provide equally high-quality services to clients both in Western and Eastern Europe and avoid working with agents. Since our company has seen an influx of orders from the US customers, we are planning to expand our presence in the United States. Currently we are performing a preliminary selection of employees to hire for our international sales department.
POSITION NAME : Payments Coordinator
EMPLOYMENT TYPE : Part-time / Virtual Office
YOUR REFERENCE # : SD/0114
JOB RESPONSIBILITIES:: Receiving and processing payments made by local customers :: Making sure that the funds are always credited to the bank account of the company's head office on time:: Keeping contacts with the sales department head officer to talk over topical work-related issues :: Performing accounting activities and preparing reports on the effected transactions regularly
JOB REQUIREMENTS:: Must have the US work permit:: Must be a skilled user of MS Office solutions like Word, Excel and Outlook :: Must show remarkable social and organizational skills:: Must be able to work effectively both when working in a team and on his/her own
BENEFITS:: Part-time work daily):: Stable salary of $2,500 monthly:: Flexible reward system:: Career opportunities In case you wish to proceed with the employment, simply notify us by answering to this message. Mind that you need to include the Reference Number SD/0114 in the subject line of your answer. Our specialists will give you a reply within 2 or 3 business days.
PLEASE BEAR IT IN MIND!HAVE IT IN MIND! You have been sent this letter since you posted your CV to a third-party web-site which provides public access to CVs uploaded by users. In case you do not answer to this message, we will erase your e-mail address from our database and no further contact will be made.====With kindest regards,Denis Morozov HR Senior ManagerICN Software Ltd
And here are the headers:
Delivered-To: [email protected]
Received: by 10.76.171.198 with SMTP id aw6csp160888oac; Wed, 24 Apr 2013 04:10:45 -0700 (PDT)
X-Received: by 10.66.190.2 with SMTP id gm2mr18796464pac.25.1366801844910; Wed, 24 Apr 2013 04:10:44 -0700 (PDT)
Return-Path: <[email protected]>
Received: from outbound-ss-71.bluehost.com (outbound-ss-71.bluehost.com. [67.222.46.51]) by mx.google.com with SMTP id gl1si2530860pac.264.2013.04.24.04.10.43 for <[email protected]>; Wed, 24 Apr 2013 04:10:44 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 67.222.46.51 as permitted sender) client-ip=67.222.46.51;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 67.222.46.51 as permitted sender) [email protected]
Message-Id: <5177bdb4.e1bd420a.484b.ffffd3a3SMTPIN_ADDED_MISSING@mx.google.com>
Received: (qmail 8279 invoked by uid 0); 24 Apr 2013 11:10:43 -0000
Received: from unknown (HELO box305.bluehost.com) (69.89.31.105) by cpsoproxy1.bluehost.com with SMTP; 24 Apr 2013 11:10:43 -0000
Received: from localhost ([127.0.0.1]:57638 helo=box305.bluehost.com) by box305.bluehost.com with esmtp (Exim 4.80) (envelope-from <[email protected]>) id 1UUxb1-0001AS-88 for [email protected];
Wed, 24 Apr 2013 05:10:43 -0600 Date: Wed, 24 Apr 2013 05:10:43 -0600
To: [email protected]
Subject: =?UTF-8?B?UG9zaXRpb24gb2ZmZXIgZm9yIFJvbWFuIEthc3Bhcm92ICE=?= X-PHP-Script: http://www.novebytes.com/wp-admin/wp.modules.php for 64.27.23.80
From: [email protected]
Reply-To: [email protected]
Errors-To: [email protected]
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Identified-User: {:box305.bluehost.com:xtwootwo:box305.bluehost.com} {sentby:program running on server}
