Scamy looking e-mail

What does it take to look like a job scam email?

There are a number of things to notice about this. In no particular order, and each by itself doesn’t necessarily say scam, but added up, if you proceed, it should be with caution.

  1. The “From” doesn’t match the name at the bottom of the Email.
  2. The “From” doesn’t match the person referenced in email, and there is no explanation about the individual sending the email being a recruiter, or setting up a meeting for someone else.
  3. The “To” isn’t addressed to me, or even someone I know.
  4. The person wants to communicate via Google Hangout instead of official email or phone call from the company they supposedly represent (in this case, Tricostar).
  5. None of the email addresses listed (From, Reply-To, etc) are Tricostar.
  6. How often does the Board of Directors of a successful company do the hiring of receptionists, data entry personel, or administrative assistants? The board is busy dealing with guiding the executive suite.
  7. The grammer is pretty bad, even by today’s (lack of) standards.
  8. The email is sent from a free email service.

What does it look like?

Here is the email, complete with headers so you can see all the details.

Return-Path: <kissspager@dcemail.com>
Delivered-To: <louisk @cryptomonkeys.org>
Received: from mail.example.com
	by mail.example.com (Dovecot) with LMTP id S3n7MLfIk1ZWfQEAKZf1vA
	for <louisk @cryptomonkeys.org>; Mon, 11 Jan 2016 07:22:31 -0800
Received: from localhost (localhost [127.0.0.1])
	by mail.example.com (Postfix) with ESMTP id AA7BC1A68FC9
	for <louisk @cryptomonkeys.org>; Mon, 11 Jan 2016 07:22:31 -0800 (PST)
Received: from mail.example.com ([127.0.0.1])
 by localhost (mail.example.com [127.0.0.1]) (maiad, port 10024) with ESMTP
 id 97510-03 for <louisk @cryptomonkeys.org>;
 Mon, 11 Jan 2016 07:22:30 -0800 (PST)
X-Greylist:
Received: from imta-37.everyone.net (sitemail3.everyone.net [216.200.145.37])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.example.com (Postfix) with ESMTPS id 737151A688DF
	for <louisk @cryptomonkeys.org>; Mon, 11 Jan 2016 07:22:30 -0800 (PST)
Received: from pps.filterd (localhost.localdomain [127.0.0.1])
	by imta-38.everyone.net (8.14.5/8.14.5) with SMTP id u0BDo3GD020198;
	Mon, 11 Jan 2016 05:55:02 -0800
X-Eon-Originating-Account: nMUOZ7QILgmbCAvPvvqErMRRSK8WB2rGhuVfP-QodLIEegaulTHVGdmWkQlcly6x
X-Eon-Dm: m0087469.ppops.net
Received: by m0087795.mta.everyone.net (EON-PICKUP)
	id m0087795.5672ed2e.24779; Mon, 11 Jan 2016 05:55:01 -0800
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Message-Id: <20160111055501.B0E8061C@m0087795.ppops.net>
date = Mon, 11 Jan 2016 05:55:01 -0800
From: "Kelly Edmonds" <Kissspager@dcemail.com>
Reply-To: <Kissspager@dcemail.com>
To: <kelseyarthur54@gmail.com>
Subject: JOB OPENING WITH TRICOSTAR COMPANY LIMITED
Content-Transfer-Encoding: base64
X-Eon-Sig: AQPb9hpWk7Q1dIgDEQEAAAAL,c1531544ed17720840bc14816af1a5e7
X-Originating-Ip: 108.59.10.153
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.15.21,1.0.33,0.0.0000
 definitions=2016-01-11_08:2016-01-11,2016-01-11,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=10
 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=7.0.1-1511060000 definitions=main-1601110247
X-Virus-Scanned: Maia Mailguard 1.0.3
X-Spam-Status: Yes, hits=14.684 tagged_above=1 required=5 tests=BAYES_50=3,
 FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO=1, HTML_MESSAGE=0.001,
 HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=3, RCVD_IN_DNSWL_LOW=-0.7,
 SPOOFED_FREEM_REPTO=1.999, SUBJ_ALL_CAPS=1.506, X_MONKEY_FORMMAIL=1,
 X_MONKEY_PROXY=3.5
X-Spam-Level: **************
X-Spam-Flag: YES

GREETINGS,

After we have critically perused your  resume and the details therein on 
WASHINGTON WORKSOURCE , the board of directors have come to a memorandum of 
understanding and have taken a concise decision,we feel you may be the best 
candidate for the vacant position within our company and  hereby invite you for 
an on-line interview right away with Mrs. Kelsey Arthur, who is of  the human 
resource department. You are hereby advised to read carefully about this job 
position.

Job +++
title = "  Administrative Executive,Administrative Assistant,Data Entry,Receptionist,Customer Care Representative.

Organization: Tricostar Company Limited

Key Responsibility: Provides  services by implementing administrative
systems, procedures, and policies, and monitoring administrative
projects.

Requirements: High school Diploma/College Degree

Basic Skills: Reporting Skills, Administrative Writing Skills, Microsoft
Office Skills, Managing Processes, Organization, Analyzing Information ,
Professionalism, Problem Solving, Supply Management, Inventory Control,and
Verbal Communication as well.


If you meet the desired qualifications and would like to be considered
for the position, it is expedient you followed the instructions provided below :

Make sure you have gmail account on your PC or tablet, if you don't
have, you can do that on-line at www.gmail.com. Then create a gmail log-in with 
which you would use to gain access to google hangout.Once you have access, add
Mrs. Kelsey as a contact, her screen name with google hangout is: Kelseyarthur54

If the stipulated time conflicts with your schedule, it is expected of you to email Mrs. Kelsey at this email address: 
kelseyarthur54@gmail.com
She will be standing by to abreast you with the rudiments of this job position 
via  google hangout. It is expedient to get on-line ASAP. I Wish you  best of 
Luck in the interview.
 
Sincerely,
Booker Haris

 
Washington DC's Largest FREE Email service. ---> http://www.DCemail.com ---> A Washington Online Community Member --->
http://www.DCpages.com

The first task in my training

Because I was curious how this would work, I went through their interview process (on google hangout). At the end, the “Board of Directors” approved of my qualifications and I was given an offer letter. I had to go through 2 weeks of “training” before I would be ready for my new job. The first task they had me do was to look up various bits of financial information in the public SEC database, edgar. They also imposed a time limit of 3hrs on this (it took about 20min). I submitted the answers, and also let them know that for tax purposes, I would need Tricostar’s Federal Tax ID. I haven’t heard back on what task 2 is supposed to be yet.

There are more clues here. The letter is addressed to “Dear Employee” (they still don’t know my name after hiring me? Awkward). They still don’t use any official @tricostar.com email.

Further, the training appears to be considered busy work even by “my supervisor” who doesn’t explain why any of this is relevent to my job, or even how knowing this kind of information will help the company.

Return-Path: <kelseyarthur54@gmail.com>
Delivered-To: <louisk @cryptomonkeys.org>
Received: from mail.example.com
	by mail.example.com (Dovecot) with LMTP id f2RiK8MwnVb6CQEAKZf1vA
	for <louisk @cryptomonkeys.org>; Mon, 18 Jan 2016 10:36:51 -0800
Received: from localhost (localhost [127.0.0.1])
	by mail.example.com (Postfix) with ESMTP id 94D5A1A68C99
	for <louisk @cryptomonkeys.org>; Mon, 18 Jan 2016 10:36:51 -0800 (PST)
Received: from mail.example.com ([127.0.0.1])
 by localhost (mail.example.com [127.0.0.1]) (maiad, port 10024) with ESMTP
 id 66939-09 for <louisk @cryptomonkeys.org>;
 Mon, 18 Jan 2016 10:36:51 -0800 (PST)
Received: from mail-ig0-f174.google.com (mail-ig0-f174.google.com [209.85.213.174])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.example.com (Postfix) with ESMTPS id 24F881A68C84
	for <louisk @cryptomonkeys.org>; Mon, 18 Jan 2016 10:36:51 -0800 (PST)
Received: by mail-ig0-f174.google.com with SMTP id t15so61253926igr.0
        for <louisk @cryptomonkeys.org>; Mon, 18 Jan 2016 10:35:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=3UX6XJgBs3UMxMP5/AvDM09eCxQD6MgaRIJGOHEO9w0=;
        b=I+XBf5xI93iFBqlmxFr4grvzuAqX67WsDPlPhkgAWxmh612ylb9U3EnvmgYOrknnTZ
         egl3PjTU1nqh7aysvV741Wkqqvyv4lRW6mTiorNS/NAz2bTNzPaW0RtiNq+GH5UKF1K2
         C06OukYVM4nVVYB+OVQmrdE5HK/3IJ4jwxwMfIwOPyvW35VhvY0eh38NSvVC2XYEPwJp
         TgBW79/X0NDYlylExypDcMEMK2FscJaV68GLCWvugMTpSsdJgB/gsHfJVVqPlhoYVvLQ
         g2LgDHy7XOplEGts8/8Avt4zsaip7+184D7nRvnWB4hdiyN8ngmSpLqjO/mg6c1LgKvA
         cqpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:date:message-id:subject:from:to
         :content-type;
        bh=3UX6XJgBs3UMxMP5/AvDM09eCxQD6MgaRIJGOHEO9w0=;
        b=YVlB1qjSrf7ugSVlwVeGabfX4lh7hQt4O6YcblJZIxE4bnxpm84eVNNmiCQNjshlVq
         6TSXJOcGGVsoSSuH373tqSOK0ZMsktHbSqHfv0bK6LZ9ZAT2bFuQMo9roIqk+4PrmvTN
         zpY+Fio/OHTKQH4z0s5CXOclbyEMbnnOLvM29hXkRMyfaMQYGwUtT2fk6lUL9xjpRC56
         /VEih0MrF4YTnOpsORC7eUa7sGAVLmfrU1+Rw83u8Cu6t4QhJYEhLVi1vUyXiaGeeKPX
         khNG3hocBMi5NhQ6TU6ZNrGekVuqOHXiZMSc1vtN8dj4Pltzs7eRDF4LNXkQtIoqQ/Uo
         FqEQ==
X-Gm-Message-State: AG10YOSS7Rg6KCsisGmqYhrtT/+pBU0dvkpnd4SJQRaO97rFpkmpzpzK61/aZkZBMZbR9LpcmjlfSkOYfdLTcg==
MIME-Version: 1.0
X-Received: by 10.50.155.106 with SMTP id vv10mr10716469igb.41.1453142147476;
 Mon, 18 Jan 2016 10:35:47 -0800 (PST)
Received: by 10.50.2.162 with HTTP; Mon, 18 Jan 2016 10:35:47 -0800 (PST)
date = Mon, 18 Jan 2016 10:35:47 -0800
Message-ID: <CAHdipFtq-0DBOVMMEaoQrnmpDRijoEzZ00y5q6d56KbjS0E1nQ@mail.gmail.com>
Subject: TRAINING TASK 1
From: Kelsey Arthur <kelseyarthur54@gmail.com>
To: Louis Kowolowski <louisk @cryptomonkeys.org>
Content-Type: multipart/alternative; boundary=001a11346b4882359f0529a00537
X-Virus-Scanned: Maia Mailguard 1.0.3


--001a11346b4882359f0529a00537
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=UTF-8

Dear Employee,
Complete this task
(A)
This is to introduce you to EDGAR, the SEC's database of financial
information about publicly owned companies. The SEC maintains EDGAR to
give the public free access to information about publicly owned
companies.
Instructions
Access EDGAR at the following Internet address:
http://www.sec.gov/cgi-bin/srch-edgar
Then type STARBUCKS CORP into the search box and press the return key.
Select Starbuck's most recent Form 10Q (a required quarterly filing
that includes quarterly financial statements).
What is the street address of Starbuck's corporate headquarters?
Scroll down to the balance sheet. Have the company's total assets
increased or decreased since the last report? How much have they
increased or decreased?
(B)
Each year, Fortune magazine ranks the leading 500 American-based
corporations in terms of total revenue earned.
Instructions
Visit the Fortune home page at: http://www.fortune.com
Identify the three global most admired Fortune 500 companies.
Select one of the listed companies, locate this company in the EDGAR
database: http://www.sec.gov/cgi-bin/srch-edgar Select the company's
"Form 10K" and locate comparative income statements for the past three
years. Comment on the pattern of changes in total revenue and net
income over the past three years.
Obtain financial information about McDonalds Corp sales or earnings.
Go to http://www.mcdonalds.com/
Click on Corporate McDonald's - McDonald's Quarterly Global Results
Press Release
What are the "Key highlights - Consolidated"
Dollars in millions, except per common share data

Time Limit : 3 hours

--001a11346b4882359f0529a00537
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=UTF-8

<div dir=3D"ltr"><div>Dear Employee,</div><div>Complete this task</div><div=
>(A)</div><div>This is to introduce you to EDGAR, the SEC&#39;s database of=
 financial</div><div>information about publicly owned companies. The SEC ma=
intains EDGAR to</div><div>give the public free access to information about=
 publicly owned</div><div>companies.</div><div>Instructions</div><div>Acces=
s EDGAR at the following Internet address:</div><div><a href=3D"http://www.=
sec.gov/cgi-bin/srch-edgar">http://www.sec.gov/cgi-bin/srch-edgar</a></div>=
<div>Then type STARBUCKS CORP into the search box and press the return key.=
</div><div>Select Starbuck&#39;s most recent Form 10Q (a required quarterly=
 filing</div><div>that includes quarterly financial statements).</div><div>=
What is the street address of Starbuck&#39;s corporate headquarters?</div><=
div>Scroll down to the balance sheet. Have the company&#39;s total assets</=
div><div>increased or decreased since the last report? How much have they</=
div><div>increased or decreased?</div><div>(B)</div><div>Each year, Fortune=
 magazine ranks the leading 500 American-based</div><div>corporations in te=
rms of total revenue earned.</div><div>Instructions</div><div>Visit the For=
tune home page at: <a href=3D"http://www.fortune.com">http://www.fortune.co=
m</a></div><div>Identify the three global most admired Fortune 500 companie=
s.</div><div>Select one of the listed companies, locate this company in the=
 EDGAR</div><div>database: <a href=3D"http://www.sec.gov/cgi-bin/srch-edgar=
">http://www.sec.gov/cgi-bin/srch-edgar</a> Select the company&#39;s</div><=
div>&quot;Form 10K&quot; and locate comparative income statements for the p=
ast three</div><div>years. Comment on the pattern of changes in total reven=
ue and net</div><div>income over the past three years.</div><div>Obtain fin=
ancial information about McDonalds Corp sales or earnings.</div><div>Go to =
<a href=3D"http://www.mcdonalds.com/">http://www.mcdonalds.com/</a></div><d=
iv>Click on Corporate McDonald&#39;s - McDonald&#39;s Quarterly Global Resu=
lts</div><div>Press Release</div><div>What are the &quot;Key highlights - C=
onsolidated&quot;</div><div>Dollars in millions, except per common share da=
ta</div><div><br></div><div>Time Limit : 3 hours</div><div><br></div></div>

--001a11346b4882359f0529a00537--