What does it take to look like a job scam email?
There are a number of things to notice about this. In no particular order, and each by itself doesn’t necessarily say scam, but added up, if you proceed, it should be with caution.
- The “From” doesn’t match the name at the bottom of the Email.
- The “From” doesn’t match the person referenced in email, and there is no explanation about the individual sending the email being a recruiter, or setting up a meeting for someone else.
- The “To” isn’t addressed to me, or even someone I know.
- The person wants to communicate via Google Hangout instead of official email or phone call from the company they supposedly represent (in this case, Tricostar).
- None of the email addresses listed (From, Reply-To, etc) are Tricostar.
- How often does the Board of Directors of a successful company do the hiring of receptionists, data entry personel, or administrative assistants? The board is busy dealing with guiding the executive suite.
- The grammer is pretty bad, even by today’s (lack of) standards.
- The email is sent from a free email service.
What does it look like?
Here is the email, complete with headers so you can see all the details.
1Return-Path: <kissspager@dcemail.com>
2Delivered-To: <louisk @cryptomonkeys.org>
3Received: from mail.example.com
4 by mail.example.com (Dovecot) with LMTP id S3n7MLfIk1ZWfQEAKZf1vA
5 for <louisk @cryptomonkeys.org>; Mon, 11 Jan 2016 07:22:31 -0800
6Received: from localhost (localhost [127.0.0.1])
7 by mail.example.com (Postfix) with ESMTP id AA7BC1A68FC9
8 for <louisk @cryptomonkeys.org>; Mon, 11 Jan 2016 07:22:31 -0800 (PST)
9Received: from mail.example.com ([127.0.0.1])
10 by localhost (mail.example.com [127.0.0.1]) (maiad, port 10024) with ESMTP
11 id 97510-03 for <louisk @cryptomonkeys.org>;
12 Mon, 11 Jan 2016 07:22:30 -0800 (PST)
13X-Greylist:
14Received: from imta-37.everyone.net (sitemail3.everyone.net [216.200.145.37])
15 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
16 (No client certificate requested)
17 by mail.example.com (Postfix) with ESMTPS id 737151A688DF
18 for <louisk @cryptomonkeys.org>; Mon, 11 Jan 2016 07:22:30 -0800 (PST)
19Received: from pps.filterd (localhost.localdomain [127.0.0.1])
20 by imta-38.everyone.net (8.14.5/8.14.5) with SMTP id u0BDo3GD020198;
21 Mon, 11 Jan 2016 05:55:02 -0800
22X-Eon-Originating-Account: nMUOZ7QILgmbCAvPvvqErMRRSK8WB2rGhuVfP-QodLIEegaulTHVGdmWkQlcly6x
23X-Eon-Dm: m0087469.ppops.net
24Received: by m0087795.mta.everyone.net (EON-PICKUP)
25 id m0087795.5672ed2e.24779; Mon, 11 Jan 2016 05:55:01 -0800
26MIME-Version: 1.0
27Content-Type: text/html; charset="UTF-8"
28Message-Id: <20160111055501.B0E8061C@m0087795.ppops.net>
29date = Mon, 11 Jan 2016 05:55:01 -0800
30From: "Kelly Edmonds" <Kissspager@dcemail.com>
31Reply-To: <Kissspager@dcemail.com>
32To: <kelseyarthur54@gmail.com>
33Subject: JOB OPENING WITH TRICOSTAR COMPANY LIMITED
34Content-Transfer-Encoding: base64
35X-Eon-Sig: AQPb9hpWk7Q1dIgDEQEAAAAL,c1531544ed17720840bc14816af1a5e7
36X-Originating-Ip: 108.59.10.153
37X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.15.21,1.0.33,0.0.0000
38 definitions=2016-01-11_08:2016-01-11,2016-01-11,1970-01-01 signatures=0
39X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=10
40 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx
41 scancount=1 engine=7.0.1-1511060000 definitions=main-1601110247
42X-Virus-Scanned: Maia Mailguard 1.0.3
43X-Spam-Status: Yes, hits=14.684 tagged_above=1 required=5 tests=BAYES_50=3,
44 FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO=1, HTML_MESSAGE=0.001,
45 HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=3, RCVD_IN_DNSWL_LOW=-0.7,
46 SPOOFED_FREEM_REPTO=1.999, SUBJ_ALL_CAPS=1.506, X_MONKEY_FORMMAIL=1,
47 X_MONKEY_PROXY=3.5
48X-Spam-Level: **************
49X-Spam-Flag: YES
50
51GREETINGS,
52
53After we have critically perused your resume and the details therein on
54WASHINGTON WORKSOURCE , the board of directors have come to a memorandum of
55understanding and have taken a concise decision,we feel you may be the best
56candidate for the vacant position within our company and hereby invite you for
57an on-line interview right away with Mrs. Kelsey Arthur, who is of the human
58resource department. You are hereby advised to read carefully about this job
59position.
60
61Job +++
62title = " Administrative Executive,Administrative Assistant,Data Entry,Receptionist,Customer Care Representative.
63
64Organization: Tricostar Company Limited
65
66Key Responsibility: Provides services by implementing administrative
67systems, procedures, and policies, and monitoring administrative
68projects.
69
70Requirements: High school Diploma/College Degree
71
72Basic Skills: Reporting Skills, Administrative Writing Skills, Microsoft
73Office Skills, Managing Processes, Organization, Analyzing Information ,
74Professionalism, Problem Solving, Supply Management, Inventory Control,and
75Verbal Communication as well.
76
77
78If you meet the desired qualifications and would like to be considered
79for the position, it is expedient you followed the instructions provided below :
80
81Make sure you have gmail account on your PC or tablet, if you don't
82have, you can do that on-line at www.gmail.com. Then create a gmail log-in with
83which you would use to gain access to google hangout.Once you have access, add
84Mrs. Kelsey as a contact, her screen name with google hangout is: Kelseyarthur54
85
86If the stipulated time conflicts with your schedule, it is expected of you to email Mrs. Kelsey at this email address:
87kelseyarthur54@gmail.com
88She will be standing by to abreast you with the rudiments of this job position
89via google hangout. It is expedient to get on-line ASAP. I Wish you best of
90Luck in the interview.
91
92Sincerely,
93Booker Haris
94
95
96Washington DC's Largest FREE Email service. ---> http://www.DCemail.com ---> A Washington Online Community Member --->
97http://www.DCpages.com
The first task in my training
Because I was curious how this would work, I went through their interview process (on google hangout). At the end, the “Board of Directors” approved of my qualifications and I was given an offer letter. I had to go through 2 weeks of “training” before I would be ready for my new job. The first task they had me do was to look up various bits of financial information in the public SEC database, edgar. They also imposed a time limit of 3hrs on this (it took about 20min). I submitted the answers, and also let them know that for tax purposes, I would need Tricostar’s Federal Tax ID. I haven’t heard back on what task 2 is supposed to be yet.
There are more clues here. The letter is addressed to “Dear Employee” (they still don’t know my name after hiring me? Awkward). They still don’t use any official @tricostar.com email.
Further, the training appears to be considered busy work even by “my supervisor” who doesn’t explain why any of this is relevent to my job, or even how knowing this kind of information will help the company.
1Return-Path: <kelseyarthur54@gmail.com>
2Delivered-To: <louisk @cryptomonkeys.org>
3Received: from mail.example.com
4 by mail.example.com (Dovecot) with LMTP id f2RiK8MwnVb6CQEAKZf1vA
5 for <louisk @cryptomonkeys.org>; Mon, 18 Jan 2016 10:36:51 -0800
6Received: from localhost (localhost [127.0.0.1])
7 by mail.example.com (Postfix) with ESMTP id 94D5A1A68C99
8 for <louisk @cryptomonkeys.org>; Mon, 18 Jan 2016 10:36:51 -0800 (PST)
9Received: from mail.example.com ([127.0.0.1])
10 by localhost (mail.example.com [127.0.0.1]) (maiad, port 10024) with ESMTP
11 id 66939-09 for <louisk @cryptomonkeys.org>;
12 Mon, 18 Jan 2016 10:36:51 -0800 (PST)
13Received: from mail-ig0-f174.google.com (mail-ig0-f174.google.com [209.85.213.174])
14 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
15 (No client certificate requested)
16 by mail.example.com (Postfix) with ESMTPS id 24F881A68C84
17 for <louisk @cryptomonkeys.org>; Mon, 18 Jan 2016 10:36:51 -0800 (PST)
18Received: by mail-ig0-f174.google.com with SMTP id t15so61253926igr.0
19 for <louisk @cryptomonkeys.org>; Mon, 18 Jan 2016 10:35:48 -0800 (PST)
20DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
21 d=gmail.com; s=20120113;
22 h=mime-version:date:message-id:subject:from:to:content-type;
23 bh=3UX6XJgBs3UMxMP5/AvDM09eCxQD6MgaRIJGOHEO9w0=;
24 b=I+XBf5xI93iFBqlmxFr4grvzuAqX67WsDPlPhkgAWxmh612ylb9U3EnvmgYOrknnTZ
25 egl3PjTU1nqh7aysvV741Wkqqvyv4lRW6mTiorNS/NAz2bTNzPaW0RtiNq+GH5UKF1K2
26 C06OukYVM4nVVYB+OVQmrdE5HK/3IJ4jwxwMfIwOPyvW35VhvY0eh38NSvVC2XYEPwJp
27 TgBW79/X0NDYlylExypDcMEMK2FscJaV68GLCWvugMTpSsdJgB/gsHfJVVqPlhoYVvLQ
28 g2LgDHy7XOplEGts8/8Avt4zsaip7+184D7nRvnWB4hdiyN8ngmSpLqjO/mg6c1LgKvA
29 cqpA==
30X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
31 d=1e100.net; s=20130820;
32 h=x-gm-message-state:mime-version:date:message-id:subject:from:to
33 :content-type;
34 bh=3UX6XJgBs3UMxMP5/AvDM09eCxQD6MgaRIJGOHEO9w0=;
35 b=YVlB1qjSrf7ugSVlwVeGabfX4lh7hQt4O6YcblJZIxE4bnxpm84eVNNmiCQNjshlVq
36 6TSXJOcGGVsoSSuH373tqSOK0ZMsktHbSqHfv0bK6LZ9ZAT2bFuQMo9roIqk+4PrmvTN
37 zpY+Fio/OHTKQH4z0s5CXOclbyEMbnnOLvM29hXkRMyfaMQYGwUtT2fk6lUL9xjpRC56
38 /VEih0MrF4YTnOpsORC7eUa7sGAVLmfrU1+Rw83u8Cu6t4QhJYEhLVi1vUyXiaGeeKPX
39 khNG3hocBMi5NhQ6TU6ZNrGekVuqOHXiZMSc1vtN8dj4Pltzs7eRDF4LNXkQtIoqQ/Uo
40 FqEQ==
41X-Gm-Message-State: AG10YOSS7Rg6KCsisGmqYhrtT/+pBU0dvkpnd4SJQRaO97rFpkmpzpzK61/aZkZBMZbR9LpcmjlfSkOYfdLTcg==
42MIME-Version: 1.0
43X-Received: by 10.50.155.106 with SMTP id vv10mr10716469igb.41.1453142147476;
44 Mon, 18 Jan 2016 10:35:47 -0800 (PST)
45Received: by 10.50.2.162 with HTTP; Mon, 18 Jan 2016 10:35:47 -0800 (PST)
46date = Mon, 18 Jan 2016 10:35:47 -0800
47Message-ID: <CAHdipFtq-0DBOVMMEaoQrnmpDRijoEzZ00y5q6d56KbjS0E1nQ@mail.gmail.com>
48Subject: TRAINING TASK 1
49From: Kelsey Arthur <kelseyarthur54@gmail.com>
50To: Louis Kowolowski <louisk @cryptomonkeys.org>
51Content-Type: multipart/alternative; boundary=001a11346b4882359f0529a00537
52X-Virus-Scanned: Maia Mailguard 1.0.3
53
54
55--001a11346b4882359f0529a00537
56Content-Transfer-Encoding: 7bit
57Content-Type: text/plain;
58 charset=UTF-8
59
60Dear Employee,
61Complete this task
62(A)
63This is to introduce you to EDGAR, the SEC's database of financial
64information about publicly owned companies. The SEC maintains EDGAR to
65give the public free access to information about publicly owned
66companies.
67Instructions
68Access EDGAR at the following Internet address:
69http://www.sec.gov/cgi-bin/srch-edgar
70Then type STARBUCKS CORP into the search box and press the return key.
71Select Starbuck's most recent Form 10Q (a required quarterly filing
72that includes quarterly financial statements).
73What is the street address of Starbuck's corporate headquarters?
74Scroll down to the balance sheet. Have the company's total assets
75increased or decreased since the last report? How much have they
76increased or decreased?
77(B)
78Each year, Fortune magazine ranks the leading 500 American-based
79corporations in terms of total revenue earned.
80Instructions
81Visit the Fortune home page at: http://www.fortune.com
82Identify the three global most admired Fortune 500 companies.
83Select one of the listed companies, locate this company in the EDGAR
84database: http://www.sec.gov/cgi-bin/srch-edgar Select the company's
85"Form 10K" and locate comparative income statements for the past three
86years. Comment on the pattern of changes in total revenue and net
87income over the past three years.
88Obtain financial information about McDonalds Corp sales or earnings.
89Go to http://www.mcdonalds.com/
90Click on Corporate McDonald's - McDonald's Quarterly Global Results
91Press Release
92What are the "Key highlights - Consolidated"
93Dollars in millions, except per common share data
94
95Time Limit : 3 hours
96
97--001a11346b4882359f0529a00537
98Content-Transfer-Encoding: quoted-printable
99Content-Type: text/html;
100 charset=UTF-8
101
102<div dir=3D"ltr"><div>Dear Employee,</div><div>Complete this task</div><div=
103>(A)</div><div>This is to introduce you to EDGAR, the SEC's database of=
104 financial</div><div>information about publicly owned companies. The SEC ma=
105intains EDGAR to</div><div>give the public free access to information about=
106 publicly owned</div><div>companies.</div><div>Instructions</div><div>Acces=
107s EDGAR at the following Internet address:</div><div><a href=3D"http://www.=
108sec.gov/cgi-bin/srch-edgar">http://www.sec.gov/cgi-bin/srch-edgar</a></div>=
109<div>Then type STARBUCKS CORP into the search box and press the return key.=
110</div><div>Select Starbuck's most recent Form 10Q (a required quarterly=
111 filing</div><div>that includes quarterly financial statements).</div><div>=
112What is the street address of Starbuck's corporate headquarters?</div><=
113div>Scroll down to the balance sheet. Have the company's total assets</=
114div><div>increased or decreased since the last report? How much have they</=
115div><div>increased or decreased?</div><div>(B)</div><div>Each year, Fortune=
116 magazine ranks the leading 500 American-based</div><div>corporations in te=
117rms of total revenue earned.</div><div>Instructions</div><div>Visit the For=
118tune home page at: <a href=3D"http://www.fortune.com">http://www.fortune.co=
119m</a></div><div>Identify the three global most admired Fortune 500 companie=
120s.</div><div>Select one of the listed companies, locate this company in the=
121 EDGAR</div><div>database: <a href=3D"http://www.sec.gov/cgi-bin/srch-edgar=
122">http://www.sec.gov/cgi-bin/srch-edgar</a> Select the company's</div><=
123div>"Form 10K" and locate comparative income statements for the p=
124ast three</div><div>years. Comment on the pattern of changes in total reven=
125ue and net</div><div>income over the past three years.</div><div>Obtain fin=
126ancial information about McDonalds Corp sales or earnings.</div><div>Go to =
127<a href=3D"http://www.mcdonalds.com/">http://www.mcdonalds.com/</a></div><d=
128iv>Click on Corporate McDonald's - McDonald's Quarterly Global Resu=
129lts</div><div>Press Release</div><div>What are the "Key highlights - C=
130onsolidated"</div><div>Dollars in millions, except per common share da=
131ta</div><div><br></div><div>Time Limit : 3 hours</div><div><br></div></div>
132
133--001a11346b4882359f0529a00537--
Comments