Career Phishing Scams

For the past few months, I have been focused on getting a job so that when my loans come due, I will have something to pay for them. I’ve also been receiving phishing scams for jobs. You can tell they’re scams because they almost always follow these steps.

First, they email you directly. And the funny part is that they also email a previous email so you’ll see their first attempts. They almost always come from <company>careers.com for their domain.

Next, their domain has been recently been registered, like within the past week. If you run a whois search result on <company>careers.com, it often returns with a registered date within a week of the email. Also, when you go to this domain for a website, you’ll find that it hasn’t been configured for a web site.

Finally, their domain’s MX record is registered with smtp.google.com as their solitary mail exchange record. For example,

$ dig MX firstfincapcareers.com

; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> MX firstfincapcareers.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55310
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;firstfincapcareers.com. IN MX

;; ANSWER SECTION:
firstfincapcareers.com. 7207 IN MX 1 SMTP.GOOGLE.com.

;; Query time: 76 msec
;; SERVER: 192.168.50.1#53(192.168.50.1) (UDP)
;; WHEN: Tue Nov 19 14:42:29 CST 2024
;; MSG SIZE rcvd: 79

In conclusion, don’t reply to these phishing scams. They’re disingenuous and can leak data.