Another type of crisis spam

    A new type of <social engineering> has been noticed on the Internet. A few days ago a letter of the following content arrived in the mail:

    Alexander good afternoon!

    The recruitment agency sent us your resume.
    At the moment, our company has opened a new vacancy CTO).
    Registration according to the Labor Code of the Russian Federation, social guarantees, career growth, salary will depend on the results of the interview.
    Detailed information about our company can be viewed on the website:
    http://www.pirol.ru/?dc=ngx6ex39812

    Sincerely, Margarita,
    Head of the Human Resources Department
    , Pyrol Company http://www.pirol.ru/?dc=ngx6ex39812


    It should be noted that my name is really Alexander, and I really once posted a resume for the CTO position. But something confused me in this message, and I took a closer look. Here's what I noticed:
    1) Margarita does not have a surname or phone number, and in general there is no specificity in the letter.
    2) Link www.pirol.ru/?dc=ngx6ex39812 - can talk about the depersonalization of the visitor on the site (i.e. sent a personal link).
    3) An extra bracket at the end of the sentence - may indicate poor-quality automatic text processing (in the CV “CTO” was in brackets).

    Another circumstances:
    1) The text and URL of the link are confused - apparently a spammer bug.
    2) The headers indicate that the letter was sent to pirol.ru/send_mail/send_mail.php, i.e. the site itself - it looks like the site was under the control of an attacker.
    3) Site pirol.ru at the moment does not respond by timeout. Google says this is the (former?) Website of a trading company.

    Now let's try to guess why spammers might need it.
    Option one: email database validation. But it is not clear why such a thorough preparation for the validation of addresses from one site (hh.ru) with the theme of job search.
    Option two: DDoS attack of the site is not by bots, but by the hands of users. It is not clear what the standard version with botnets was bad and why personal links. Perhaps we have a case of a creative approach to solving the problem of “building a competitor’s website”: how to put a website for a long time with the efforts of one person and for little money (bot-no, buy expensive) (people read mail irregularly, will try to follow the link repeatedly).
    Option three: redirect to a site with viruses. In my opinion, the most probable, although it does not explain personal links (why do I need a botnet tied to personal information?) And why a site is used that does not withstand such a load.

    Be careful, hackers pick the most relevant topics to break through your own brain filters.

    Also popular now: