Job Title

If you get an unsolicited email with an attachment and you don’t recognize the sender, be extremely wary, especially if the message is very vague and only tells you to open the attachment. The vagueness is a ploy to try and get you to open the attachment out of curiosity. Don’t open such attachments! Many contain malware to infect your computer, and even ones that don’t are likely to either load a phishing site or contain a scam.

InfoSec staff use specialized tools to examine the contents in a secure manner. When we examined the attachment for this phishing email, it turned out to contain a job scam pretending to be someone from the World Health Organization. To quickly recap, here are the red flags that can help you identify the offer as a scam:

  • The pay is too good to be true–this one offered $500/week for only a few hours a week of simple tasks.
  • The sender does not match the name of the person supposedly offering the job.
  • You do not need to go through an interview or meet your supposed employer (either virtually or in person) before getting the job.
  • The email asks you to reply and/or provide contact information for a different communication method such as personal email, SMS or Google Chat. This is a common trick that scammers use to move the conversation to a place that cannot be monitored by UVic.

We have many other posts on job scams that are worth a read if you want to learn more about how to spot them.

Scam email with a vague message asking you to open a suspicious attachment called "Remote Job Details.docx"


Subject: Job Title
From: M******** Arrizki <m******arrizki@iconpln.co.id>

Attachment: [Word document icon] Remote Job Details.docx    23 KB

VIEW ATTACHED FILE FOR DETAILS


This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. PT. Indonesia Comnets Plus (ICON+) is neither liable for the proper and complete transmition of the information contained in this communication nor for any delay and its receipt.