Homepage Sophos newsroom
Register as BUSINESS Register as PR AGENCY Register as JOURNALIST

Scammers target government job site - seasonal workers most at risk

Announcement posted by Sophos 11 Jan 2011

Blog post by Paul Ducklin, Head of Technology Sophos Asia Pacific
Scammers have recently been targeting job seekers in Australia, aiming a phishing campaign at users of the Federal Government's job site, JobSearch.

The scam "reminds" you that your JobSearch account is about to expire, warning you to go online and update your account within the next two days:

Dear Australian JobSearch user,

To confirm your account please select the link provided.

[account confirmation]

Please note that you need to respond within 2 days. After this time your registration will be deleted from JobSearch and you will need to repeat the registration process.

The email even includes a disclaimer typical of public service departments worldwide. (I wish they wouldn't do that. Disclaimers of any sort serve little practical purpose other than to patronise and to annoy legitimate users, but they are still widespread in Gov 2.0 correspondence.)

Most Naked Security readers would recognise this sort of email as a scam at once, and wouldn't be conned into clicking the link - especially since it is directed at a Tokelau domain (.TK), not a .GOV.AU one.

However, JobSearch includes a wide range of job listings for transient and temporary workers, notably for those seeking fruit-picking and related work on the Harvest Trail.

Different crops are picked at different times of year, so that agritourists working their way round the country are likely to use the site regularly as they move from crop season to crop season or from region to region.

When you're on the road, relying on internet access as and when you can get it, this kind of scam may become much more believable, and the benefits of clicking "just in case" may easily seem to outweigh the risks of possibly letting opportunities slip.

Be careful out there. Don't click on "your account needs fixing" links in emails. Don't use the same password on every site. If in doubt, leave it out!

(Note: the link used in this campaign doesn't redirect to a phishing site at the moment. And if you're browsing through a Sophos Web Appliance, the site is blocked as a security risk.)




If you would like to view this blogpost in full please visit: http://nakedsecurity.sophos.com/2011/01/10/scammers-target-government-job-site/