Another type of spam under crisis
A new type of "social engineering" has been noticed on the Internet. The other day a letter arrived to the post office as follows:
Alexander, good afternoon!
The recruitment agency sent us your resume.
At the moment, our company has opened a new vacancy CTO).
Registration according to the Labor Code of the Russian Federation, social guarantees, career growth, salary will depend on the results of the interview.
Detailed information about our company can be found on the website: http://www.pirol.ru/?dc=ngx6ex39812
')
Regards, Margarita
head of personnel department
Firm "Pyrol" http://www.pirol.ru/?dc=ngx6ex39812
It should be noted that my name is really Alexander, and I really once placed a resume on the position of CTO. But something embarrassed me in this message, and I looked more closely. Here is what I noticed:
1) “Margarita” has no surname and telephone, and in general there is no specifics in the letter.
2) Link www.pirol.ru/?dc=ngx6ex39812 - can talk about the depersonalization of the visitor on the site (ie, a personal link is sent).
3) The extra bracket at the end of the sentence - it can talk about poor-quality automatic text processing (in the summary, “CTO” was in brackets).
More circumstances:
1) The text and the URL of the link are mixed up - apparently a spammer's glitch.
2) The headers say that the letter was sent to pirol.ru/send_mail/send_mail.php, i.e. by the site itself - it seems the site was under the control of the attacker.
3) The site pirol.ru is currently not responding by timeout. Google says this is a (former?) Trading company website.
Now let's try to guess why this could be needed by spammers.
Option One: validation of the email database. But it is not clear why such thorough preparation for the validation of addresses from one site (hh.ru) with the theme of job search.
Option Two: DDoS attack site is not bots, and the hands of users. It is not clear what was bad standard version with bot nets and why personal links. Perhaps we have a case of a creative approach to solving the problem of “competing a competitor’s site”: as with the efforts of one person and for little money (it’s not expensive to buy a bot) we put the site for a long time (people read mail irregularly, they will try to follow the link many times).
Option three: redirect to the site with viruses. In my opinion, the most likely, although it does not explain personal links (why do we need a botnet with reference to personal information?) And why a website was used that does not withstand such a load.
Be careful, hackers pick up the most relevant topics in order to break through your own brain filters.
Alexander, good afternoon!
The recruitment agency sent us your resume.
At the moment, our company has opened a new vacancy CTO).
Registration according to the Labor Code of the Russian Federation, social guarantees, career growth, salary will depend on the results of the interview.
Detailed information about our company can be found on the website: http://www.pirol.ru/?dc=ngx6ex39812
')
Regards, Margarita
head of personnel department
Firm "Pyrol" http://www.pirol.ru/?dc=ngx6ex39812
It should be noted that my name is really Alexander, and I really once placed a resume on the position of CTO. But something embarrassed me in this message, and I looked more closely. Here is what I noticed:
1) “Margarita” has no surname and telephone, and in general there is no specifics in the letter.
2) Link www.pirol.ru/?dc=ngx6ex39812 - can talk about the depersonalization of the visitor on the site (ie, a personal link is sent).
3) The extra bracket at the end of the sentence - it can talk about poor-quality automatic text processing (in the summary, “CTO” was in brackets).
More circumstances:
1) The text and the URL of the link are mixed up - apparently a spammer's glitch.
2) The headers say that the letter was sent to pirol.ru/send_mail/send_mail.php, i.e. by the site itself - it seems the site was under the control of the attacker.
3) The site pirol.ru is currently not responding by timeout. Google says this is a (former?) Trading company website.
Now let's try to guess why this could be needed by spammers.
Option One: validation of the email database. But it is not clear why such thorough preparation for the validation of addresses from one site (hh.ru) with the theme of job search.
Option Two: DDoS attack site is not bots, and the hands of users. It is not clear what was bad standard version with bot nets and why personal links. Perhaps we have a case of a creative approach to solving the problem of “competing a competitor’s site”: as with the efforts of one person and for little money (it’s not expensive to buy a bot) we put the site for a long time (people read mail irregularly, they will try to follow the link many times).
Option three: redirect to the site with viruses. In my opinion, the most likely, although it does not explain personal links (why do we need a botnet with reference to personal information?) And why a website was used that does not withstand such a load.
Be careful, hackers pick up the most relevant topics in order to break through your own brain filters.
Source: https://habr.com/ru/post/60484/
All Articles