Continue reading »]]> By: Shashank Shekhar

Mid Day, Delhi

2009-08-20

Online job frauds just got bigger, smarter and more authentic.

A new batch of fake job offer letter emails specifically targets young IT professionals, and is being circulated by scamsters posing as HCL and Wipro employees.

The emails, promising job-seekers interview calls from these two IT giants, carry seemingly authentic employee codes, hologram of the companies and even the designation of the persons who have sent the letters.

The mails direct interested employees to deposit a nominal fee as ‘refundable interview security’ in a specific bank and also include the account number to make it look real.

Be warned: The advisory against fake job offers posted by HCL on its website.

Mail order

The email being circulated offering jobs at HCL, a copy of which is with MiD DAY, comes with the subject: “HCL Direct Recruitments Offer.” It reads, “The company has selected 32 candidates’ list for IT, Administration and Production departments, as well as is offering you to join as an executive/manager post in respective department.”

The email carries the contact details of two people K Rangnathan and Vikas Mehta who mention the mail is ‘confidential’ and is being sent to ‘candidates chosen from a well-known job portal’. The mail also mentions the two are part of the ‘HCL Human Resource Department’ and includes an employee code ID-11538 as well. “We are sending this mail on behalf of the IT company,” the letter adds.

The email asks professionals to deposit Rs 5,250 (in cash) as ‘refundable security’ in favour of the company’s senior Human Resource Department official Ajay Kumar Jha at any branch of the Punjab National Bank. The account number mentioned is 7200002466100.

It instructs job seekers to inform the department about the payment made by writing in at hcl.appointment@dr.com

The mail says after the fee has been deposited, the applicant will receive an offer letter with air tickets for the final interview at the HCL headquarters in Noida on August 24.

The alleged mail from Wipro says, “Wipro has 45 job vacancies in its facilities in Delhi, Bangalore, Noida and Pune.” This mail too includes similar cash deposit instructions. It also promises to repay expenditures the candidate incurs during the direct interview with company officials.

Almost real

Cyber security experts are alarmed at this smart duplicity. They point out that fraudsters have created a database and are selectively targeting a specific audience, in this case, software engineers.

“Scamsters are cashing in on the economic slowdown. But they have become smarter. These mails are so authentic it is hard to make out they are fake.”

Worried firms

While the emails fool youngsters, the companies being framed are worried as well. The two IT firms have strongly condemned the mails. A senior HR official from HCL confirmed they have received complaints and queries about fake job offers. “Criminals are tarnishing our image even though the company has no role in it. We welcome people to approach us to complain against such nuisances. We take such matters very seriously and are working with the police to curb such malpractices,” said the official.

A vice-president of Wipro’s Talent Acquisition department, said, “Wipro advertises job openings on its career website, on registered job portals, staffing partners and through media advertisements.

The advertisements carry the Wipro logo and the Wipro email ID.”

Even HCL has posted an advisory warning against fake job offers on its official website. The advisory says, “It has been found that unscrupulous individuals/ placement agencies have been enticing candidates with job opportunity at HCL. HCL wishes to state that the company has never charged money for recruiting candidate nor does the company have authorised agency or firm for recruiting candidate.”

Continue reading »]]> Quite often I hear comments like “so what if they hack into my system there’s nothing on my system of interest.”  I can’t tell you how more wrong you can be.  The only thing I can think of when I hear someone say that is that person is not aware of just what type of information they have access to.   I’ll show you exactly what type of information a “hacker” has access to once your system has been broken into.  Try to remember this is not meant to scare you, it is meant to inform you.  Keep in mind you are reading this to gain a better understanding of how to protect your-self.

Bank Account Information

I’m sure if you’re like most people you have web banking of some kind. Most banks require you to use 128bit encryption browsers to do your banking online.  This form of banking online does encrypt your information and protect it from otherwise prying eyes of the world that may wish to gain access to such vital information. This should further illustrate how powerful the encryption method is: 

•  40-bit encryption, means there are 2  possible keys that could fit into the lock that holds your account information. That means there are many billions (a 1 followed by 12 zeroes) of possible keys.  

•  128-bit encryption, means there are 288 (a three followed by 26 zeroes) times as many key combinations than there are for 40-bit encryption. That means a computer would require exponentially more processing power than for 40-bit encryption to find the correct key.

Unfortunately it’s useless to you once your computer has been compromised.

Question: How? One of the features of a “Trojan” is a key logger.  The principle behind this is all keystrokes pressed will be recorded and sent back to the “hacker.”

You’re probably asking yourself well “How do they know what bank I’m with?” This information is easily achieved by doing what is called a screen shot.  This gives the “hacker” a picture of your desktop and all windows currently open at the time.

As you can see although you are on a secure web site, it still doesn’t protect your information once your computer is compromised.

Email

Simply put all emails sent to you are accessible to a “hacker” once your system has been compromised.  They can read them and possibly check your mail before you do.  

Pictures

If you have pictures of yourself or family members on your system, they are also available to the “hacker.”  I don’t think I need to explain the danger here.  Not only has the individual compromised your computer system, they also know what you look like.

Resume

This may not sound like a priority file for a “hacker” but stay with me for a second.  How many of you have resumes typed up on your computers? I’m sure a lot of you do.  If a “hacker” were to download your resume they now have access to:

Name:

Address:

Phone:

Workplace:

It doesn’t stop there either.  Those are just a few of the things that can happen when your system is compromised.  This is no science fiction these are real life possibilities.  The extent of that information was gathered just from files on your system.