Liminance Avatar
Liminance

Uncovering and breaking a scam praying on job seekers.

It was a busy end of day when I suddenly got a massive spike of LinkedIn views, messages, and connection requests.

My first instinct was that my university had featured my startup, I'd submitted our info to their entrepreneurship program a week earlier.

But none of these people were in my network. So I looked at their messages. Every single one was following up on a job post, after being contacted by someone named "Hilda Wilson" from... my company?

My scam radar went full beep.

I started asking a few of these people what happened. Two answered: Hilda had reached out to people actively looking for work and asked them to fill in their banking information. One applicant had already submitted it (!!!). She sounded scared. Others were relieved when I told them. A few asked me for a job after.

I pulled up the scammers' website from the msg. It was a full cloned site of our own, but with even more stuff: a client banner with big names, a WeWork address (we used to be full remote) and random forms. Convincing enough if someone's offering you a job right now with good pay.

Then I went deeper. I inspected the form submission buttons, hoping they'd forgotten to clean up their traces. They had. The button was trying (and failing) to send data to a completely different website. So I followed it.

That second site was an almost perfect copy of another legitimate company. Found the actual CEO, active on LinkedIn, lots of connections. My guess is he has no idea his website is being mirrored to run this operation.

Back to the original site: a WhoIS and reverse IP lookup confirmed what I suspected. All registrar info was redacted. And the IP address was shared with hundreds of similar sites.

So I did the only two obvious things I could do: called my lawyers (not much to be done there) and filed myself an abuse complaint with the domain registrar.

A few email exchanges later, they brushed it off.

I pulled my proofs, and mentionned (nicely) that their innaction is getting desperate job seekers scammed.

A few weeks later, the site was down.

A few other weeks, the entire chain was down.

Success! For now...

But it really feels like a hydra. Take one down, three more appear.

At least I got some thrill out of it, with my very poor IT skills... and supported the person that got scammed by helping her with her bank freeze and other complications.