back to article Something phishy: Tech recruiters jabbed by fake COVID-19 Passport scam

An IT recruitment agency says a "phishing scam" is behind a fake email sent to its customers with details on how to apply for a "Coronavirus Digital Passport." The email – sent to applicants and clients of Concept Resourcing, based in Dudley, England, on 14 September and seen by The Reg – claimed users could "Get your Digital …

  1. ShadowSystems Silver badge

    I wish I could filter for emoji.

    I could scrub my inbox entirely of anything involving the damned things as no legit business worth a butterfly fart in a hurricane would ever use them in a professional communication. I could eliminate 99.99% of my junk folder catches by simply deleting anything with one in the Sender or Subject lines. And FFS let me filter on "the same supposed sender or subject line". How many versions of "Confirmation Needed", "Confirmation. Needed", "C0nf1rmat10n Needed" style bullshit does a person have to manually go through, ticking the "This is spam" box on every single one, until Gmail gets the hint? Or the "Sexy(Emoji) Horny(Emoji) F(Emoji)ckbuddy" style senders/subjects? Oh, and *anything* that claims to be from FB or any iteration of the name -- Fuckbook, F@cebook, Faceb00k, etc. I don't have an account so just auto bounce that shit as undeliverable. Better yet, if it came from a Gmail account, kill the account, trace the IP that sent the email, & send a B2B email warning their upstream provider of the spammer.

    Or wait for an active connection to that account & send a couple trillion amps back up the line to the person on the other end. Just something to say "Hi". And fry the computer sending the crap. Hopefully it will burst into flames & take out the spammer as well.

    *Sigh*

    Damn my violent fantasies of righteous retribution...

    1. Pascal Monett Silver badge
      Thumb Up

      Re: I wish I could filter for emoji.

      I want you to know that I agree with your every word.

    2. Sub 20 Pilot

      Re: I wish I could filter for emoji.

      That is the most sensible thing I have read all week.

      To that I would add excrutiating crap such as ''reaching out to our stakeholders'' instead of 'contacing our customers/ victims' and similar bastardisations of our language. If something needs saying, say it, don't wrap it in shit first.

      Also a 'rate your experience' email about 12 seconds after contacting a company. If the fuckers could respond in that time when there is a problem it would be bloody marvellous.

      Have a good weekend wherever you are.

      H.

      1. Anonymous Coward
        Anonymous Coward

        Re: 'rate your experience' email

        if genuine, I always rate my experience as the lowest score, pointing out that this is still based on the fact I haven't got the goods and they might turn out the usual crap. Not that it matters, given most 'reviews' on most products, on most sites, goes along the: "Looks great, haven't got it yet, can't wait". The strength is in (idiots) numbers.

    3. John Brown (no body) Silver badge

      Re: I wish I could filter for emoji.

      "Or wait for an active connection to that account & send a couple trillion amps back up the line to the person on the other end."

      Sadly, fibre. Can't send Amps up fibre.

      1. ShadowSystems Silver badge

        Re: I wish I could filter for emoji.

        John, then how about a trillion watts of powered laser? Just enough to slag the sender's equipment into useless sludge on the floor. Or failing that, can we send winged monkies out to attack the spammer & bite off their ears, eyebrows, nose, & lips? You know, just something a teensy bit anti social in retribution? Pretty please? =-)p

    4. Dr_N Silver badge
      Trollface

      Re: I wish I could filter for emoji.

      ¯\_(ツ)_/¯

    5. Anonymous Coward
      Anonymous Coward

      Re: no legit business worth a butterfly fart in a hurricane would ever use them

      you might be right today, but I wouldn't be sure about tomorrow...

    6. Anonymous Coward
      Anonymous Coward

      Re: I wish I could filter for emoji.

      I've been getting dozens of spams from newsletter@..., regularly, 7 days a week, on my hotmail account, for... years. I've already got about 170 spam rules, including the sender's name of course. They still come. Sure, most land in the spam folder but you have to check that folder every day anyway, because legit emails land there (sometimes) too, so you need to do the manual (well, visual) filtering anyway.

  2. Pascal Monett Silver badge

    "quickly spotted [..] several hours later"

    Um, sorry, but if it took several hours I'd say they had a coffee before spotting it.

    Still, only several hours means that IT was somewhat on the ball - it's better than half a year's response time, eh Solarwinds123 ?

    1. tiggity Silver badge

      Re: "quickly spotted [..] several hours later"

      "The scam was quickly spotted by the recruitment biz"

      My guess of most likely explanation is a phishing spam recipient spotted the problem and told them,

    2. big_D Silver badge

      Re: "quickly spotted [..] several hours later"

      More likely an eagle eyed candidate asked them wtf they were playing at.

  3. Anonymous Coward
    Anonymous Coward

    Concept Resourcing's "email software was compromised"

    but the important question is how did the sender gain access to the DB of customer e-mail addresses in the first place, and was any other personal information filtched if it was not stored securely?

    1. Anonymous Coward
      Anonymous Coward

      Re: Concept Resourcing's "email software was compromised"

      ah, but this important, arguably KEY question, is - obviously - the elephant in the server room, i.e. 'reputational damage'. IT 'consultancy' got hacked and spams their 'target audience', including, quite possibly, 'clients' (no, not those sending their cvs, they's plankton, I mean their corporate clients, if any.

    2. Alumoi Silver badge

      Re: Concept Resourcing's "email software was compromised"

      As always: sophisticated cyber attacked by a state-sponsored hacking group/crminal hacking group...

      Followed by: your privacy is most important to us...

      And, if public outcry: here's a coupon/free credit check...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022