Go Back   Customers Suck! > The Heart of the Site > General Work Chat

Reply
 
Thread Tools Display Modes

OK, this is weird...
  #1  
Old 09-26-2020, 10:40 PM
Dreamstalker's Avatar
Dreamstalker Dreamstalker is offline
Philosophical Tomato
 
Join Date: Jul 2006
Location: Not where I think I am
Posts: 5,307
Default OK, this is weird...

I think I posted before about how I got an onboarding email (typically the very last step in the hiring process) from ExJob from a store not even in my country, asking me to set up an account on an HR platform the company does not use and directing me to contact "your local HR" (but no indication how to actually contact them) when the link expired after five days.

So far I've gotten three such emails total. First one was from the other store, the next two were from a generic HR address that doesn't exist; all addresses are no-reply. Not only that, but the second and third emails have an error "If you do not click this link within days of expiration" (first email specified 5 days, the rest do not)...all the emails came exactly five days apart. The links themselves look legit, I'm not clicking on anything.
__________________
"I am quite confident that I do exist."
"Excuse me, I'm making perfect sense. You're just not keeping up." The Doctor
Reply With Quote

  #2  
Old 09-27-2020, 12:31 AM
Ironclad Alibi's Avatar
Ironclad Alibi Ironclad Alibi is offline
Chairman of the Board
 
Join Date: Dec 2007
Location: Inside The Beltway.
Posts: 4,963
Default

It does look like a phishing attack.
__________________
"I don't have to be petty. The Universe does that for me."
Reply With Quote

  #3  
Old 09-27-2020, 12:34 AM
Bandit's Avatar
Bandit Bandit is offline
Semi-Retired phone geek
 
Join Date: Sep 2006
Location: Frozen bits, ON
Posts: 726
Default

Sounds like the NewJob's HR system has been compromised, and as I.A. said, they are using the data as a phish.

Careful on what you click....

B
__________________
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."- Albert Einstein.
I never knew how happy paint could make people until I started selling it.
Reply With Quote

  #4  
Old 09-27-2020, 01:49 AM
Dreamstalker's Avatar
Dreamstalker Dreamstalker is offline
Philosophical Tomato
 
Join Date: Jul 2006
Location: Not where I think I am
Posts: 5,307
Default

My first thought was that ExJob did get compromised...kinda serves them right, I did warn them about assorted vulnerabilities a year ago and was ignored because I wasn't an official part of IT.
__________________
"I am quite confident that I do exist."
"Excuse me, I'm making perfect sense. You're just not keeping up." The Doctor
Reply With Quote

  #5  
Old 09-27-2020, 03:36 AM
Ironclad Alibi's Avatar
Ironclad Alibi Ironclad Alibi is offline
Chairman of the Board
 
Join Date: Dec 2007
Location: Inside The Beltway.
Posts: 4,963
Default

Quote:
Quoth Dreamstalker View Post
My first thought was that ExJob did get compromised...kinda serves them right, I did warn them about assorted vulnerabilities a year ago and was ignored because I wasn't an official part of IT.
That sounds like a movie trope.

"Never believe the guy without credentials."

I don't think it is confined to the movies. It happens all too often in real life.
__________________
"I don't have to be petty. The Universe does that for me."
Reply With Quote

  #6  
Old 09-27-2020, 03:52 AM
Dreamstalker's Avatar
Dreamstalker Dreamstalker is offline
Philosophical Tomato
 
Join Date: Jul 2006
Location: Not where I think I am
Posts: 5,307
Default

ExJob's IT department wasn't all that bright, the few interactions I had with them. Too by-the-book when the majority of actual glitches were of the "That isn't supposed to happen" variety. They seemed too used to working with relatively closed systems up in the company office and not the chaos of a stockroom/salesfloor where anything could cause anything (and often did).
__________________
"I am quite confident that I do exist."
"Excuse me, I'm making perfect sense. You're just not keeping up." The Doctor
Reply With Quote

  #7  
Old 10-05-2020, 03:57 AM
Dreamstalker's Avatar
Dreamstalker Dreamstalker is offline
Philosophical Tomato
 
Join Date: Jul 2006
Location: Not where I think I am
Posts: 5,307
Default

Got another such email on 10/1; so far that makes 4, all exactly five days apart. The link is exactly the same in each one and looks like a legit [program] link...but that's in an email program so who knows. If it was a legit onboarding thing I would have been contacted elsewise.

Sadly my "forensics" laptop (I don't use it other than trying to break software so NBD if it gets infected) is having issues so I can't delve into it just yet. Maybe I can use this as a test case in the security course I'm taking...
__________________
"I am quite confident that I do exist."
"Excuse me, I'm making perfect sense. You're just not keeping up." The Doctor
Reply With Quote

  #8  
Old 10-05-2020, 08:17 PM
EricKei's Avatar
EricKei EricKei is offline
The Hero CS Deserves
 
Join Date: Aug 2008
Location: Wandering Greyhawk
Posts: 10,110
Default

You just reminded me of a Windows Security seminar I attended oh . . . two decades ago. They talked about – well, guess I remember only two things of note from it, and they're things that I HOPE have been rectified since then, but ya never know:

1 - Windows' login screen has (had) all of the integrity of a sieve, and

2 - Failed attempts to login to a system (with a bad password) are/were NOT logged under critical events (or whatever the category they use for "OMFG you need to know this right EFFing now!!" stuff), for some inexplicable reason; they were tracked elsewhere, but you had to know where to look. As such, you could just keep spamming the login screen unless there was a Policy that somehow prevented you from doing so.
__________________
Acts of Gord – Read it, Learn it, Love it!
"Our psychic powers only work if the customer has a mind to read" - me
"Never assume your users are stupid, but never forget that they are." ~ anon. engineer
“Last night, you were unhinged. You were like some desperate, howling demon. You frightened me. Do it again.” - Morticia Addams

"Sexual intellectuals. They're f@%#ing know-it-alls" - Chuck Yeager
"Good men don't need rules; today is not the day to find out why I have so many." - The Doctor
"[Friendship,] like philosophy, like art, like the universe itself … has no survival value; rather it is one of those things which give value to survival.” ~ C. S. Lewis

Reply With Quote

  #9  
Old 10-06-2020, 11:53 AM
RealUnimportant's Avatar
RealUnimportant RealUnimportant is offline
Ex-Puncher of Tickets
 
Join Date: Aug 2011
Location: 13A, Moonbase Beaver.
Posts: 2,175
Default

Quote:
Quoth EricKei View Post
1 - Windows' login screen has (had) all of the integrity of a sieve, ...
Yeah, I remember when you could occasionally leave the password field blank (and even set your password as blank!) and gain access, or just cancel the password dialogue and get guest access to the machine by default. Heady days.
__________________
This was one of those times where my mouth says "have a nice day" but my brain says "go step on a Lego". - RegisterAce
I can't make something magically appear to fulfill all your hopes and dreams. Believe me, if I could I'd be the first person I'd help. - Trixie
Reply With Quote

  #10  
Old 10-06-2020, 09:33 PM
EricKei's Avatar
EricKei EricKei is offline
The Hero CS Deserves
 
Join Date: Aug 2008
Location: Wandering Greyhawk
Posts: 10,110
Default

To the best of my knowledge, prior to w2000, ALL users were effectively Admins, even if they were categorized as Guests within Windows. 98/SE did this, not sure about wMe. The seminar happened as XP was getting a decent foothold on the market.
__________________
Acts of Gord – Read it, Learn it, Love it!
"Our psychic powers only work if the customer has a mind to read" - me
"Never assume your users are stupid, but never forget that they are." ~ anon. engineer
“Last night, you were unhinged. You were like some desperate, howling demon. You frightened me. Do it again.” - Morticia Addams

"Sexual intellectuals. They're f@%#ing know-it-alls" - Chuck Yeager
"Good men don't need rules; today is not the day to find out why I have so many." - The Doctor
"[Friendship,] like philosophy, like art, like the universe itself … has no survival value; rather it is one of those things which give value to survival.” ~ C. S. Lewis

Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:51 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2020, vBulletin Solutions, Inc.