Announcement

Collapse
No announcement yet.

OK, this is weird...

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OK, this is weird...

    I think I posted before about how I got an onboarding email (typically the very last step in the hiring process) from ExJob from a store not even in my country, asking me to set up an account on an HR platform the company does not use and directing me to contact "your local HR" (but no indication how to actually contact them) when the link expired after five days.

    So far I've gotten three such emails total. First one was from the other store, the next two were from a generic HR address that doesn't exist; all addresses are no-reply. Not only that, but the second and third emails have an error "If you do not click this link within days of expiration" (first email specified 5 days, the rest do not)...all the emails came exactly five days apart. The links themselves look legit, I'm not clicking on anything.
    "I am quite confident that I do exist."
    "Excuse me, I'm making perfect sense. You're just not keeping up." The Doctor

  • #2
    It does look like a phishing attack.
    "I don't have to be petty. The Universe does that for me."

    Comment


    • #3
      Sounds like the NewJob's HR system has been compromised, and as I.A. said, they are using the data as a phish.

      Careful on what you click....

      B
      "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."- Albert Einstein.
      I never knew how happy paint could make people until I started selling it.

      Comment


      • #4
        My first thought was that ExJob did get compromised...kinda serves them right, I did warn them about assorted vulnerabilities a year ago and was ignored because I wasn't an official part of IT.
        "I am quite confident that I do exist."
        "Excuse me, I'm making perfect sense. You're just not keeping up." The Doctor

        Comment


        • #5
          Quoth Dreamstalker View Post
          My first thought was that ExJob did get compromised...kinda serves them right, I did warn them about assorted vulnerabilities a year ago and was ignored because I wasn't an official part of IT.
          That sounds like a movie trope.

          "Never believe the guy without credentials."

          I don't think it is confined to the movies. It happens all too often in real life.
          "I don't have to be petty. The Universe does that for me."

          Comment


          • #6
            ExJob's IT department wasn't all that bright, the few interactions I had with them. Too by-the-book when the majority of actual glitches were of the "That isn't supposed to happen" variety. They seemed too used to working with relatively closed systems up in the company office and not the chaos of a stockroom/salesfloor where anything could cause anything (and often did).
            "I am quite confident that I do exist."
            "Excuse me, I'm making perfect sense. You're just not keeping up." The Doctor

            Comment


            • #7
              Got another such email on 10/1; so far that makes 4, all exactly five days apart. The link is exactly the same in each one and looks like a legit [program] link...but that's in an email program so who knows. If it was a legit onboarding thing I would have been contacted elsewise.

              Sadly my "forensics" laptop (I don't use it other than trying to break software so NBD if it gets infected) is having issues so I can't delve into it just yet. Maybe I can use this as a test case in the security course I'm taking...
              "I am quite confident that I do exist."
              "Excuse me, I'm making perfect sense. You're just not keeping up." The Doctor

              Comment


              • #8
                You just reminded me of a Windows Security seminar I attended oh . . . two decades ago. They talked about – well, guess I remember only two things of note from it, and they're things that I HOPE have been rectified since then, but ya never know:

                1 - Windows' login screen has (had) all of the integrity of a sieve, and

                2 - Failed attempts to login to a system (with a bad password) are/were NOT logged under critical events (or whatever the category they use for "OMFG you need to know this right EFFing now!!" stuff), for some inexplicable reason; they were tracked elsewhere, but you had to know where to look. As such, you could just keep spamming the login screen unless there was a Policy that somehow prevented you from doing so.
                "For a musician, the SNES sound engine is like using Crayola Crayons. Nobuo Uematsu used Crayola Crayons to paint the Sistine Chapel." - Jeremy Jahns (re: "Dancing Mad")
                "The difference between an amateur and a master is that the master has failed way more times." - JoCat
                "Thinking is difficult, therefore let the herd pronounce judgment!" ~ Carl Jung
                "There's burning bridges, and then there's the lake just to fill it with gasoline." - Wiccy, reddit
                "Retail is a cruel master, and could very well be the most educational time of many people's lives, in its own twisted way." - me
                "Love keeps her in the air when she oughta fall down...tell you she's hurtin' 'fore she keens...makes her a home." - Capt. Malcolm Reynolds, "Serenity" (2005)
                Acts of Gord – Read it, Learn it, Love it!
                "Our psychic powers only work if the customer has a mind to read." - me

                Comment


                • #9
                  Quoth EricKei View Post
                  1 - Windows' login screen has (had) all of the integrity of a sieve, ...
                  Yeah, I remember when you could occasionally leave the password field blank (and even set your password as blank!) and gain access, or just cancel the password dialogue and get guest access to the machine by default. Heady days.
                  This was one of those times where my mouth says "have a nice day" but my brain says "go step on a Lego". - RegisterAce
                  I can't make something magically appear to fulfill all your hopes and dreams. Believe me, if I could I'd be the first person I'd help. - Trixie

                  Comment


                  • #10
                    To the best of my knowledge, prior to w2000, ALL users were effectively Admins, even if they were categorized as Guests within Windows. 98/SE did this, not sure about wMe. The seminar happened as XP was getting a decent foothold on the market.
                    "For a musician, the SNES sound engine is like using Crayola Crayons. Nobuo Uematsu used Crayola Crayons to paint the Sistine Chapel." - Jeremy Jahns (re: "Dancing Mad")
                    "The difference between an amateur and a master is that the master has failed way more times." - JoCat
                    "Thinking is difficult, therefore let the herd pronounce judgment!" ~ Carl Jung
                    "There's burning bridges, and then there's the lake just to fill it with gasoline." - Wiccy, reddit
                    "Retail is a cruel master, and could very well be the most educational time of many people's lives, in its own twisted way." - me
                    "Love keeps her in the air when she oughta fall down...tell you she's hurtin' 'fore she keens...makes her a home." - Capt. Malcolm Reynolds, "Serenity" (2005)
                    Acts of Gord – Read it, Learn it, Love it!
                    "Our psychic powers only work if the customer has a mind to read." - me

                    Comment


                    • #11
                      When I had office-computer privileges at ExJob, I somehow discovered that my [retailsoftware] login gave me unfettered access to not only the inventory program (only section I was supposed to have RWX rights to), but everything up to and including RWX for employee data (somehow I was able to view permissions on my login for the entire software suite). The last time I was able to gain access was just prior to the furlough, and at that time it had not been changed. I guess they figured that only allowing logins from that domain was security enough.

                      Got another email today (exactly 5 days from the last one). Whoever's doing this is persistent, I gotta give em that...
                      Last edited by Dreamstalker; 10-07-2020, 10:40 PM.
                      "I am quite confident that I do exist."
                      "Excuse me, I'm making perfect sense. You're just not keeping up." The Doctor

                      Comment


                      • #12
                        Quoth Dreamstalker View Post
                        ... Got another email today (exactly 5 days from the last one). Whoever's doing this is persistent, I gotta give em that...
                        On the 0.00001% chance that it's legit... still don't open it. They shouldn't have out-sourced their HR to an African Prince.
                        I am not an a**hole. I am a hemorrhoid. I irritate a**holes!
                        Procrastination: Forward planning to insure there is something to do tomorrow.
                        Derails threads faster than a pocket nuke.

                        Comment


                        • #13
                          I'd think that if it was legit, I would have heard something from ExJob's HR guy (the email I got last month would have been "would you be willing to transfer to another store?" rather than "kthxbai") and either him or the other store would have actually tried to call me.

                          ETA: A former CW has been getting the same emails I have, at the same frequency I think (I plan to see if she can tell me how many she's gotten, what dates, and what the sender is).
                          Last edited by Dreamstalker; 10-10-2020, 01:20 PM.
                          "I am quite confident that I do exist."
                          "Excuse me, I'm making perfect sense. You're just not keeping up." The Doctor

                          Comment

                          Working...
                          X