SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Fake Hamleys jobs posted on Gumtree

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
MsKBee
Hello I'm New here!


Joined: 20 Aug 2010
Posts: 3


PostPosted: Tue Aug 24, 2010 3:15 pm Reply with quoteBack to top

Two ads posting on Gumtree purporting to be from Hamleys:

Quote:
Hamleys Receptionist 28k and Hamleys Store Retail Assistant 28k


They also posted another one for a call centre agent for 24K.

Even though the salary is unbelieveable for those types of positions I applied for them and received the following replies for both jobs:

From: [email protected]

Dear Applicant,

After taking a look at your application, I am glad to let you know that have made the shortlist.


I have attached a copy of the application pack which includes the application form. Please unzip the folder and double click on the application form, fill it out and send it back to this email address.

We will be interviewing candidates by the end of next week and hope to invite you for an interview as we are interested in your application.

Thank you.


The application form is a .rar file which will not open on anything on my laptop

Very fishy!!!

What type of scam is this???

Definately not Hamleys as they would not use a Hotmail and Live email account and would have their own domain.

I HATE scammers that try and con jobseekers as if it isn't hard enough trying to find a job at the moment without these tricksters!! Evil or Very Mad Evil or Very Mad
View user's profileSend private message
prettyface
Hello I'm New here!


Joined: 24 Aug 2010
Posts: 1


PostPosted: Tue Aug 24, 2010 6:59 pm Reply with quoteBack to top

I received the exact same email! I rang Hamleys too, as I was excited when I first received it.. the attachment 'application.rar' was however blocked by anti virus on the work computer, then at home I needed winzip to open it. Thank goodness I didn't as now found out its a scam. Apparently loads of people have been ringing about it! Sad Gutted! I did think the salary was too good to be true, and apparently they pay employees by an hourly rate and not annually!

I even stupidly replied to the email as well indicating that I had received it. I feel very stupid now but am glad i'm not the only one who received it.

Hannah
View user's profileSend private message
grimbleton
Not quite a Newb


Joined: 24 Aug 2010
Posts: 53
Location: dodging gridbugs


PostPosted: Wed Aug 25, 2010 7:35 pm Reply with quoteBack to top

MsKBee wrote:

Quote:

I have attached a copy of the application pack which includes the application form. Please unzip the folder and double click on the application form, fill it out and send it back to this email address.



even though i know that the file is probably a bunch of junk, i'm curious to see what's inside it. unfortunately, i'm living a "mobile lifestyle" (RV) and i broke down/packed away my "big box" and am using computers at local libraries, etc.

perhaps another experienced-someone else could open it (or check it out with a good hex editor?) to satisfy human curiosity?


grimbleton
View user's profileSend private message
Mr Tambourine Man
Baiting Guru


Joined: 06 Jun 2008
Posts: 3386
Location: Magic swirlin' ship


PostPosted: Wed Aug 25, 2010 8:03 pm Reply with quoteBack to top

Employment scams are common, aimed at those wanting to take up jobs in the UK or USA. They involve the victim paying for imaginary work permits, etc by Western Union.
I hadn't come across one of these scams involving Hamleys before, or scammers using RAR compression, so I'm not sure what is going on here.

_________________

Closed lad accounts x 4
3 dead websites

is always Good when you have the zeal to be a hitwoman when you out of school,it makes you bold and reall and it makes you more high than any other of your friend.
you dont have a phone.that makes makes you joe butt. Fuck you and go find something to do man. Stop disturbing me please.
This is definitely why you will remain and die in poverty, ignorant of good things and easy acknowledgment of bad things and words. Shame on you, you wicked generation children.
i went you to no that this is not a cheld pray. i went you to get back to me
we are not scammer,we hate scammer as you do.scammer make out life harder and harder,a lot of people think we are scammer,in fact,we are not!! please trustt us
View user's profileSend private message
TaleSpinner
Wannabe Baiter


Joined: 27 Apr 2010
Posts: 82
Location: Ooh! There I am!!


PostPosted: Wed Aug 25, 2010 8:36 pm Reply with quoteBack to top

If you want to get a copy of the .rar to me, I'd be happy to analyze it.

_________________
Nothing to brag about yet.
View user's profileSend private messageYahoo Messenger
TaleSpinner
Wannabe Baiter


Joined: 27 Apr 2010
Posts: 82
Location: Ooh! There I am!!


PostPosted: Thu Aug 26, 2010 6:44 pm Reply with quoteBack to top

Got the copy of the files. "APPLICATION PACK.rar" and "APPLICATION PACK.zip" contain the same three files, just in different compression formats. We have:
Code:
885ac588f9c98a586a2c6bfe40225c10  Application Form.exe
1271d1d6a15320db0937b4e51519b759  smssz.exe
667325342a459d75214cfdd3df0461a0  zeitgeist.exe

All three files are malware... looks like 2 viruses and a worm. They are all downloaders, so it will take me a little while to get a better analysis of them... I'll edit this post when I know more.

Until then, I wouldn't open those archives.

<EDIT>
Ok, finished looking into these. Nothing particularly special. It's your run of the mill trojan horse broken into 3 parts to make detection a bit harder. The main file, Application Form.exe, really only serves to launch the other two programs and make sure they stay running. The second file, zeitgeist.exe, calls home to "cityzz.tripod.com" and downloads "209.202.252.50/ACCESSCODE.txt". It appears to also collect general information, such as type of your computer, user account names, country, stored HTML form data, etc. Looks like it can do a lot more, but it requires some form of interaction with a controller. The final file, smssz.exe, seems to be a stripped down variant of the ZBot trojan (the precursor to Zeus). It's main goal is to steal banking details. It pays extra special attention to:
Code:
Internet Banking: HSBC Bank UK - Microsoft Internet Explorer
HSBC
Internet Banking: HSBC Bank UK - Windows Internet Explorer
MozillaUIWindowClass
Internet Banking: HSBC Bank UK - Mozilla Firefox
Chrome_WidgetWin_0
Internet Banking: HSBC Bank UK - Google Chrome
{1C03B488-D53B-4a81-97F8-754559640193}
Internet Banking: HSBC Bank UK
Bank of Scotland - Welcome to Online - Microsoft Internet Explorer
BOS
Bank of Scotland
Bank of Scotland - Welcome to Online - Windows Internet Explorer
Bank of Scotland - Welcome to Online - Mozilla Firefox
Bank of Scotland - Welcome to Online - Google Chrome
Bank of Scotland - Welcome to Online
Log in to Digital Banking - Microsoft Internet Explorer
RBS
Halifax Secure Login
Log in to Digital Banking - Windows Internet Explorer
Log in to Digital Banking - Mozilla Firefox
Log in to Digital Banking - Google Chrome
Log in to Digital Banking
Halifax - Microsoft Internet Explorer
HAL
NAT
Halifax - Welcome to Online - Windows Internet Explorer
Halifax - Welcome to Online - Mozilla Firefox
Halifax - Welcome to Online - Google Chrome
Halifax - Welcome to Online
Log in to online banking - Microsoft Internet Explorer
Log in to online banking - Windows Internet Explorer
Log in to online banking - Mozilla Firefox
Log in to online banking - Google Chrome
Nationwide Building Society - Internet Banking - Microsoft Internet Explorer
WDE
Nationwide Building Society - Internet Banking - Windows Internet Explorer
Nationwide Building Society - Internet Banking - Mozilla Firefox
Nationwide Building Society - Internet Banking - Google Chrome
Nationwide Building Society - Internet Banking
Santander - Log on - Mozilla Firefox
ABZ
Santander - Log on - Microsoft Internet Explorer
Santander - Log on - Windows Internet Explorer
Santander - Log on - Google Chrome
Santander - Log on
Lloyds TSB - Logon - Mozilla Firefox
TSB
Lloyds TSB - Logon - Microsoft Internet Explorer
Lloyds TSB - Logon - Windows Internet Explorer
Lloyds TSB - Logon - Google Chrome
Lloyds TSB - Logon

So, if you've run this, give your machines a good hosing off and change all your passwords. And turn on file extensions in Windows Explorer... that way you can tell if the "Word Document" you are about to open is really a binary executable (.exe) Smile.
</EDIT>

_________________
Nothing to brag about yet.
View user's profileSend private messageYahoo Messenger
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



** Find out information about your IP address **


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT