Job Hunting? Be Careful About Unsolicited Email Job Offers
- Comments: 4
- Written on: April 2nd, 2007
Syndicate This After I exposed the defacement of the NOAA’s website last month, I was approached by a company contracting for the Defense Department in Qatar (pronounced cutter), a country outside of Iraq. They managed some servers for the troops in Iraq and needed a network administrator. They offered me $100,000/year plus benefits to take the job.
Of course, I refused the generous offer, but it highlights the fact that in today’s world, unsolicited job offers can be real and they can come out of the blue. While it is always a compliment to be specifically recruited, caution is needed to protect yourself from the wide array of possible scams that arise from such offers. In a world where many people post their resumes online, all sorts of undesirables can end up contacting you.
Take for example an email I received this afternoon from a company called Expanxion, a California-based recruiting firm that scrapes the resumes you put online and then spams your inbox with poorly targeted job offers. This particular email made it through not one, not two, but three separate email filters I had in place.
The email was from Matthew Strassberg and he was offering me a job as a Security Researcher. Ironically, the skill-set they were looking for was the exact skill-set that would be required to put together a system to scrape email addresses from websites and then send unsolicited email to them.
I was in a bit of a playful mood, so I decided to give Matthew a call to see if he was a real person, or if there was some spammer out there soiling this company’s name. It turned out that Matthew was indeed a real person, and he did indeed have a job for me if my skills match the position. But I thought that is why you send me an illegal spam message in the first place Matthew… Now the fun really began!
His email read (edited for length):
I work with Expanxion, a recruiting firm that places technology professionals in full-time permanent jobs.
I came across your resume, and you appear to have some of the skills necessary for the position below. Please let me know if you or anyone you know may be interested in this, or would like to hear about some of our many other opportunities throughout Northern and Southern California. If qualified and interested in applying for this job please attach your resume in Word format.
Redwood City, CA
We are looking for a researcher to join our highly talented team. Our research team is on the cutting edge in defense against attacks from malicious code, and we are looking for a candidate with leadership and vision. This position is fast-paced and plays a key role in the success of the company.
The candidate is expected to be self motivated and ensure commitments and project goals are met. Strong problem-solving and troubleshooting skills are a must, as a full solution to many problems faced in the role may either not be apparent or may simply not exist.
Experience at identifying Windows malicious code
Working knowledge of exploitation tools and techniques
Understanding of x86 assembly language, C/C++, Java, and scripting languages such as PERL
Experience in penetration testing and vulnerability assessment a plus
Manager, Sr. Technical Recruiter
3182 Campus Drive #227
San Mateo, CA 94403
Tel: 650-261-0211 begin_of_the_skype_highlighting 650-261-0211 end_of_the_skype_highlighting
I asked Matthew how he got my name on his mailing list and he admitted to me that they use an automated program to harvest email addresses, match them up with job offers and send the resulting messages to those addresses.
But wait… It gets better. Next I asked him to remove me from his mailing list, and he advised me that I should just configure my spam filers to block his emails. Keep in mind that his message penetrated a Barracuda Spam Firewall, a commercial anti-spam program I run on my laptop, as well as my Outlook 2007 spam filter. My guess is if Matthew wants to send me an email, he will find a way.
Lastly I informed him that what he was doing was a violation of the CAN-SPAM Act. I asked him why there was no removal link in the email or no form on his website, as required by law. Matthew didn’t really have a good answer for me, but he wished me well in my job search (which of course I haven’t done in over 9 years) and ended the call.
Matthew, the whole point of this post is to point out that with a little more effort you could at least make your company operate within the law. Now I am not saying that a “remove” link would make me want to get your poorly targeted email messages. However, I have reported your activity to the FTC via their online form, and I would encourage anyone else that gets these emails to do the same. Its not very often you get to pin a spam email message on a specific person, but this is definitely one of those delicious opportunities.
- If you liked this post, subscribe to my feed!
- Comments: 4