Tuesday, March 17, 2020

Recruitment Scam

I am posting it to get these domain names into the search engines in the hopes that others will find this when searching and realize that it is a scam.  The relevant information from the below story is:

The Job Dice
thejobdice.com
sean@thejobdice.com
info@thejobdice.com
7 Park Row, Leeds, West Yorkshire, LS1 5HD
+44 01133280523

procaccia
pro-caccia.com
info@pro-caccia.com
care@pro-caccia.com
27 Old Gloucester Street, London, United Kingdom, WC1N 3AX
+44 20 3289 5498

Yesterday a friend received a call from a recruiter indicating that they were reaching out on behalf of a company that was interested in hiring her.  After a preliminary discussion, they scheduled a followup Skype call for the next day.

The next day the spoke in detail about the opportunity and it sounded great.  At the end of the call, my friend was told that they needed to register with the Recruitment company, for a fee, after which point her she would be put in touch with the company.



This sounds a little suspicious since a recruitment company would be retained by the employer and paid by the employer.

The company is thejobdice.com  https://thejobdice.com.

A quick search showed that the domain was registered December 12, 2019 (very recently) and that expires December 12, 2020.  What company only registers their domain name for 1 year.  Very strange.

The SSL certificate associated with thejobdice.com was a 3 month lets encrypt certificate, which is free and does not require any verification of the company, only verification of the domain name.  Very strange for a legitimate company to have this type of certificate.

The registration page which request payment is being hosted on the domain pro-caccia.com.  (https://pro-caccia.com/advance-payment/stripe185.html).  The page is designed to loop like stripe, but I am pretty sure that it is not.

And again we have a suspicious 3 month let's encrypt SSL certificate for pro-caccia.com.  My understanding is that with a service like stripe your Credit Card information does not go to the client website, but goes to stripe directly.  This is how they help websites maintain their PCI compliance... by allowing the website to not collect this sensitive information.  So this makes no sense.

Interestingly pro-caccia.com offers website design and resume writing services. They even have a page that describes their refund policy.  https://pro-caccia.com/refund-policy/ but the language is a little circular.

"All Procaccia vendors (product and service providers) are required to provide full, unconditional refunds to Customers up to 2 days from the day of purchase."

followed by

"A product or service provider may or may not decide to give a refund during this two days period."

Sure.  The Pro-caccia.com domain has been around since 2015, so perhaps this is a real company, that offers real services, and had a bad actor that they are hosting.  Or maybe that are a real company that is a bad actor considering the they offer resumes services, and the scam is about recruitment of resume services.

So in the end this SCREAMS scam.