Phishing/Hacking Attempt

In April, I got an email about a CTO-level position. It was a personalized message. The person writing it knew who I was and my capabilities. Naturally, I checked it out. It never hurts to talk to people. As is typical, a résumé/CV was not enough. I had to use that company’s web-portal. Okay, why not. I have time, says the dog.

I didn’t hear back. I should have suspected something given the lack of response. Now, everyone gets rejected, even people like me. (Especially people like me.) There’s nothing odd about getting turned down. That said, above the VP level, you get a personal response and a truthful explanation of why you didn’t get the job. Usually, it’s impersonal (it could be, “the other candidate has 20 years more experience”) and you move on. If you don’t hear anything, at my level, it’s fishy. Or, should I say, phishy?

It was a fake job portal. The company that this attacker purported to be was not looking for a CTO. To be clear, they had no involvement in this and were professional in every way.

A few weeks later, someone tried to access my account on multiple cloud services using the password I used (I create a new one for every job site) and hundreds of variations thereof. I got calls about this. (No one got into anything.) These attempts came from a reputable technology company in the San Francisco Bay Area. I know exactly who they are and what they were after. They’re probably pissed off that they weren’t able to get into it.

At this time, that is all I intend to say.

11 thoughts on “Phishing/Hacking Attempt

        • I’m staying out of the politics as it’s their fight. I am commenting as an expert on security & espionage. There’s three reasons & goals in espionage to grab his account if he’s a political opponent: (a) get intel on whatever he’s going to say to have a rock-solid counter to it ready by publication time, (b) use his account to do something that discredits him, or (c) destroy his files and any backups if possible as actual damage + a mental blow. If he’s got serious dirt on wealthy people, they might try one of these techniques combat what they see as a threat to their wealth machine.

          That’s how I see it. It could also be a spearfishing campaign like any other or just someone he pissed off that isn’t who he thinks it is. Could be anything. It’s why general security across the board is important for people in general. Especially activists, though.

  1. Initial impulse was to consider you naive for spending time filling forms on a corporate recruiting site. If you haven’t read the article “Thanks for Submitting Your Résumé to This Black Hole” then you should.

    Rule of thumb is never spend more than 10 seconds (time it takes to submit a PDF resume) on anything that doesn’t involve an equal amount of time as the one spend by you from the recruiting site. Registration and complex forms, automated programming tests, homework assignments.

    If you spend 2 hours and they spend zero, this allows them to put you in competition with 10,000 equally-matched candidates. Just as good as you, imagine! (Well, not really, not when you’re one in 10,000 but then you’re lost in the crowd anyways). And then, your chances of passing that interview are 0.01%, you’ve got better odds at winning the lottery.

    But if you spend two hours and they spend two, this *forces* their recruitment process to figure out competent candidates from a much smaller pool. Quality, that is.

    Anyways, you seem to have an additional problem compared to us, the anonymous. As you’ve put yourself in the light of reflectors, you gotta pay extra attention to details I would not care about. In your case they manipulated your ego (and you’ve got quite a bit of it ;), that happened to me too in the early days but they definitely didn’t target me for darker reasons than being scummy recruiters.

    • I like the reasoning here. That said, a lot of companies make everyone go through the usual channels, even if someone on the other side is going to pull you through.

      Keep in mind, of course, that the company being represented had no hand in this scam. Also, since I used a throwaway password, I wasn’t worried about it.

  2. Glad you like it. Same perception here about your posts in general, especially the deleted ones 🙂

    >> That said, a lot of companies make everyone go through the usual channels, even if someone on the other side is going to pull you through.

    If you’re really a boss then no, they don’t. At least I never ever saw such a case, albeit I saw plenty of guys getting pulled out of nowhere to be placed on the right position.

    I’ve other rules too, which I haven’t posted above since they’re relatively recent (social) discoveries of mine and I haven’t yet validated them in the real life.

    Problem is, in a Gervais world that you wrote about, these would be pretty much executive rules. Which means I can’t ask them to the clueless peons I encounter in HR and hiring interviewers. Like:

    1) I’m accepting a regular interview with the condition that the guy interviewing me must have at most 5 years *below* me. I’ve no problem being interviewed by a 79 years old but 35 and lower I’m only accepting at a stretch.

    2) The reason for #1 was explained by Mark Twain: “When I was a boy of 14, my father was so ignorant I could hardly stand to have the old man around. But when I got to be 21, I was astonished at how much the old man had learned in seven years.”

    I’m getting into my 40’s soon and I’ve pretty suddenly grew aware of my age and position. I’m tired of being asked questions, asked questions, and fucker asking them doesn’t even have the innocence of my 5 years old son who at least asks because he doesn’t know. Imbecile teenagers don’t ask questions, they tell you what they know.

    I wanna work WITH and not FOR someone. And that implies I’ve got questions of myself too. Far many than answers. And I’m looking for guys like me (#1) whom you can ask questions.

    • That is a thing, isn’t it? I’ve turned 40 recently. About 5-7 years ago, companies bent over backwards to hire me. Now, it’s always some 24-year-old who doesn’t know what he’s talking about, out to prove to the world he’s better than me. I’ve given up, honestly.

  3. Following yesterday’s thought, I applied to several big banks high-ranking positions, which from the start invalidates a bit about my idea about max 10 seconds pitch. Because, thinking about it, that’s superseded by a large margin by being able to be part of a smaller crowd. It’s still, it’s always about probabilities, but 1 in 1,000,000 who submit their resume’ automatically is a bit worse than the 100 who go through the Claudine forks of what it takes to get into the internal recruitment system of a big bank.

    Aye, that’s it for today. Anything new (and ideally, entertaining) on your side?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s