Job Offer Spam

Job Spam - iStudioWeb BlogWhile working on my new web site,, I started paying more attention to job offers I keep getting in my jobs-related mailbox. Interesting enough, the level of sophistication that spam achieves there is a little higher then on the average among my other mailboxes.

For example, in my regular inbox’s Junk folder I see same stuff where the subject line is torn off some news site where the body contains some spam, phishing or plain old scam content; I get Viagra e-mails where letters replaced with symbols and more symbols interjected; I see debt consolidation offers, offers to make my private parts large enough to stop fitting my pants and so on.

But just take a look at my jobs inbox – and the picture changes drastically. Almost no Viagra spam (or any sex-related spam whatsoever), a lot less “Your bank has suspended your account, visit this page to revalidate your account” sent from russian domains, not even a famous Nigerian or Russian Scam letter. What I see, however, is carefully crafted job offers that either lead you to some web page that dutyfully collects all your information, including Social Security number, address (maybe even previous two or three) and so on or require you to reply with your resume, salary requirements and filled out questionaire (with your demographic data, including SSN). For job application purposes, of course.

Actually, it never ceased to amaze me how much data is collected through a job application process. And while medical processing companies require full-blown training for ANY employee on securing PHI (Personal Health Information, that includes demographic, geographic and health info as well as history), head hunters are going as they please. At least I haven’t seen any disclosure that says “we promise we won’t use your data for anything bad”.

Since the whole process almost always takes place over the e-mail, you may never be able to figure out where your data went. Is it sitting in some poor chap’s Excel spreadsheet? Is it sitting in some data warehouse? Is it being sold with information of thousands people like you to the highest bidder on the “gray market”? Can you find out?

It would be interesting to set up an experiment like that. Close to October, when (I hope) job market will freshen up a bit, I am thinking on setting up something. Will keep you posted.

technology web

RSS Is Your Key To Success

Couple of months ago I did a little “research” – I asked people around to find out if they know anything about RSS. Turns out – none of my business-oriented colleagues knows that term. Even more – they have no idea what news aggregator/reader is and actually read news from all the web sites they are interested in by actually visiting those web sites.

Here is your chance to shine. Offer your clients/dealers/affiliates an RSS stream of company news, price updates, discounts. Make sure they know what it is. Make sure they know how to use it. Stress that RSS, unlike e-mail, will not be a stream of spam, so they can read your content free of spam and annoying ads. Customize RSS feeds so that it will supply different information to different groups – customers, dealers and affiliates.

Next thing you know – RSS may have a chance to replace e-mail in your company altogether. It’s cheaper, faster and more reliable. Too bad no one notices.


Twitting in a new way

There is a post on Mashable that outlines how to game Twitter into becoming a natural environment to spread malware. There is little to none incentive to create pure spam feeds, as they will, undoubtedly, be closed and all future links will be marked with “nofollow” attribute. Malware, however, is whole another story. In this case the attacker doesn’t have to have clean direct links. In fact, as it is mentioned in original article, attacker, actually, have to mask destination with some sort of shortener (worse yet, if the link looks like “legit” affiliate link). By gathering large enough audience, an attacker can get to them in a single strike. And if the destination look innocent enough, he might get away with it just long enough. After all -it all is still same old social engineering.

Educated guess says that Jaiku might be vulnerable the same way. Just look what happened to the (aka Blogspot) – it became free doorway hosting service right at the beginning…