Search Engine Optimization & Web Hosting Solution

TOKYO (MacHouse) - More than three hours ago, an organized cyber criminal group sent out a spam message for those who are desperately looking for a job. Sender’s name is shown GULFOILANDGAS and sender’s e-mail address as employments.gulfoil@googlemail.com. The title of the message is PART TIME JOB OFFER TO HELP SUPPORT THROUGH THE RECESSION. The junk message goes as follows.






Yeah(Open Only to US/Canadian/UK Citizens and Residents)

We are glad to offer you a job opportunity at GULF OIL AND GAS.

We need someone to work for the company as a Representative/Book Keeper based in North America. This is due to our not having an office presently in the USA/Canada or UK. You don’t need to have an Office and this certainly will not affect your present job. The Company produces the following varieties of oil servicing equipments and provides quite a number of services:- Deluge Valves,Carbon steel Gear, Oil Hose Reel, etc.Our Service, Products, Operations across Rigs and refineries in Africa and the Middle East are second to none, we provide meticulous but yet speedy services on-shore and off- shore with our State of the art products.
* The average monthly income is about $4,000.00 USD.
* No form of investments from you.
* This job takes only 1-3 hours per day

About The Job:

We have sales representatives all over the world to distribute our products..You know, that it’s not easy to start a business in a new market (being the US)..There are hundreds of competitors, close direct contacts between suppliers and customers and other difficulties, which impede our sales promotion.We have decided to deliver the products upfront, it’s very risky but it should push up sales on 25 percent. Thus we need to get payments for our products as soon as it’s possible. Unfortunately we are unable to open Bank Accounts in the United State (US) without first registering the company name and preparing logistics for warehousing and integrated shipment. Presently with the amount of Orders we have, we cannot put them on hold. For fear of losing the customers out rightly. Secondly we cannot cash these payments from the US soon enough, as international Checks take about 14 working days for cash to be made available.

We lose about 75,000 USD of net income each month because we have money transfer delays*Your task is to coordinate payments from customers and help us with the payment process.You are not involved in any sales. Once orders are received and sorted we deliver the product to a customer (usually through FEDEX Or UPS). About 90 percent of our customers prefer to pay through Certified Cashiers Checks and Money orders based on the amount involved.

Your Task

We have decided to open this new job position for solving this problem.
Your tasks are:
1. Receive payment from Customers
2. Cash Payments at your Bank
3. Deduct 10% which will be your percentage/pay on Payment processed
4. Forward balance after deduction of percentage/pay to any of the offices you will be contacted to send payment to.
(Payment is to be forwarded either by Money Gram or Western Union Money
Transfer).






(See Screenshot 01.) $4,000 a month? Whoa… Sounds too good to be true… Before applying for a job, take a minute and think wisely. If there were such lucrative job positions available, you wouldn’t be seeing this junk message in the first place because… Jobs would have been all taken before you ever see it. What are chances that a man from a rural area in Nebraska will find a stack of $100 bills sitting in the middle of Wall St? Zero.  

Screenshot 01 - Source: MacHouse

Screenshot 02 - Source: MacHouse

Screenshot 03 - Source: MacHouse

Screenshot 02 shows the HTML source code of the spam message. It indicates that the fake job opportunity message came from a web server whose IP address is 66.84.29.172. According to ARIN (See Screenshot 03.), this IP address is assigned to a web hosting company called Jumpline.com, whose office is located in Grove City, Ohio. (Screenshot 04 shows the index page of Jumpline.com’s website.) The header mentions the domain of nysteachs.org. If you access 66.84.29.172 with a web browser, you can access NYS-TEACHS’s website. (See Screenshot 05.) And NYS-TEACHS runs the website at nysteachs.org. So it appears that the website found at the domain of nysteachs.org is hosted by Jumpline.com. Therefore, the immediate source of the junk job opportunity message is the web server used by NYS-TEACHS.

Screenshot 04 - Source: Jumpline.com

Screenshot 05 - Source: NYS-TEACHS

Screenshot 06 - Source: Suddenlink Communications

Furthermore, the header indicates that the true origin of the message is traced to the IP address of 74.196.84.15. The node name associated with this IP address is correctly recorded as c74-196-84-15.dh.suddenlink.net, which belongs to a cable broadband provider called Suddenlink Communications. (Screenshot 06 shows the index page of Suddenlink Communications’s website.) Most likely, the spammer controlled a zombie computer whose ISP is Suddenlink Communications to access NYS-TEACHS’s web server to send out the junk message.

So who is behind this fake job opportunity scam? It’s probably a Nigerian scam group consisting of half-restarted people without formal education. This group often uses a corporate address in the U.K. In this case, the address the spammer uses is






13 Haslemere Avenue
CR4 3BA
Mitcham
London

********** ********** ********** ********** ********** ********** ********** **********

MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?