I posted this in the careers channel in Slack at Lambda, but I wanted to do the same here, as a cautionary tale:

So, last week I applied to a few developer positions to test the waters, and I actually heard back from two of them. One turned out to be a phishing attempt, however, and I wanted to share, in case any of you find yourselves in similar situations.

I had applied to some developer positions using ZipRecruiter. Some of them ended up linking out to LinkedIn, and used their system for applying. On Monday, I received an email regarding one of those positions. It included references to what I’d applied for, and in the morning hours, with kids running around, it looked legitimate.

The email instructed me to reach out via email and Skype to schedule a screening interview. The window was Monday and Tuesday between 10AM – 5PM, It was already around 11AM on Monday, so I immediately reached out to the person specified in the message on both Skype and through email. I was shortly afterwards in a Skype ‘interview’ that gobbled up 3 hours of my day before I realized it was a scam.

Anyway, I’m attaching the email I received, so others can compare it with email that they receive, a screenshot of the opening Skype chat, and (although lengthy) a transcript of the 3-hour chat. The chat is just there in case anyone wants to see the questions that I was asked, and how I garbled my way through it.

In the chat, at 3:07, when I said that an email had been sent, it hadn’t. I had realized by then that this was a phishing attempt and wanted to see what the ‘interviewer’ would say if I said I had emailed but they received nothing. It was as expected. They asked for the same info in chat to ‘confirm’ what was sent.  They wanted my full name, home address, phone number and email to start. I’m sure that once that was sent, they’d follow up asking for bank account info or something else so they could send me the alleged funds they had waiting for a home office, and so on. They’re just trying to get more info in stages.

Its interesting to note that prior to responding, I Googled the person who emailed me and the person who I was supposed to email back, and found both of them on the company’s website. The avatar of the person I Skyped with was the same image from the company website.

I should have paid more attention to the email addresses early on though and saved myself a chunk of a Monday. Here’s a copy of the chat. It was a 3-hour-tour: