Online fraud affects people anywhere in the world. Recently a group of researchers detected a Facebook post offering jobs at Ara Stores, a chain of stores based in Caldas, Colombia; at first glance this seems to be an attractive job opportunity, however, it is a scam that could affect hundreds of people.
The publication offers eight different jobs with flexible hours and a competitive salary. Interested parties should contact the company by email mentioned in the publication (laboraconara.jeronimomartins@gmail.com). At the time of its detection, this publication had already been shared by more than 100 people.
In analyzing the publication, the specialized website Colombiacheck detected some anomalies in the publication, such as poor wording, in addition to the contact email address not belonging to the official domain of Ara Stores. Because of this, the researchers contacted a representative of Ara Stores, who confirmed that this publication is false, as any job offer from the company is published through its official website (aratiendas.com).
To fully confirm that it was a fraud, investigators sought job offers published by Ara Stores, finding only one vacancy, unlike the alleged eight vacancies advertised by the fraudsters.
However, the clearest indication that something is not right in this post is the fact that the email belongs to a Gmail address, which is by no means used by the company. Fraudsters sought to deceive people by using the name Jerónimo Martins, a Portuguese company that owns Ara Stores.
Regarding the intentions of threat actors, investigators mention that fraudsters ask those interested in vacancies to send money to ensure the application of some exams, which of course is false. This is not a new attack variant in the South American country, as previous research found that multiple threat actors have tried to deploy similar campaigns to extract personal and financial information from hundreds of inadvertent users.
For security, users are advised to look for employment only on specialized platforms, as the absence of verification on social networks could be exploited by threat actors to deploy malicious campaigns.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.