Skip to main content
Back to Research
APT42
Charming Kitten
Mint Sandstorm
Phishing

Fake Job Boards

Published on: 
November 15, 2024
On This Page
Share:

Fake government job boards attempt to trick job seekers into providing personal information that may be used for fraud, phishing, or other malicious purposes. The bad actors behind these fake job boards cause harm by either soliciting an application fee from victims or by instructing them to download malicious files or deceiving victims into giving personal information such as resumes, historic addresses and contact information.

Multiple countries were identified as targeted by a high number of fake government job boards. For instance, many of the identified domains masquerading as US government job boards were reportedly associated with email campaigns. Those in Pakistan and India appear largely fraud related and employ WhatsApp and Telegram groups. Fake Taiwanese government job postings are suspected to be harvesting personal information for phishing and fraud.

Similarly, nation states such as North Korea also host fake job postings for phishing, and creating fake personas in attempts to be hired by and gain access to western tech companies.

Details

Fake US Government Job Websites

A cluster of domains that goes back to early as 2017 and associated mail servers have been used in email spam. The domain names masquerade as government job or contract bid sites. The domains are frequently configured to redirect to legitimate government job sites such as govcb[.]com and governmentcontracts[.]us likely for the purpose of appearing more legitimate upon inspection.

Example mail server:

Website Titles Domains
Government Contracts | State, Local, and Federal Contract Opportunities in U.S. govcb-bids-alert[.]us
govcb-bids-bulletin[.]us
govcb-bids-notice[.]us
govcb-contracts-alert[.]us
govcb-contracts-news[.]us
govcb-contracts-notice[.]us
governmentbiddersinfo[.]us
governmentbiddinginfo[.]us
governmentcontracts-bids[.]us
governmentcontracts-opps[.]us
govnt-contracts-bulletin[.]us
govnt-contracts-news[.]us
govnt-contracts-notice[.]us
govtcontracts-bids-news[.]us
govtcontracts-bids-notice[.]us
topicfocus[.]com
usagovnmt-bids-alert[.]us
usagovnmt-contracts-alert[.]us
IP Addresses Email Addresses
185.227.110.78
44.215.207.48		 bizoppscast[@]gmail[.]com
9d8a0b48cf9f33e2s[@]gmail[.]com
openfos[@]gmail[.]com
ibcwork2000[@]gmail[.]com
bobbykin[@]gmail[.]com
dnswizard[@]gmail[.]com

Fake Taiwanese Government Job Websites

Spoofing as the legitimate taiwanjobs[.]gov[.]tw website for the purposes of phishing, information gathering, and credential harvesting. Taiwanjobs[.]gov[.]tw website reports the following message of ongoing phishing activity using fake look alike websites.

Website Titles Domains
台灣就業通 - 找工作 -- 一般會員登入 taiwanjobs-govi[.]store
job-taiwanjobs-gov[.]shop
taiwanjobs-gov[.]shop
taiwanjobs-govl[.]shop
taiwanjobs-govi[.]shop
taiwanjobs-govi[.]store
taiwanjobs.tv-login[.]shop
taiwanjobs.login-hk[.]shop

Fake MELA Government Job Websites

Mela Network is the Middle Eastern arm of a global network spanning 46 countries. Their website states: “Mela's mission is to help executives in the MENA (Middle East and North Africa) region grow professionally and personally by exposing them to best practices in leadership and connecting them with a global network of peers.” [https://melanetwork.org/]

Website Titles Domains
Latest Government Job Updates govtjobmela[.]com
WhatsApp / Telegram / Form Links Trackers
https[:]//whatsapp[.]com/channel/0029VamcZ7z2f3EFetXjBT0Y
https[:]//forms[.]gle/cMGVxKaQtedP5aEn9
https[:]//docs.google[.]com/forms/d/e/1FAIpQLSc6XXH5piHCg6NAqf32tqifOCgGLoxsvSvvI7z7K7GDVvJGJw/viewform?usp=send_form		 N/A

Fake Indian Government Job Websites

Website Titles Domains
Homepage - Indian government job
Odisha govt job.in
Free Govt.Jobs New		 indiangovermentjob[.]com
odishagovtjobb[.]com
freegovtjobsnews[.]in
WhatsApp / Telegram Links Trackers
https[:]//whatsapp[.]com/channel/0029Vaf9yFa8qIzszkVsxC22
https[:]//t[.]me/odishagovtjobs_in
https[:]//telegram[.]me/freegovtjobsnews
https[:]//whatsapp[.]com/channel/0029Va9BF444tRrpPdiJ9Q3m		 https[:]//www.googletagmanager[.]com/gtag/js?id=AW-827762966
https[:]//www.googletagmanager[.]com/gtag/js?id=G-CB0GVX4XGH
https[:]//www.googletagmanager[.]com/gtag/js?id=G-2FFTX02ZD9
https[:]//www.googletagmanager[.]com/gtag/js?id=G-B2J2TJBSQ1

Fake Pakistan Government Job Websites

Fake Pakistan government job boards similar to those for Indian government job boards. WhatsApp channels and Telegram group links are displayed on pages. Many of these sites are suspected to be used for phishing and fraud. 

Website Titles Domains
Latest Government Jobs in Pakistan
Pakistan Governments Jobs 2024
Pakistan Governments Jobs
Government Jobs in Pakistan		 govtpakjobz[.]com
govtpakjobz[.]world
govtsjobspak[.]com
pakgovtsjobs[.]com
govtjobspk[.]online
dailygovtjob[.]site
allgovtjobz[.]pk
pkgovtjobz[.]site
pakistanigovtjobs[.]com
govtjobz[.]online
WhatsApp / Telegram Links
https[:]//whatsapp[.]com/channel/0029VakKrcuHLHQaZ1GCtn0y

Conclusion

Fake job boards are common around the world. They seek to take advantage of job seeker’s motivations in order to harvest personal information and may lead into additional fraud schemes, phishing, identity theft, and malware delivery.

Job seekers should conduct research on job postings before applying, recognize domain name masquerades and be wary of unsolicited job offers. Additionally, it's crucial to recognize red flags such as unexpected fees, high-pressure tactics, requests for sensitive personal information, and unknown personas offering special favors.

IOCs

govcb-bids-bulletin[.]us
govtcontracts-bids-notice[.]us
govtcontracts-bids-news[.]us
govcb-bids-alert[.]us
governmentbiddinginfo[.]us
governmentbiddersinfo[.]us
govcb-bids-notice[.]us
govcb-contracts-notice[.]us
govcb-contracts-news[.]us
govcb-contracts-alert[.]us
governmentcontracts-opps[.]us
governmentcontracts-bids[.]us
topicfocus[.]com
govnt-contracts-notice[.]us
govnt-contracts-news[.]us
govnt-contracts-bulletin[.]us
usagovnmt-contracts-alert[.]us
usagovnmt-bids-alert[.]us
govnmtcontractsbulletin[.]us
govnmt-contracts-notice[.]us
usagovnmt-bid-opps[.]us
usagovnmt-contract-opps[.]us
govnmt-contracts-board[.]us
usagovnmt-contractopps[.]us
govnmt-contractsboard[.]us
usagovnmt-bizopps[.]us
govnmt-contractbids[.]us
govnmtcontractsboard[.]us
govnmtcontractbids[.]us
usagovnmtbizopps[.]us
usagovnmtcontractopps[.]us
usa-govt-bid-opps[.]us
government-bids-notice[.]us
usagov-bidopps[.]us
usa-govt-bizopps[.]us
usa-govt-biz-opps[.]us
usa-govt-bids[.]us
governmentbids-alert[.]us
usa-govtbidopps[.]us
govbids-alert[.]us
usagovt-bidopps[.]us
usa-gov-bidopps[.]us
usa-gov-bizopps[.]us
usagov-bizopps[.]us
gov-bidsnotice[.]us
govbidopps[.]com
thytalk[.]us
wzip[.]us
usagvnmtcontractopps[.]us
usagvnmtbizopps[.]us
govnmtcontractsalert[.]us
govnmtcontractsnotice[.]us
govnmtcontractsnews[.]us
govnmtcontractsannounce[.]us
usagvnmtcontracts[.]us
usagvnmtbusiness[.]us
government-contracts[.]us
bidsguide[.]com
govnmtcontractnotice[.]us
usagovnmtbusiness[.]us
usagovnmtcontracts[.]us
govntcontractsbulletin[.]us
govntcontractnotice[.]us
usagovntcontracts[.]us
usagovntbusiness[.]us
govntcontractsnews[.]us
govntcontractsannounce[.]us
usagvntcontracts[.]us
usagvntbusiness[.]us
govntcontractsnotice[.]us
usagvntbizopps[.]us
govntcontractsalert[.]us
usagvntcontractopps[.]us
bidopps[.]us
govbids[.]us
govnt-contractsnotice[.]us
usagvnt-contractopps[.]us
govnt-contractsalert[.]us
usagvnt-bizopps[.]us
govnt-contracts-alert[.]us
usagovnt-contract-opps[.]us
usagovnt-businessopps[.]us
usagovt-contract-opps[.]us
govt-contractsnetwork[.]us
usagovt-business-opps[.]us
govt-bidsnetwork[.]us
usagovt-contractopps[.]us
gov-bidsnetwork[.]us
gov-contractsnetwork[.]us
usagovt-businessopps[.]us
usagovt-bids[.]us
usagov-business-opps[.]us
usagov-contract-opps[.]us
govt-contracts-notice[.]us
govt-contracts-alert[.]us
government-contracts-alert[.]us
usagov-businessoopps[.]us
gov-contracts-notice[.]us
gov-contracts-alert[.]us
usa-govtbizopps[.]us
usagov-businessopps[.]us
usagov-contractopps[.]us
government-contracts-notice[.]us
govnt-bidsnotice[.]us
govnt-bidsalert[.]us
usagovbiz-opps[.]us
usagovbid-opps[.]us
government-contractsalert[.]us
government-contractsnotice[.]us
government-bidsnotice[.]us
government-bidsalert[.]us
usagovnt-businessopportunities[.]us
usagovnt-contractopportunities[.]us
govt-bids-notice[.]us
govt-bids-alert[.]us
government-bids-alert[.]us
governmentbids-notice[.]us
gov-bids-alert[.]us
govbids-notice[.]us
usagovt-bizopps[.]us
gov-bidsalert[.]us
gov-bidsnotice[.]us
govt-bids[.]us
govt-contracts[.]us
usagovntbidsnetwork[.]us
usagovntcontractsnetwork[.]us
government-bids[.]us
usagovtbidsnetwork[.]us
usagovtcontractsnetwork[.]us
govtbidsnetwork[.]us
govtcontractsnetwork[.]us
usagovntbusinessopportunities[.]us
usagovntcontractopportunities[.]us
topicfacts[.]com
govntbidsalert[.]us
govntbidsnotice[.]us
usagovntbidopps[.]us
usagovntbizopps[.]us
mfgpages-update[.]com
govntbusiness[.]us
govntcontract[.]us
usagovntbusinessopps[.]us
usagovntopportunities[.]us
wordvia[.]com
anydic[.]com
bidsalert[.]us
citydataregistry[.]com
citydirectorylisting[.]com
cityfoslisting[.]com
cityprofilelisting[.]com
cityprofileregistry[.]com
contractopps[.]us
govbidalert[.]com
govbidnotices[.]com
govbidsalert[.]com
govbidsnetwork[.]us
govbizopportunities[.]com
govbusinessopportunities[.]us
govcbinc[.]com
govcontractalert[.]com
govcontractopportunities[.]us
govcontractopps[.]com
govcontractsnetwork[.]us
governmentbidsguide[.]com
governmentbusinessopps[.]us
governmentcontractopps[.]us
governmentcontractsalert[.]us
governmentcontractsannounce[.]us
governmentcontractsbids[.]us
governmentcontractsinfo[.]us
governmentcontractsnotice[.]us
governmentcontractsopps[.]us
governmentopportunities[.]us
govtbidalerts[.]us
govtbids[.]us
govtbidsalert[.]us
govtbidsfocus[.]us
govtbidsnotice[.]us
govtbizopps[.]us
govtbusinessopportunities[.]us
govtcontractalerts[.]us
govtcontractopportunities[.]us
govtcontracts[.]us
govtcontractsfocus[.]us
gvtender[.]com
openb2bdirectory[.]com
openb2bsearch[.]com
openbizsearch[.]com
slbidgov[.]com
statelocalbids[.]com
usabidopportunities[.]com
usabidopps[.]com
usabizopportunities[.]com
usabizopps[.]com
usacontractingopps[.]us
usacontractopportunities[.]us
usagovbizopps[.]us
usagovcontractopps[.]us
usagovernmentbids[.]us
usagovernmentbusinessopportunities[.]us
usagovernmentcontractopportunities[.]us
usagovernmentcontracts[.]us
usagovernmentopportunities[.]us
usagovtbidopps[.]us
usagovtbizopps[.]us
usagovtbusinessopportunities[.]us
usagovtbusinessopps[.]us
usagovtcontractopportunities[.]us
usagovtcontractopps[.]us
usaopportunities[.]us

Related Content

Research
THE KNOWNSEC LEAK: Yet Another Leak of China’s Contractor-Driven Cyber-Espionage Ecosystem

Leaked Knownsec documents reveal China’s cyberespionage ecosystem. Analyze TargetDB, GhostX, and 404 Lab’s role in global reconnaissance and critical infrastructure targeting.

Learn More
Research
The APT35 Dump Episode 4: Leaking The Backstage Pass To An Iranian Intelligence Operation

APT35/Charming Kitten's leaked documents expose the financial machinery behind state-sponsored hacking. Learn how bureaucracy, crypto micro-payments, and administrative ledgers sustain Iranian cyber operations and link them to Moses Staff.

Learn More
Research
Chinese Malware Delivery Domains Part IV

Chinese Malware Delivery Domains Part IV uncovers 1,900+ new sites targeting Chinese-speaking users. Get a deep dive into infrastructure, TTPs, and AI-powered threat analysis.

Learn More

Heading

SecuritySnacks
Research
Newsletters
Podcast Episodes
About
No items found.