Alert Summary

Incident ID: IA-007

Vector: LinkedIn Recruitment / Fraudulent Sales Funnel

Risk Level: MEDIUM (Subscription Fraud & Fee Extraction)

Status: ARCHIVED

This audit exposes a sophisticated Recruitment-to-Sales Fraud tactic. The “Helic Consultancy” operation utilized a legitimate platform (LinkedIn) to post a fake role (Junior Operations Specialist). Upon application, candidates were immediately sent an automated “soft rejection” that pivoted into a high-pressure sales pitch for a paid, weekly job-search subscription service.

---

Target / Method / Ultimate Goal

• Target: Professionals in active career transitions who are statistically more likely to engage with “rejection” notifications.
• Method: Emotional Exploitation. Using a fake HR persona (“Stacy Jones”) to deliver a rejection, then immediately offering a “solution” via a third-party paid service.
• Ultimate Goal: Fee Fraud. Enrolling vulnerable job seekers into a recurring weekly subscription for low-value, automated “application services” that yield no professional results.

---

VETTICA Audit: 3 Critical Policy & Technical Failures

1. Infrastructure Failure: The Shell Presence

• Forensic Finding: Public records confirm the helic-co.ca domain was recently registered. The website is a “shell” with zero transparency regarding executive leadership, physical location, or corporate history.
• VETTICA Verdict: CRITICAL FAILURE. The operation fails basic Infrastructure Governance. The lack of a traceable corporate footprint confirms the entity is a disposable front for lead generation.

2. System Detection: SEG (Secure Email Gateway) Flag

• Forensic Finding: Despite the “professional” tone, the email failed standard authentication protocols, causing Gmail to successfully flag the entire interaction as Spam/Phishing.
• VETTICA Verdict: IMMEDIATE FAILURE. When a “Consultancy” cannot pass basic Data Governance and anti-spam controls of major providers, it is a definitive indicator of a malicious or unvetted mail server.

3. Process-to-Provisioning Failure: The Zoho Exploit

• Forensic Finding: The “Unsubscribe” link revealed that the rejection was sent via Zoho Campaigns (maillist-manage.ca). This proves the “HR response” was never an individual communication but a mass-marketing “Drip Campaign.”
• VETTICA Verdict: SYSTEMIC FAILURE. The operation exploited the trust of LinkedIn (for solicitation) and Zoho (for distribution) to run a Fee Fraud campaign disguised as a personnel process.

---

VETTICA Action Plan: Protect Your Perimeter

Review the TLD: Be wary of .ca domains that were registered within the last 90 days but claim “years of consultancy experience.”

Audit the Rejection: If a rejection letter includes a link to a paid service, it is a sales funnel, not a job result. Terminate the interaction and report the posting to LinkedIn.

Identify the Persona: Perform a search for the HR signatory. If “Stacy Jones” has no LinkedIn presence or professional footprint, she is a “Ghost Persona” used for automated spam.