VETTICA Digital Integrity

Tag: whois analysis

  • Integrity Alert #7: The Recruitment-to-Sales Pivot

    Alert Summary

    Incident ID: IA-007

    Vector: LinkedIn Recruitment / Fraudulent Sales Funnel

    Risk Level: MEDIUM (Subscription Fraud & Fee Extraction)

    Status: ARCHIVED

    This audit exposes a sophisticated Recruitment-to-Sales Fraud tactic. The “Helic Consultancy” operation utilized a legitimate platform (LinkedIn) to post a fake role (Junior Operations Specialist). Upon application, candidates were immediately sent an automated “soft rejection” that pivoted into a high-pressure sales pitch for a paid, weekly job-search subscription service.

    Target / Method / Ultimate Goal

    • Target: Professionals in active career transitions who are statistically more likely to engage with “rejection” notifications.
    • Method: Emotional Exploitation. Using a fake HR persona (“Stacy Jones”) to deliver a rejection, then immediately offering a “solution” via a third-party paid service.
    • Ultimate Goal: Fee Fraud. Enrolling vulnerable job seekers into a recurring weekly subscription for low-value, automated “application services” that yield no professional results.

    VETTICA Audit: 3 Critical Policy & Technical Failures

    1. Infrastructure Failure: The Shell Presence

    • Forensic Finding: Public records confirm the helic-co.ca domain was recently registered. The website is a “shell” with zero transparency regarding executive leadership, physical location, or corporate history.
    • VETTICA Verdict: CRITICAL FAILURE. The operation fails basic Infrastructure Governance. The lack of a traceable corporate footprint confirms the entity is a disposable front for lead generation.

    2. System Detection: SEG (Secure Email Gateway) Flag

    • Forensic Finding: Despite the “professional” tone, the email failed standard authentication protocols, causing Gmail to successfully flag the entire interaction as Spam/Phishing.
    • VETTICA Verdict: IMMEDIATE FAILURE. When a “Consultancy” cannot pass basic Data Governance and anti-spam controls of major providers, it is a definitive indicator of a malicious or unvetted mail server.

    3. Process-to-Provisioning Failure: The Zoho Exploit

    • Forensic Finding: The “Unsubscribe” link revealed that the rejection was sent via Zoho Campaigns (maillist-manage.ca). This proves the “HR response” was never an individual communication but a mass-marketing “Drip Campaign.”
    • VETTICA Verdict: SYSTEMIC FAILURE. The operation exploited the trust of LinkedIn (for solicitation) and Zoho (for distribution) to run a Fee Fraud campaign disguised as a personnel process.

    VETTICA Action Plan: Protect Your Perimeter

    Review the TLD: Be wary of .ca domains that were registered within the last 90 days but claim “years of consultancy experience.”

    Audit the Rejection: If a rejection letter includes a link to a paid service, it is a sales funnel, not a job result. Terminate the interaction and report the posting to LinkedIn.

    Identify the Persona: Perform a search for the HR signatory. If “Stacy Jones” has no LinkedIn presence or professional footprint, she is a “Ghost Persona” used for automated spam.

  • Integrity Alert #2: The Pixibyte Policy Bypass

    Alert Summary

    Incident ID: IA-002

    Vector: Canada Job Bank Vetting Exploit / Content Impersonation

    Risk Level: HIGH (Data Harvesting & Platform Trust Exploitation)

    Status: ARCHIVED

    This alert exposes a profound failure in Digital Policy Integrity. The Pixibyte operation bypassed the security controls of the Canada Job Bank by constructing a fraudulent digital storefront built on stolen content. By leveraging the “unquestioned trust” of a government employment platform, the attackers successfully delivered fraudulent outreach directly to victims’ inboxes.

    Target / Method / Ultimate Goal

    • Target: Professionals in career transition utilizing trusted government employment portals.
    • Method: Authority Hijacking. Exploiting a policy bypass in the Canada Job Bank’s employer vetting system while utilizing stolen digital assets to pad a project portfolio.
    • Ultimate Goal: Execution of a persistent, non-traceable digital fraud campaign to harvest credentials and PII under the guise of legitimate government-vetted recruitment.

    VETTICA Analysis: 3 Critical Policy & Technical Failures

    1. Infrastructure Failure: The Domain & Skillset Mismatch

    • Forensic Finding: The domain was registered in February 2025, contradicting claims of “deep industry experience.” Furthermore, the system issued invitations for unrelated roles (Web Designer) despite a profile clearly defined by ITSM/GRC expertise.
    • VETTICA Verdict: CRITICAL FAILURE. An unestablished digital footprint combined with “Net-Casting” outreach (ignoring skillset fit) are immediate flags for a failure in Infrastructure Governance.

    2. Content Integrity Failure: Digital Asset Theft

    • Forensic Finding: The Pixibyte storefront was discovered to be stealing professional photography and project data directly from legitimate firms to impersonate a clientele list and pad their portfolio.
    • VETTICA Verdict: IMMEDIATE FAILURE. This is a direct violation of Data Governance and Content Integrity Policy. Using stolen assets to build “plausible deniability” confirms a malicious intent to deceive.

    3. Policy-to-Provisioning Failure (The “Trust Gap”)

    • Forensic Finding: The operation exploited the lack of a mandatory Source-of-Truth Validation Control within the Job Bank’s employer onboarding workflow.
    • VETTICA Verdict: SYSTEMIC FAILURE. This proves that Pixibyte successfully navigated a fundamental failure in Vendor and Platform Governance, accessing a trusted, policy-approved provisioning channel to target citizens.

    VETTICA Action Plan: Protect Your Professional Perimeter

    • Verify the “Source of Truth”: Do not assume a job listing is safe just because it appears on a government-hosted portal. Conduct an independent GRC audit of the hiring entity.
    • Audit Digital Assets: Perform a reverse-image search on “portfolio” items or team photos. If the assets are stolen from established firms, terminate the interaction.
    • Hardened Perimeter: Treat any unsolicited outreach as a “Security Event” until the employer’s lifecycle and digital footprint can be verified against independent records.

  • Integrity Alert #1: The $35 “Pay-to-Play” Recruitment Trap

    Alert Summary

    Incident ID: IA-001

    Vector: Unsolicited Email / Fraudulent “Technical Assessment”

    Risk Level: HIGH (Financial Fraud & Credit Card Harvesting)

    Status: ARCHIVED

    This alert identifies a sophisticated predatory network (operating under names like Skivyy and Baishi) that targets job seekers with unsolicited “Application Status Updates.” The operation leverages professional terminology to pressure candidates into paying a non-refundable $35 fee for a mandatory technical assessment—a clear violation of ethical hiring standards.

    Target / Method / Ultimate Goal

    • Target: Active job seekers with resumes visible on public boards (IT Support, Analysts, Admin).
    • Method: Pressure-Induced Monetization. Sending an invitation for a role never applied for (e.g., “Remote IT Support Associate”) and demanding an immediate “Assessment Fee” to proceed.
    • Ultimate Goal: Direct financial theft of $35+ and the harvesting of active credit card data for secondary fraudulent use.

    VETTICA Analysis: 3 Critical Policy & Technical Failures

    1. Infrastructure Failure: The WHOIS Discrepancy

    A professional platform’s digital footprint should match its claimed legitimacy.

    • Forensic Finding: WHOIS data for the Skivyy domain showed a registration date of August 2025—just 90 days prior to the “global” recruitment push.
    • VETTICA Verdict: CRITICAL FAILURE. A “vetted” professional platform operating on a “burner” domain launched less than three months prior is a primary indicator of a temporary fraud operation.

    2. Financial Policy Failure: The “Pay-to-Play” Violation

    This is the non-negotiable compliance failure that validates the scam.

    • Hiring Ethics Violation: Legitimate employers—especially in the IT and ServiceNow ecosystem—do not charge candidates for background checks, training, or assessments during the screening phase.
    • VETTICA Verdict: IMMEDIATE FAILURE. Demanding a fee violates standard GRC (Governance, Risk, and Compliance) hiring frameworks and signals a financial trap.

    3. Community Intelligence Failure

    Cross-referencing intent via external threat intelligence.

    • Forensic Finding: Multiple external data points confirmed the “Technical Assessment Fee” as a consistent, repeatable fraudulent scheme used to extract money from job seekers.
    • VETTICA Verdict: SYSTEMIC FAILURE. The operation is a known predatory network designed to exploit the current job market’s high-pressure environment.

    VETTICA Action Plan: Protect Your Professional Perimeter

    • Enforce a “Zero-Fee” Policy: If a recruitment process requires a credit card before a live human interview, terminate the session immediately.
    • Audit the Domain: Use WHOIS tools to verify the age of the sender’s infrastructure. If the company claims to be established but the domain is 3 months old, it is a fraud.
    • Do Not Engage: Do not reply to “Application Status” emails for roles you did not apply for. This confirms your email is active and moves you into a higher-tier “target” list.