A Journey into OSINT Using an Employment Scam Outreach

I am a job seeker. Thankfully, I am not yet a desperate job seeker.

In a moment of desperation or heightened emotions, a person is less likely to reason logically. Scammers, hackers, and con artists know this and they will leverage human psychology by creating a sense of urgency and appealing to heightened emotions. In a recent Phishing email analysis post, the scammer attempted to raise my emotions by including an ALERT attachment that implied that my money was at risk. I've also seen short deadlines pushed in order to create urgency, as well: "Send all your savings account via a BitCoin ATM within two days or the IRS will come get you".

OSINT stands for Open-source Intelligence. In other words, intelligence you can get from public and/or no-cost sources. We often perform OSINT operations daily without knowing it... Vetting a Tinder date, Googling a name, researching a potential employee prior to interviewing them, etc.

The image in the banner above is what a scammer claimed was only one of their company's offices. They claimed they're hiring developers and have an 8 figure yearly company revenue. Scammers are vultures who target the vulnerable, they seek to exploit you when you are at your worst.

This gave me the opportunity to practice OSINT techniques that I will use in my cybersecurity work, so I took the time to dive in for some extra practice...

The TechnoKing Scammer

Let me take you on the journey of debunking the "technoking" who wanted to hire me as a developer to his fake company.

Due to several requests from fellow classmates, I started a YouTube channel on Python fundamentals and Linux cybersecurity basics using the Hack The Box platform. I did not expect to receive a compliment from a stranger so soon after creating the channel...

At first, the message seemed promising, to be honest. I was flattered by the compliment! But, after about 60 seconds of preliminary review, the source was shady...

Initial Red Flags:

1. Brand new LinkedIn User claiming to have a company with 800 employees, 21 LinkedIn Connections. Headline links to their personal Instagram rather than company website. IG profile has nothing to do with business or tech. 19 posts and almost 14K followers! Hello, bots!
2. Company Information: Company LinkedIn Profile page only has 27 associated members, out of the 800 claimed, despite also listing the company as having "1K-5K employees".
3. Reverse Image search of the company Logo: Reveals that it is an Adobe Stock image. Woof.
4. Image analysis of photos within all company posts reveals that every image is AI generated, including the picture of one of their offices, see image.
5. Repeated offers to talk "face-to-face": Scammers will often aim to get you on the phone or in a web meeting. It's harder to think during a live conversation and easier to fall victim to the tales they spin.

After reviewing these items, it was highly likely that this was not a legitimate company but I wanted to give the TechnoKing a chance to explain! Image below.

Wow! Eight figure revenue and no online presence required! Too good to be true? Yes.

Website/Company Review

"Ready to double your income?"

TechnoKing reiterated that the site is only for devs. None of the 300 listed clients have ever requested a website to verify legitimacy? Wild!

1. Inconsistent Information: The website shared was a single-page, bare bones, replit-hosted app that claimed to have 520 employees. Wait, is it 800, 1K-5K, 27, or 520 employees?
2. Perfect Metrics: Active for 8 years, 300 clients, with a 100% success rate. Wow, incredible! No Case Studies published, though...
3. Reverse Image Search: On their About page, there's a photo of the "office" a MAGNIFICENT building (see image below). A reverse image search of "luxury-home.jpg" reveals that it's a new built home and residential property, not an office. I even found the real estate listings, a hilltop crib over LA, valued at $9M!
4. Not a real company: The LA-based company has zero information on the city/state Corporation Records databases. No Google results aside from the LinkedIn profile. No X. No blog. Nada.

Office Review

TechnoKing says the image above is a "picture of one of our real offices". Hm... I wouldn't expect one to need to qualify the office as "real".

Interestingly enough, they did send a video of themselves in the pictured living room with a recorded view of the infinity pool. They addressed one of my messages directly in the video, too. +1 point for credibility in terms of living luxuriously, anyway.

None the less, a deed and records property search revealed that this residence is a Single Family Property type on the hills above LA, not a commercial office. Could employees work from here? Sure. But it is not a legitimately classified commercial property, nor is it an office or tech headquarters.

TechnoKing also shared a photo of the main workspace in the house as proof of employees working, which was the theatre room of the residence pictured above with some desks at the back. To avoid doxing the TechnoKing, I won't share that photo. But here are some of my fav items in the picture:

-- Large collection prescription pill bottles and paraphernalia on the desk ??

-- Little Nicky movie playing on the big screen ??

-- Monster energy drinks on every horizontal surface ??

-- All employees shoeless or wearing comfy slippers ??

-- MSI GeForce RTX video-card powered gaming PC's for the employees ??????

I grew up in Naples, Florida and had a few wealthy friends I spent time with. This is the exact sort of set up I've seen in their rooms and family's homes.

Conclusion

Does the TechoKing live a life of excess and luxury? Looks like it!

Are they a legitimate business owner, and should I consider employment with them? Most certainly not.

Trust your gut out there. Bad actors, threats, and ne'er-do-wells will seek out your vulnerabilities and exploit them. If something seems too good to be true, it is. If you're unsure about something, ask a friend, colleague, or family member to take a look.

OSINT is a low-cost strategy to leverage publicly available information that will help you protect yourself and your business from cybersecurity threats and bad actors. Use it responsibly (no LOVEINT allowed).

Thank you for attending my TimTalk.