A couple of days ago I got an email from Human Resources. No company name. The subject suggested phishing -
RIM: Important information about your application at Research in Motion. I looked at the SMTP source before opening the message and saw the usual phishing email - your account has been updated, please go ahead and reset the password, etc, etc.
The return address was
RIM_Do_Not_Reply@invalidemail.com, which is not RIM's domain name and further confirmed the nature of this email. The email addressed me by name and provided a link to rim.taleo.net to reset the password. Temporary numeric user name and password were provided and there was a base64-encoded HTML file named current_email_in_html.html. A text-book phishing email.
So, I decided to contact RIM and notify them that there's phishing going under their name. Boy, was I surprised - the careers section of their website linked to rim.taleo.net. So, RIM does indeed outsource recruitment to Taleo and it was a legitimate email from RIM!
You would think that in this day and age a company like RIM whose specialty is communication and email would pay attention to security of their communication with potential employees, but no, that's certainly not the case. Apparently, somebody at RIM didn't bother verifying what their outsorcing company is doing and somebody at Taleo just doesn't have a clue about what they are doing.