Andre's Blog
Perfection is when there is nothing left to take away
Is it phishing? No, just RIM sending their recruitment mail...

A couple of days ago I got an email from Human Resources. No company name. The subject suggested phishing - RIM: Important information about your application at Research in Motion. I looked at the SMTP source before opening the message and saw the usual phishing email - your account has been updated, please go ahead and reset the password, etc, etc.

The return address was RIM_Do_Not_Reply@invalidemail.com, which is not RIM's domain name and further confirmed the nature of this email. The email addressed me by name and provided a link to rim.taleo.net to reset the password. Temporary numeric user name and password were provided and there was a base64-encoded HTML file named current_email_in_html.html. A text-book phishing email.

So, I decided to contact RIM and notify them that there's phishing going under their name. Boy, was I surprised - the careers section of their website linked to rim.taleo.net. So, RIM does indeed outsource recruitment to Taleo and it was a legitimate email from RIM!

You would think that in this day and age a company like RIM whose specialty is communication and email would pay attention to security of their communication with potential employees, but no, that's certainly not the case. Apparently, somebody at RIM didn't bother verifying what their outsorcing company is doing and somebody at Taleo just doesn't have a clue about what they are doing.

Comments:
Posted Wed Apr 16 20:35:56 EDT 2008 by Eradj

HR folks barely know what technology really means. I am sure, if someone from management level found out what was going it would get the proper attention. At the end of the day it is the image of the company at stake.

Posted Mon Nov 30 20:31:01 EST 2009 by Rim Finder

Still the same 1 year later,

-------------------------

Return-Path: RIM_Do_Not_Reply@invalidemail.com
Received: from zimbra6-e1.priv.proxad.net (LHLO zimbra6-e1.priv.proxad.net)
(172.20.243.156) by zimbra6-e1.priv.proxad.net with LMTP; Wed, 11 Nov 2009
00:46:45 +0100 (CET)
Received: from nyrelay.taleo.net (mx27-g26.priv.proxad.net [172.20.243.97])
by zimbra6-e1.priv.proxad.net (Postfix) with ESMTP id BEED720140
for <x@zimbra6-e1.priv.proxad.net>; Wed, 11 Nov 2009 00:46:44 +0100 (CET)
Received: from nyrelay.taleo.net ([64.94.160.144])
by mx1-g20.free.fr (MXproxy) for [[link]] ;
Wed, 11 Nov 2009 00:46:45 +0100 (CET)
X-ProXaD-SC: state=HAM score=50
Received: from nyprap86 (localhost.localdomain [127.0.0.1])
by nyprap86.ny.rsft.net (Postfix) with ESMTP id 07F0118042
for <x@free.fr>; Tue, 10 Nov 2009 18:46:44 -0500 (EST)
From: RIM Organizational Development <RIM_Do_Not_Reply@invalidemail.com>
To: [[link]]
Message-ID: <5449888.163001257896804031.JavaMail.rcc@127.0.0.1>
Subject: Thank you for your application for Associate, BlackBerry Customer
Technical Support (E-Support) - 0903218
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_10967_10757227.1257896804029"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: normal
Date: Tue, 10 Nov 2009 18:46:44 -0500 (EST)
 

Posted Tue Jun 29 05:35:51 EDT 2010 by Katharine

So weird.  I just received one this morning from a major pharmaceutical company that I would love to work for.  The return address was From: <imgstyle="display: none;"webimdisplaystyle="inline"id="P___1555009746"alt=""></img> Human Resources (hr-<major-pharma>@invalidemail.com)

It contained the exciting news that "The Consumer Affairs Intake Coordinator, Mentor position (9542100617) at <company I never heard of> recently opened"

Huh?  Who's <company I never heard of>?.  This smelled phishier and phishier.

It does link back to Taleo, so maybe this is just a really unnerving user interface.  I'm going to take your posting under advisement and pursue the position.

Thanks.

Posted Tue Jun 29 06:54:10 EDT 2010 by Katharine

Too bad.  Emboldened by your posting, I checked out the job itself.  It would have been a great fit for me--if it weren't all the way across the continent.

Besides the user interface, I guess Taleo needs to improve its geographic search functions...

Posted Wed Jun 30 17:13:44 EDT 2010 by Andre

Thanks for the update. I find it amazing that two years later Taleo works the same way!

Hope it works out for you :)

Posted Thu Aug 26 11:18:45 EDT 2010 by Aleksandra

I have just received an email from the HR dep't of Deloitte with the address: hr-dtt@invalidemail.com and it went straight to the spam box. Very weird that such a company usues such a domain. can someone explain how it works.Thanks:)

Posted Sat May 14 00:18:44 EDT 2011 by ATM

i got one too .... this time from "JPMorgan_Chase@invalidemail.com" telling me that they are considering my profile and their HR would contact me back if something suitable comes up. I am really confused ... is this SPAM or is this for real ?

Posted Wed May 18 08:38:38 EDT 2011 by Andre

If it links back to some subdomain at taleo.net, then it's most likely a legitimate email sent by Taleo on JP's behalf. If there are other links, you need to be careful.

Posted Sun Sep 11 19:47:01 EDT 2011 by Master Moose

I am a Systems adminstrator for a large business.

Companies do not oursource their recuritment to to Taleo, They use the Taleo suite of recruitment tools.

The @invalid email is what taleo sets as defaults for correspondence - The only reason you are receiving these messages is that my equivallent at RIM and these other companies did not change this did not want to change these.

Posted Thu Jan 19 21:20:21 EST 2012 by Judy

If they want me to open their email, they'll have to do better than that!

Posted Sat Jul 13 14:19:37 EDT 2013 by J
Invalid email means they don't want a reply. They just want a one way street communication.
Posted Thu May 1 20:24:58 EDT 2014 by B

 I received an similar to this. My IT dept deliberately sends phishing-email to it's employees to test company phishing attempts. I would forward any email similar to this to your IT department.   

Posted Sat Jan 24 06:13:46 EST 2015 by Mr T

Got a same mail from Barclays, domain invalidemail.com

Posted Thu Apr 9 10:36:17 EDT 2015 by Eljae

I received an email with the same invaildemail.com address from a taleo (tfl recruitment). The message is not bogus it appears as in my taleo account there is indeed the same message.

Posted Thu Jun 11 13:33:41 EDT 2015 by K

 I received a congratulations email with "Recruitment Services <do_not_reply@invalidemail.com>" as the from email address. That's just the address that's shown. Otherwise, individual or group HR mailboxes would be inundated by applicants.

Posted Wed Jul 8 19:52:47 EDT 2015 by Z

The @invalidemail.com is commonly used when sending emails from the Taleo system.  If the company's domain name was listed as the from email, but the email was sent from Taleo servers, your email would most likely consider it to be spam because it is coming from a Taleo server with another company's domain.  That would be spam and phishing.  @invalidemail is registered as a valid email from the IP addresses of Taleo servers.

Certainly verify the information before entering any private data, but you should be expecting emails from them if you have applied to jobs with them.

 

 

 

Posted Sun Feb 28 09:26:56 EST 2016 by JPS

 But still confused. Why they should use invalid ; even the one stright communication? why not using their own web it self..?

Posted Thu Sep 22 10:04:20 EDT 2016 by babu

 

Name:

Comment: