Is it phishing? No, just RIM sending their recruitment mail...

A couple of days ago I got an email from Human Resources. No company name. The subject suggested phishing - RIM: Important information about your application at Research in Motion. I looked at the SMTP source before opening the message and saw the usual phishing email - your account has been updated, please go ahead and reset the password, etc, etc.

The return address was RIM_Do_Not_Reply@invalidemail.com, which is not RIM's domain name and further confirmed the nature of this email. The email addressed me by name and provided a link to rim.taleo.net to reset the password. Temporary numeric user name and password were provided and there was a base64-encoded HTML file named current_email_in_html.html. A text-book phishing email.

So, I decided to contact RIM and notify them that there's phishing going under their name. Boy, was I surprised - the careers section of their website linked to rim.taleo.net. So, RIM does indeed outsource recruitment to Taleo and it was a legitimate email from RIM!

You would think that in this day and age a company like RIM whose specialty is communication and email would pay attention to security of their communication with potential employees, but no, that's certainly not the case. Apparently, somebody at RIM didn't bother verifying what their outsorcing company is doing and somebody at Taleo just doesn't have a clue about what they are doing.

Comments:
Posted Sun, 24 Nov 2024 17:42:02 GMT by raj

I got an email with @invalidemail apparently from Bank of Singapore saying they had successfully received my application....only problem was that i had not even uploaded my CV since I was still setting up my account at Bank of Singapore's recruitment site. I think it is CIA or MI5 or another competitor to Singapore trying to stop best talents from being hired outside of london/new york etc... Not sure why they go to such greag lengths...but it is a talent drven world and I am sure the employment visa websites are monitored to intercept best talents to bring them to the US or UK by hook or by crook.

Posted Sat, 06 Jan 2024 16:29:37 GMT by Andre

@JH Hard to say without details, so just a couple of general thoughts (don't post any details, though).

If it was Taleo or another employment agency, you are probably Ok in the sense that your information eventually ended up in legitimate hands of some employment clerk.

If it was indeed a phishing attack, depending on what you shared, you may need to take some mitigation steps and ask around about what to do with regards to particular type of data affected (assuming it's more than just name and email).

In any case, if you entered any passwords in the process, make sure the same password not used anywhere else. If it is, change it immediately in those other existing places and keep this password in your records marked as compromised.

Posted Fri, 05 Jan 2024 22:42:14 GMT by JH

i received one such email and like a rookie i replied and entered personal information. it wasn't until i finished sending it that i realized it was a suspicious domain. am i in deep trouble?

can i do anything to protect myself after sending the info?

pleae help

 

Posted Wed, 02 Feb 2022 01:54:24 GMT by Mai

 And i thought i was the only one experiencing it... was skeptical about proceeding then i called HR... yeap! Taleo systems

Posted Mon, 17 Jan 2022 16:26:23 GMT by Anonymous

And in 2022...

Posted Wed, 22 Dec 2021 11:44:26 GMT by Anonymous

Still happening in 2021 from Taleo... crazy

Posted Tue, 24 Aug 2021 22:38:35 GMT by Anonymous

 Got a job offer, and I accepted.  In the verification process they sent an email with the "invalid" email address with links where I am supposed to upload my tax return.  Planning on going personally to the company to show whatever documents they need to verify my identity.  This is a BIG company.  What do you guys think?

Posted Wed, 28 Apr 2021 17:30:18 GMT by Anonymous

Received such mail from OECD today. It seems genuine, however very strange way of communication. 

Posted Fri, 13 Nov 2020 09:55:30 GMT by ADAMOU ABDEL

 Thanks you SeaBass for the answer.

Posted Tue, 27 Oct 2020 12:41:15 GMT by Anonymous

 Just happened to me today. Onboard for email for one of the largest insurance companies in the U.S. and they’re sending me this crap? Lucky I didn’t delete the email without thinking. Looks just like a classic email phishing attack despite being completely legitimate.

Posted Sat, 12 Sep 2020 12:33:19 GMT by SeaBass

To summarize from the various comments...

1) They use the invalid email for one way conversation.

2) The mails come through taleo Servers and not the company's

3) Could be spam

4) Don't click on links to enter personal details.

I would suggest to look out for hints such as poor grammar and spelling mistakes, and recruitment procedures generally don't require candidates to make a payment.

Its 2020 and i still cant believe that giant companies are still unwilling to fix this issue!!! 

 

 

 

 

 

 

 

Posted Tue, 12 May 2020 10:27:53 GMT by Anonymous

I too received an email today after receiving HR call from Liveconnections from id humanresources@invalidemail.com

Is it fake or Genuine ?

 

 

Posted Sun, 01 Mar 2020 09:14:50 GMT by Go Cubs GO

 I received an email two days ago to complete an application from an email address:  hr-ctg@invalidemail.com

 

This is 2020 and this shocking.
Posted Wed, 06 Feb 2019 18:04:30 GMT by Anonymous

Still happening in 2019.  Good god.

As part of our hiring process, we require all candidates to complete an Employment Application and eSignature. Please log into the system using the links below as soon as possible to complete the same.
 
Please click here (link remoto access your user profile.  If you have not yet registered, you may do so by entering the username provided below.
 
[[removed]]
 
If you have not yet registered, or you have forgotten your password, please click on the "Forgot Password" link and enter your email ID when prompted.
 
 
We thank you for your interest in Capgemini.
 

Best Regards,
Capgemini Recruiting


You may refer to our Privacy Policy available at capgemini website that I removed to try to submit this post...




Replies to this message are undeliverable and will not reach the Human Resources Department. Please do not reply.

 

Posted Sun, 09 Dec 2018 12:15:50 GMT by RR

Got a same mail from Fujitsu, domain invalidemail.com

Posted Tue, 23 Oct 2018 16:39:22 GMT by Just like WoW

I just got an email from a major mining company that I wanted to work for an put in an application.  Got a phishy ass reply.  Same shit, Taleo.  I can't believe these multi billion dollar companies rely on this crap.

 

from: Human Resources BigAss_MiningCompany_HR@invalidemail.com

 

 

  

Posted Wed, 17 Oct 2018 09:35:46 GMT by Nitish

I too received the mail for barclays from this domain. But instead of clicking on any links, i went to barclays taleo and manually searched for that job id and applied. 

Posted Thu, 11 Jan 2018 15:06:54 GMT by asd

 Taleo needs to be re-investigated based on the information that came to light about how the actual computing chips of Intel et al could be misdirected.  If you are getting a reply from "someone" in HR @invalidemail.com from a big pharma or a big bank (Morgan, Barclay, etc.) HR department, your name is on a list that an algorithm runs - no one in HR looked at your resume, or ever will, and the reason for that is economic - all the equity you have built up over your years of working will disappear, never to return - now go sign up for Uber or Lyft...

Posted Sun, 28 Feb 2016 09:26:56 GMT by JPS

 But still confused. Why they should use invalid ; even the one stright communication? why not using their own web it self..?

Posted Wed, 08 Jul 2015 19:52:47 GMT by Z

The @invalidemail.com is commonly used when sending emails from the Taleo system.  If the company's domain name was listed as the from email, but the email was sent from Taleo servers, your email would most likely consider it to be spam because it is coming from a Taleo server with another company's domain.  That would be spam and phishing.  @invalidemail is registered as a valid email from the IP addresses of Taleo servers.

Certainly verify the information before entering any private data, but you should be expecting emails from them if you have applied to jobs with them.

 

 

 

Posted Thu, 11 Jun 2015 13:33:41 GMT by K

 I received a congratulations email with "Recruitment Services <do_not_reply@invalidemail.com>" as the from email address. That's just the address that's shown. Otherwise, individual or group HR mailboxes would be inundated by applicants.

Posted Thu, 09 Apr 2015 10:36:17 GMT by Eljae

I received an email with the same invaildemail.com address from a taleo (tfl recruitment). The message is not bogus it appears as in my taleo account there is indeed the same message.

Posted Sat, 24 Jan 2015 06:13:46 GMT by Mr T

Got a same mail from Barclays, domain invalidemail.com

Posted Thu, 01 May 2014 20:24:58 GMT by B

 I received an similar to this. My IT dept deliberately sends phishing-email to it's employees to test company phishing attempts. I would forward any email similar to this to your IT department.   

Posted Sat, 13 Jul 2013 14:19:37 GMT by J
Invalid email means they don't want a reply. They just want a one way street communication.
Posted Thu, 19 Jan 2012 21:20:21 GMT by Judy

If they want me to open their email, they'll have to do better than that!

Posted Sun, 11 Sep 2011 19:47:01 GMT by Master Moose

I am a Systems adminstrator for a large business.

Companies do not oursource their recuritment to to Taleo, They use the Taleo suite of recruitment tools.

The @invalid email is what taleo sets as defaults for correspondence - The only reason you are receiving these messages is that my equivallent at RIM and these other companies did not change this did not want to change these.

Posted Wed, 18 May 2011 08:38:38 GMT by Andre

If it links back to some subdomain at taleo.net, then it's most likely a legitimate email sent by Taleo on JP's behalf. If there are other links, you need to be careful.

Posted Sat, 14 May 2011 00:18:44 GMT by ATM

i got one too .... this time from "JPMorgan_Chase@invalidemail.com" telling me that they are considering my profile and their HR would contact me back if something suitable comes up. I am really confused ... is this SPAM or is this for real ?

Posted Thu, 26 Aug 2010 11:18:45 GMT by Aleksandra

I have just received an email from the HR dep't of Deloitte with the address: hr-dtt@invalidemail.com and it went straight to the spam box. Very weird that such a company usues such a domain. can someone explain how it works.Thanks:)

Posted Wed, 30 Jun 2010 17:13:44 GMT by Andre

Thanks for the update. I find it amazing that two years later Taleo works the same way!

Hope it works out for you :)

Posted Tue, 29 Jun 2010 06:54:10 GMT by Katharine

Too bad.  Emboldened by your posting, I checked out the job itself.  It would have been a great fit for me--if it weren't all the way across the continent.

Besides the user interface, I guess Taleo needs to improve its geographic search functions...

Posted Tue, 29 Jun 2010 05:35:51 GMT by Katharine

So weird.  I just received one this morning from a major pharmaceutical company that I would love to work for.  The return address was From: Human Resources (hr-<major-pharma>@invalidemail.com)

It contained the exciting news that "The Consumer Affairs Intake Coordinator, Mentor position (9542100617) at <company I never heard of> recently opened"

Huh?  Who's <company I never heard of>?.  This smelled phishier and phishier.

It does link back to Taleo, so maybe this is just a really unnerving user interface.  I'm going to take your posting under advisement and pursue the position.

Thanks.

Posted Mon, 30 Nov 2009 20:31:01 GMT by Rim Finder

Still the same 1 year later,

-------------------------

Return-Path: RIM_Do_Not_Reply@invalidemail.com
Received: from zimbra6-e1.priv.proxad.net (LHLO zimbra6-e1.priv.proxad.net)
(172.20.243.156) by zimbra6-e1.priv.proxad.net with LMTP; Wed, 11 Nov 2009
00:46:45 +0100 (CET)
Received: from nyrelay.taleo.net (mx27-g26.priv.proxad.net [172.20.243.97])
by zimbra6-e1.priv.proxad.net (Postfix) with ESMTP id BEED720140
for <x@zimbra6-e1.priv.proxad.net>; Wed, 11 Nov 2009 00:46:44 +0100 (CET)
Received: from nyrelay.taleo.net ([64.94.160.144])
by mx1-g20.free.fr (MXproxy) for x@zimbra6-e1.priv.proxad.net ;
Wed, 11 Nov 2009 00:46:45 +0100 (CET)
X-ProXaD-SC: state=HAM score=50
Received: from nyprap86 (localhost.localdomain [127.0.0.1])
by nyprap86.ny.rsft.net (Postfix) with ESMTP id 07F0118042
for <x@free.fr>; Tue, 10 Nov 2009 18:46:44 -0500 (EST)
From: RIM Organizational Development <RIM_Do_Not_Reply@invalidemail.com>
To: x@free.fr
Message-ID: <5449888.163001257896804031.JavaMail.rcc@127.0.0.1>
Subject: Thank you for your application for Associate, BlackBerry Customer
Technical Support (E-Support) - 0903218
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_10967_10757227.1257896804029"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: normal
Date: Tue, 10 Nov 2009 18:46:44 -0500 (EST)
 

Posted Wed, 16 Apr 2008 20:35:56 GMT by Eradj

HR folks barely know what technology really means. I am sure, if someone from management level found out what was going it would get the proper attention. At the end of the day it is the image of the company at stake.