So I applied to a job through the Web. I got a follow up e-mail that requested I resend my info to another mail address. The address seemed to be from a legit business, so I sent it. I then got a reply back asking if I wanted to be a “personal assistant” instead, buying stuff and sending it to a PO box.
Of course, this immediately smelled like a scam, so I went ahead and did my research. The company that seemed to be represented by the e-mail address seemed legit, and so did the person’s name, but as it turns out, the two have no connection, and I found a warning on LinkedIn confirming that it’s a scam. (One flag I found: the “real” company’s URL is plural, while the domain the mail came from is singular.)
What is my personal info exposure risk? My resume has my e-mail address, phone number, city/state/zip code (nothing else from address), and LinkedIn URL as contact info, along with my actual resume. The email with the “personal assistant offer” asked for my full name, address, and cell number, which, of course, I am not going to provide. I assume the scam was going to be with the “shopping” I was being asked to do (with stolen or fraudulent payment methods), but I want to figure out if they can do anything with the info I’ve given them.
To add: this may not be technically spear phishing (I called it that because the person whose name they stole called it that). I was not asked for any passwords or to give access to any accounts, just the resume, which is why I assume that their true intent was using stolen or fraudulent payment schemes.
All of the information you gave them is easily available to anyone that wants it anyway. I would say your risk is minimal to none. I don’t know what the final scam is but you are stopping it before it barely starts so I wouldn’t worry about it.
It’s not spear phishing and they’re not interested in your resume. They just wanted to trick you into buying stuff under false pretenses (money wire or check that doesn’t clear, stolen credit cards, etc). Your salary would be the extra “funds” they’d send which you would get to keep for your fee. You didn’t fall for their trick, so they’re no longer interested in you.