As I write this IT criminals send out cascades of spam emails tempting with a job as money mule. What is interesting is, however, that they probably mixed up .de with .dk because all of the analyzed spam emails are written in German but have been sent to .dk email addresses. This is hardly intentional.
We have seen the following subjects used:
Kundenberater
Brauchen Sie das Geld, lernen Sie zu verdienen!
Hochbezahlte Arbeit von zu Hause
The complete spammail looks like this:
The domain which potential future mules shall reply to also indicates that the campaign was intended for the German market:
xpatjobsde.com
The domain is controlled by the name server: nsx.tauthichmi.net, pointing to 178.33.214.99.
The campaign can be tied to the domains below which obviously have similar purposes or are ready for other scams:
usajobsnow.com
jobs-hunters.com
custojustoorg.com
usacareersorg.com
mercury-ldo.net
iprotechsupport.net
rotaryactivities.net
cardealerchicagoil.net
All of the above domains, which have nothing to offer apart from humbug and swindle, have already been blocked in CSIS Secure DNS and Heimdal PRO and Corporate.