By Dancho Danchev

Want to join the North Atlantic Treaty Organization (NATO)? You may want to skip the CVs/personally identifiable information soliciting campaign that I’m about to profile in this post, as you’d be involuntarily sharing your information with what looks like an intelligence gathering operation.

More details:

Sample screenshot of the fake NATO Employment Application Form:

• A copy of the fake NATO Employment Application Form
• A copy of the fake NATO Interview Form

Sample fake email:
From: North Atlantic Treaty Organization <natojobs@natous.org>
Subject: NATO Vacancies=

About NATO:
NATO is committed to the peaceful resolution of disputes. If diplomatic efforts fail, it has the military capacity needed to undertake crisis management operations. These are carried out under Article 5 of the Washington Treaty
and/or under a UN mandate, alone or in cooperation with other countries and international organizations.
NATO promotes democratic values and encourages consultation and cooperation on defence and security issues to build trust and,in the long run, prevent conflict.

NATO provides a unique opportunity for member and partner countries to consult and take decisions on security issues at all levels and in a variety of fields to promote stability and guarantee allied defence. We want to be sure that we can walk around freely in a safe and secure environment. Security in all areas of everyday life is key to our well-being, but it cannot be taken for granted.

Administrative Assistant
Location: Brussels/Belgium/Canada/Spain/UK/USA
Post Number:CH-09
Salary:$243 ,000.00 USD
Grade: B-5
Officer
Location: Brussels/Belgium/UK/USA
Post Number:A04(2013)
Salary:$243 ,000.00 USD
Grade: A4

System Manager
Location: Brussels/Belgium/UK/USA
Post Number:A11(2013)(MON)
Salary:$243 ,000.00 USD
Grade: A3

Software Support Engineer
Location: Brussels/Belgium/UK/USA
Post Number:A13(2013)(MON)
Salary:$243 ,000.00 USD
Grade: A2

Political Advisor
Location: Brussels/Belgium/UK/USA
PE Post Number:ZAC GSI0010
Salary:$253 ,000.00 USD
Grade: A-5

Project Manager
(NATO NAVAL FORCES SITES OFFICE)
Location: Brussels/Belgium/UK/USA
STAFF VACANCY NO:A43(2912)
Salary:$253 ,000.00 USD
Grade: A5

Software Engineer
Location: Brussels/Belgium/UK/USA
Reference NO:A14(2013)(MON)
Salary:$243 ,000.00 USD
Grade: A2
Site Engineer
Location: Brussels/Belgium/UK/USA
Reference NO:A05(2013)
Salary:$243 ,000.00 USD
Grade: A2/A.3

Engineer (System)
Location: Brussels/Belgium/UK/USA
Reference NO:A21(2013)(MON)
Salary:$243 ,000.00 USD
Grade: A2

Analyst
(Logistic Support)
Location: Brussels/Belgium/UK/USA
Reference NO:A17(2013)(MON)
Salary:$243 ,000.00 USD
Grade: A2

Junior Technician
(Inventory)S-70
Location: Italy/Spain/Belgium/UK/USA
Reference NO:04(2013)(MON)
Salary:$243 ,000.00 USD
Grade: B4

Programme Coordination Officer
Location: Italy/Spain/Belgium/UK/USA
Reference NO:A15(2013)(NAG)
Salary:$243 ,000.00 USD
Grade: A2-A3

Junior Translator
(English-French)
Location: Italy/Spain/Belgium/UK/USA
Reference NO:L01(2013)
Salary:$243 ,000.00 USD
Grade: T2

Director Of Acquisition
Location: Brussels/Belgium/UK/USA
Reference NO:A19(2013)(BRX)
Salary:$243 ,000.00 USD
Grade: A6

Auditor,
(International Board Of Auditors for NATO)
Location: Brussels/Belgium/UK/USA
Reference NO:A02(2013)
Salary:$253 ,000.00 USD
Grade: A4

Director Research Division
Location: Brussels/Belgium/UK/USA
Reference NO:DFC ARC 0150
Salary:$243 ,000.00 USD
Grade: A5

IS Administrator
Location: Brussels/Belgium/UK/USA
Reference NO:B09(2013)(BYD)
Salary:$243 ,000.00 USD
Grade: A5

Assistant
(Service Desk)
Location: Brussels/Belgium/UK/USA
Reference NO:B10(2013)(STA)
Salary:$243 ,000.00 USD
Grade: B4

Analyst-Programmer
(System SW)
Location: Brussels/Belgium/UK/USA
Reference NO:SSC01-13
Salary:$243 ,000.00 USD
Grade: A2

Traffic Officer
Location: Brussels/Belgium/UK/USA
Reference NO:A(01)2013
Salary:$143 ,000.00 USD
Grade: A3

Staff Officer
(CIS Capabilities)
Location: Brussels/Belgium/UK/USA
Reference NO:A24(2013)(MON)
Salary:$143 ,000.00 USD
Grade: A2

Administrative Officer
Location: Brussels/Belgium/UK/USA
Reference NO:LL-13 21/2013
Salary:$243 ,000.00 USD
Grade: A2

Senior Technical Officer
Location: Brussels/Belgium/UK/USA
Reference NO:LG 81/2013
Salary:$243 ,000.00 USD
Grade: A3

Accountant
(ACO Accounting Management)
Location: Brussels/Belgium/UK/USA
Reference NO:A03/0213
Salary:$253 ,000.00 USD
Grade: A2

Deputy Director
Location: Brussels/Belgium/UK/USA
Reference NO:A20(2013)(BRX)
Salary:$243 ,000.00 USD
Grade: A5

Assistant Secretary General
(ASG), Executive Management (EM)
Location: Brussels/Belgium/UK/USA
Reference NO:U04(2013)
Salary:$343 ,000.00 USD
Grade: Uncl

Assistant Secretary General
(ASG), Emerging Security Challenges
Location: Brussels/Belgium/UK/USA
Reference NO:U05(2013)
Salary:$343 ,000.00 USD
Grade: Uncl

Assistant Secretary General
(ASG), Political Affairs and Security Policy (PASP)
Location: Brussels/Belgium/UK/USA
Reference NO:U01(2013)
Salary:$343 ,000.00 USD
Grade: Uncl

Assistant Secretary General
(ASG), Defence Investment
Location: Brussels/Belgium/UK/USA
Reference NO:U03(2013)
Salary:$343 ,000.00 USD
Grade: Uncl

GENERAL REQUIREMENTS/SELECTION
Applicants are selected on the basis of academic credentials,experience and other relevant factors. Successful Applicants are invited to come for an interview/ Training Candidates are interviewed on their related knowledge,
skills and abilities. Application is open to all interested applicants from any nationality. HOW TO APPLY

Send your resume/CV to: recruitment@nspa-nato.int.tf or Fax: +1 206-338-6389
North Atlantic Treaty Organization (NATO)
Frank PEDERSEN
NATO Chief, Human Resources Division
Main address: U.S. Department of State
2201 C Street NW, Washington, DC 20520
Email: recruitment@nspa-nato.int.tf
Fax: +1 206-338-6389

Naturally, we did apply for a random position and not surprisingly, we got accepted immediately to join NATO. So where’s the catch? It’s the amount and type of sensitive, as well as personally identifiable information that a potential applicant would need to submit to further escalate his or her application.

For instance, the Employment Application Form requires details on the Security Clearance, Level and Expiration Date of the prospective employee, as well as details on whether or not an application has any civilian or military relatives, currently working for NATO. Furthermore, potential applicants would also need to provide detailed information on their whereabouts abroad, such as country, reason for visiting and the exact dates. Needless to say that someone’s looking for the very best in sensitive and personally identifiable information, from the socially engineered prospective employees.

Received Reply:
Welcome to the NATO, Download the attachment for NATO Employment Application Form and Interview Form Details, Complete and sign the NATO Employment Application Form and Interview Form After completion send a copy to the NATO Training Department via (training@nspa-nato.int.tf OR training@usnato-hr.org) or Fax: +1 206-338-6389.

I am directed to inform you that your application for Administrative Officer with Reference NO:LL-13 21/2013 grade A2 has been successful. The offered position is full-time with a basic salary of $243, 000.00 per annum, and
beginning immediately on your arrival. Other benefits include paid annual leave, home leave, and sick leave contributory government life and group health insurance coverage; Medical care and hospitalization overseas;
Transportation to and from post; shipment of authorized weights of household goods, and, where permitted, shipment of a motor vehicle.

You will receive non-taxable government housing, as well as a non-taxable cost-of-living allowance where the cost of living is higher than in China. You may also receive a “school-away-from-post “allowance for the education
of your dependent children. You are therefore to attend a NATO training program under our accredited Consulting and Training Institute.

Training are for the month of June/July 2013. However, you are at liberty to choose which of the months as stated above suites you best taking into consideration your current employment, but you must register now to qualify
for any of the month you choose to commence your training. Training will be in China or Ghana for the duration of one month.

The training starts with a three-day indoctrination in which all in-processing formalities are dealt with. Orientation follows, in which the New Entrants are introduced to the NATO culture, organization and methods of doing
business Training is designed to prepare the New Entrant for his/her new assignment. Welcome to European Committee for the NATO we are delighted to have you join the Agency and we look forward to working with you.

Please be advised that our notification to you that your application is Successful and invitation to training is a direct confirmation that you are now a new entrant into NATO as a staff. Please contact Director of training
institute via email: (training@nspa-nato.int.tf OR training@usnato-hr.org) For Registration and Training details.

Best regards and Congratulations,

North Atlantic Treaty Organization (NATO)
Frank PEDERSEN
NATO Chief, Human Resources Division
Main address: U.S. Department of State
2201 C Street NW, Washington, DC 20520
Email: recruitment@nspa-nato.int.tf
Fax: +1 206-338-6389

Frank Pedersen indeed exists, and indeed works for NATO, meaning that someone did their homework before launching the email campaign.

NATO impersonating domain name reconnaissance:
nspa-nato.int.tf – 188.40.117.12; 188.40.70.27; 188.40.70.29
Name server: ns1.idnscan.net
Name server: ns2.idnscan.net

usnato-hr.org – 208.91.198.24
Name Server: DNS1.SPIRITDOMAINS.COM
Name Server: DNS2.SPIRITDOMAINS.COM

Responding to the same IPs are also the following domains of interest:
contact-staff-paypal.us.tf
usa.fbi.us.tf
singin-ebay.de.tf
statcounter.org.uk.tc
securewebsafe.org.uk.tc

We know that on 2013-05-10 07:01:46 CET, responding to the same IP (188.40.117.12) was also the following Black Hole Exploit Kit redirecting URLs:
hxxp://24gw.de.be/main.php?page=cc7c454ef32ec256

We’re also aware that, on 2011-09-30, statcounter.org.uk.tc was also serving client-side exploits, and was back then responding to 91.228.133.56. Sample URLs:
hxxp://statcounter.org.uk.tc/dng290911/762c3f9c24e72f7c2211725c1e4b0c91/lpdf.php
hxxp://statcounter.org.uk.tc/dng290911/762c3f9c24e72f7c2211725c1e4b0c91/j.jar
hxxp://statcounter.org.uk.tc/dng290911/762c3f9c24e72f7c2211725c1e4b0c91/d11.php?e=5

Always watch where you apply and be aware of offers which sound too good to be true.

You can find more about Dancho Danchev by following him on Twitter.

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.