Posted inExperience / Information Technology / Thank You Sir May I Have Another

Beware Hiring “Companies” Hosted on GoDaddy

seasoned_geek by seasoned_geek0
scam alert image

Hiring scams are back in vogue because the job market is shit. Despite what the Imbecile-in-Chief in the White House blurts out of the ass sitting on his shoulders, the job market is shit and hiring scams are rampant. Thieves have gotten better at faking the jobs as well. If you work in IT or another high paying field requiring a college degree, and you have your resume posted on any job board, you will be a victim. Even if you flag your resume as “hidden” most job boards have an “additional fee” service that lets supposed recruiters see your information. Even LinkedIn, a service no professionals use, does this. Yes, I’ve written about the sorry state of technical recruiting in America before.

This is not to say that all companies using GoDaddy are scams. I mean the bakery on the other side of town is fine. Ethyl’s flower shop that is twenty minutes away is fine. That author who wrote one book, sure, just buy the book at Barnes & Noble. If you are claiming to have an IT department and locations in multiple countries . . .no, you aren’t hosted on GoDaddy. You also aren’t hosted by any of the shit hosting companies listed in this post.

About this Post

How is it this post came about? These scammers made the mistake of trying to scam an author who had just released a new novel (you can buy it at Barnes & Noble) and really enjoys messing with them. I guess it stems from my twenties when telemarketers for siding and roofing companies used to cold call. I kept one on the phone for almost 45 minutes one day. At the end of the call I asked for his number “so I could give it to my landlord.” I picked out siding type, color, gave guestimates of the dimensions for the two story building, even went through picking out a steel roof that looked like slate. I was bored. He called me without asking if I was a home owner. If that company was too cheap to buy a list of home owners, they get what they pay for.

How it starts

You’ve all gotten emails like this. Yet another Indian “technical recruiter” having no knowledge of the industry. Just trying to get fifty cents for submitting a qualified resume, or so it seams. Usually it boast shit pay like $45/hr 100% on-site in New Jersey, or worse, at John Deere. Those you know are legit because no U.S. Citizen would ever take them.

Most people don’t check out these “technical recruiters.” On the day this email arrived, there was a standard IT company landing page. Probably came with the WordPress template. The bulk of the menu options threw 404 errors. It had an even bigger fraud indicator.

The hair on the back of your neck should stand up when you see GoDaddy. Scammers flock there. Why? GoDaddy used to run television commercials and they really don’t check anything out.

Cybersquatting

Cybersquatting is a crime. Sadly the original law had no teeth. It allows the offended to sue and obtain the domain name. So, if you try to register googl.com, Google has enough lawyers and deep enough pockets to really hurt you.

Hiring scams target startup and just past startup companies, usually outside of America. Those companies don’t have the financial resources to pursue a cybersquatter and they certainly don’t have someone search for infringing domain names. Normally these companies are working on something really cool. Sometimes it is a medical device, other times it is for the environment, green energy, micro-nuclear reactors, or cold fusion. The scam won’t work if they want you to write an order processing system for a startup hoping to be the next Walmart.

Having made that last statement, I have heard of, but not personally seen, hiring scams targeting COBOL programmers with a job opening like that. Usually they will target developers for an obsolete platform, like HP 3000, because those programmers can’t get another job. Companies sent all of the entry-level COBOL programming work to India. Prior to the H1-B fraud, IBM Mainframe shops would hire and train COBOL programmers from other platforms. Not anymore.

Before any of you get too itchy.

Google took care of that particular cybersquatting instance a long time ago.

Your Second Red Flag – Email Interview

At first blush it sounds legit. Because there is an 8+ hour difference between you and the “hiring location” they request an email only interview. You are given a canned set of questions most likely scraped from an interview questions web site. Once you respond there will be an automatic, but delayed, reply stating your responses were excellent. They need to discuss your responses and will get back to you shortly.

This last part works best if they contact you on Thursday. They can say “we will discuss it over the weekend and contact you on Monday.” When they do contact you back, HR will have a few more “interview questions” for you. Again this will be an email interview.

Note: A legitimate company might wish to conduct first round interview via email. This is certainly better than the automated shit Indeed and other sites are pitching. That second set of questions will always be a video meeting.

Another flavor of this scam is the AI video interview. Never take one of those. An AI asks the person a canned list of questions while their responses are being recorded. In theory it evaluates your body expression, appearance, etc. and ranks you. There is like a 1% chance the job opening is legit. There is a 100% chance the company, if it exists, is a shithole. The AI video interview is also a great way for employers to boot “people of color” from the candidate pool. There is no human to sue. Must have been a software glitch, right?

Email and automated interview processes allow hiring scammers to work north of 100 people per day before anyone has to pick up a phone.

The Legitimate Domain

The fake recruiter wasn’t cybersquatting. People conducting the second part of the hiring scam were. This is the real company web site.

https://www.tallano-technologies.com/

Note the spelling of the URL.

The first url Mr. Michael Vidinich (most likely fake name) (903) 392-9547 (a Google phone, give it a call and see if it still works) and Mr. Peter Leclercq (most likely fake name) (469) 317-1729 (as of this post still a functioning phone number that claims to be in Texas, feel free to call it) used was

Yeah, the “client delete prohibited” is because a certain IT geek and author went to ic3.gov and filled out all of the entries for a formal complaint. Note the registration date. It currently is December of 2025 and Christmas is over. They quickly moved to

It has some interesting WhoIs information. Note that above says Phoenix.

Note that the registrant contact says Reykjavik. I assume Reykjavik, Iceland doesn’t have an extradition treaty with the United States. One thing is certain, NameCheap, Inc. doesn’t check anything out. You will note the status is “client transfer prohibited” for this URL. NameCheap didn’t bother to check anything out, but ic3.gov did.

Seriously? You run a domain service in Phoenix, AZ and someone from Iceland wants to set up a domain. How did you get paid? Do you really think the credit card belonged to the person who used it?

Real Companies Don’t use Google Phone

Your friend traveling abroad for vacation will use Google Phone to avoid international cell phone hassles. A real company won’t. They have either land lines or their own VOIP. Most will get a service that provides a virtual receptionist and many other real company features.

Myth – Google phone is untraceable. Won’t say how, but, if you have Google phone on your “smart” phone, even if you are behind five layers of VPN, before you make a call or answer, your location is know to within six inches if such information is requested. Good enough that the dude who failed Marine Snipper Training can take you out from 500 yards through a wall. When in doubt, double tap. A bit more difficult on a laptop, but not that much more difficult.

Scammers like to use Google phone because they believe it is untraceable. Nope. Wifi enabled devices are like Swiffer dust mops, they pick up all kinds of cyber tracking trash as they move about the world.

What is the point of all this?

Fast cash and identity theft.

You will be “hired” no matter what you answered. Your first round of onboarding paperwork will be the standard W-4 form and usually a direct deposit form.

Of course, some of us geeks have worked on electronic tax filing systems so we know there are a set of SSNs the IRS will never issue that get used for testing. The logic behind this is keeping test data out of production. Sending test data to the production system happens more often than you think. Even when they used IBM Bisync modems and dial-up transmission this happened, just not as often. The modem had to be registered in both systems for it to happen. Then you had to forget to change the phone number you were using.

The second round is key

Once you complete the standard new hire paperwork you will get a second round of onboarding paperwork. Here is where the fast cash part comes in. There will be a “list of supplies” you need to acquire so training can start quickly. Yes, you will be paid for training and yes you will be reimbursed for your supplies with your first check . . . so they say.

At the bottom of your Welcome will be a list of “office equipment supplies.”

This also has to have their proprietary software installed so you have to purchase from their vendor via wire transfer. You will then get an invoice and wire transfer instructions.

What is key here is they will use a U.S. based bank to make you feel better. Most likely it is an account that has been compromised. Note the domain of the email address in the following.

Hiring scams like to keep using the same domain as much as they can.

Summary

Hiring scams will string the interview process out for days to make it seem like you are having multiple rounds of interviews. Why do they keep doing this? Because most of you are too lazy to report it. When the “hiring process” doesn’t require them to be present, they can scam hundreds per day.

When a “recruiter” contacts you,

  • first thing you do is look up the whois information for their email domain. If the domain was set up last week, Danger Will Robinson!
  • No phone number for the recruiter or the phone number doesn’t work, Danger Will Robinson!
  • Google phone, Danger Will Robinson!
  • Go to the domain for the email address and click half a dozen menu options. If you get a 404 not found, Danger Will Robinson!
  • Immediately go to ic3.gov and file a complaint at your first Danger Will Robinson!

Should you forget to validate the “recruiter” and get the company information.

  • whois the url for the company. If it is week or so old or hosted on one of the low-cost shit web hosting services, Danger Will Robinson!
  • Do an independent search using DuckDuckGo, Brave, or StartPage, NOT GOOGLE, for names like that. Cybersquatting is rampant so you have to be creative. When you find them and they have the same or similar description as “the company” looking to hire you, Danger Will Robinson!

Well, you get the picture. Let ic3.gov check out anything you find suspicious. The Better Business Bureau is all well and good, but it has no teeth. ic3.gov can throw people’s asses in jail.

Roland Hughes started his IT career in the early 1980s. He quickly became a consultant and president of Logikal Solutions, a software consulting firm specializing in OpenVMS application and C++/Qt touchscreen/embedded Linux development. Early in his career he became involved in what is now called cross platform development. Given the dearth of useful books on the subject he ventured into the world of professional author in 1995 writing the first of the "Zinc It!" book series for John Gordon Burke Publisher, Inc.

A decade later he released a massive (nearly 800 pages) tome "The Minimum You Need to Know to Be an OpenVMS Application Developer" which tried to encapsulate the essential skills gained over what was nearly a 20 year career at that point. From there "The Minimum You Need to Know" book series was born.

Three years later he wrote his first novel "Infinite Exposure" which got much notice from people involved in the banking and financial security worlds. Some of the attacks predicted in that book have since come to pass. While it was not originally intended to be a trilogy, it became the first book of "The Earth That Was" trilogy:
Infinite Exposure
Lesedi - The Greatest Lie Ever Told
John Smith - Last Known Survivor of the Microsoft Wars

When he is not consulting Roland Hughes posts about technology and sometimes politics on his blog. He also has regularly scheduled Sunday posts appearing on the Interesting Authors blog.

Leave a Reply