A company that promises to help job seekers land positions at the United States Postal Service (USPS) has exposed its internal IT operations and database, which had the records of almost 900,000 customers. The company, FederalJobsCenter, represents the culmination of a long-running international operation to elicit registration deposits along with credit card details from job seekers who use the site with a promise to secure an employment opportunity within 30 days or their money back. Furthermore, the website states that it provides guidance, coaching, and live assistance to postal job candidates to perform better in each of the steps to get a job. As such, the site sells USPS job coaching services ranging from between $39.99 and $100 along with training to ace an interview with USPS human resources. The website is full of content that makes it appear like the company is affiliated with the USPS, despite a “terms and conditions” section that states otherwise. Rather, the section explains that FederalJobsCenter is affiliated with US Job Services, a company based in Lawrenceville, Georgia.
The man behind the Pakistani hacking group that has been exploiting US Job Services is named Muhammed Tabish Mirza, who is a developer based in Karachi and whose email address is tab.webcoder@gmail.com. That email address has since been used to register several USPS-themed domains such as postal2017[.]com, postaljobscenter[.]com, and usps-jobs[.]com, according to a search on DomainTools. The data exposure was first unearthed by Patrick Barry, the chief information officer at Rebyc Security, who found out that US Job Services was leaking customer payment records since 2016 in real-time, along with a log file from 2019 containing the site administrator’s contact information and credentials to the backend database.
The website provides access to the data collected by US Job Services to several other coders in Pakistan who work with Mirza, as well as multiple executives, contractors, and employees working in a call center located in Murfreesboro, Tennessee, that operates as Nextlevelsupportcenters[.]com and thenextlevelsupport[.]com. Associates with a history of registering USPS jobs-related domain names run several key positions in the call center, while more than 160 people also use the US Job Services website, indicating that these individuals have access to all the consumer and payment data collected by the company. The call center, which specializes in white-label support, was founded in 2017 by Gary Plott, whose LinkedIn profile describes him as a seasoned telecommunications industry expert.
While the call center claims that it did not develop the content but agreed to support the postal product, DomainTools reports that the Gmail address used by Plott in the US Jobs system also registered multiple USPS job-related domains, suggesting that the call center may have been closely involved in the operation. Plott admitted that his company decided to focus on the US Postal jobs market from the very beginning but insisted it never refused to issue a money-back request. Doing so would result in costly chargebacks for NextLevel and potentially for the many credit card merchant accounts set up by Mirza.
The US FTC has filed notable lawsuits in the past over schemes purporting to help people get jobs at the Postal Service. In 1998, the FTC and the USPS took action against several organizations that were selling test or interview preparation services for prospective USPS workers breaking federal law. Ditto for a case the FTC brought in 2005. By 2008, the USPS job exam preppers had shifted to advertising their schemes mainly online. By 2013, the FTC won a nearly $5 million judgment against a Kentucky company claiming to offer such services. Last year, an Affiliateunguru.com report by Tim McKinlay concluded that the website job-postal[.]com was a scam that collected a one-time payment of $46.95 and offered nothing in return.
In conclusion, job seekers need to be vigilant and wary of suspicious job offers presented to them online. While the promise of securing a job within 30 days may be alluring, such deals often fall apart due to scams. Experts point out that the best way to seek employment is to utilize credible and trustworthy services. In the case of USPS jobs, individuals may check the agency’s website for open positions and information on how to apply for their jobs without using a third-party service.