Jump to content

Has Anyone Ever Heard Of These Guys?


Recommended Posts

I got an email from a company that I never applied to, and they want some pretty personal information. I was wondering if anyone has ever heard of them. I plan to do some poking and prodding of my own, but here is the email and header that I got from them:


From administration Wed Oct 3 17:42:57 2012

X-Apparently-To: m_otto714@yahoo.com via; Wed, 03 Oct 2012 17:43:06 -0700

Return-Path: <admin@office-techs.net>

Received-SPF: none (domain of office-techs.net does not designate permitted sender hosts)











X-YMailISG: gXw58J4WLDt0jfK8JE.zV6DhtevU.ThPakVSBlEZcDDFb7_C























X-Originating-IP: []

Authentication-Results: mta1033.mail.ac4.yahoo.com from=office-techs.net; domainkeys=neutral (no sig); from=office-techs.net; dkim=neutral (no sig)

Received: from (EHLO p3plsmtpa06-03.prod.phx3.secureserver.net) (

by mta1033.mail.ac4.yahoo.com with SMTP; Wed, 03 Oct 2012 17:43:06 -0700

Received: from BrianKHatcher ([])

by p3plsmtpa06-03.prod.phx3.secureserver.net with

id 6oiy1k00F1Pi1ri01oizwb; Wed, 03 Oct 2012 17:43:04 -0700

From: "administration" <admin@office-techs.net>

To: <m_otto714@yahoo.com>

Subject: Welcome To Office Techs

Date: Wed, 3 Oct 2012 17:42:57 -0700

Message-ID: <006d01cda1c9$332ce0d0$9986a270$@office-techs.net>

MIME-Version: 1.0

Content-Type: multipart/mixed;


X-Mailer: Microsoft Outlook 14.0

Thread-Index: Ac2hyTK12yTgOYlcSXKi1jKriuWAbA==

Content-Language: en-us

Content-Length: 416574


Welcome to Office Techs! You are now part of a growing tech community that has access to field service opportunities around the country.

You completed the first part of the registration and now you need to give us the following information to complete your profile. To stream line service delivery Office Techs uses

Work market to dispatch and track work assignments. You will receive an email shortly from Work Market to complete your service profile please provide the following.

1. Picture headshot of yourself this is for the security of our clients .

2. Cell number and cell phone provider name (ie sprint, tmobile etc).

3. Any certifications you may have and the certification numbers .

4. Your skills and tools .

In addition to completing your profile we will need you to provide the following information to office techs for payroll processing.

W9( attached to this email) this is your contractor payroll information please fill it out and attach it to your reply email.

Direct Deposit form (also attached to this email). Direct deposit is not mandatory but will speed up the payroll process.

Please Feel free to contact us if you have any further information Office Techs Administration: 623-974-4115 .

Thank You

Office Techs Administration Team

Toll Free: 1-877-202-1176

Local : 623-974-4115

Email: admin@office-techs.net

Link to comment
Share on other sites

Never heard of this guys, and I had a quick look at their website, even though they seem to be legit and professionals, I have my doubts about them. If you have never applied or hired any services from them, there could be something fishy going on.

Do NOT reply to their emai, especially with your personal information. It could well be a scam, trying to steal personal information and other sensitive information from you.

Link to comment
Share on other sites

Do you think it was a spear-phishing attempt? Look at the name.... Brian K Hatcher? Brian Catcher.... lol... sounds like they want to sell you something or steal all of your creds.

Link to comment
Share on other sites

Unless you actually applied somewhere for a job, or with their site, a temp agency(who should have given you a heads up and the info) sounds like a straight up phishing email, or some form of scam, but either way, you NEVER, I don't care how legit it seems, send personal info in an email to anyone you don't know, especially when a tax form is attached!

Even if you applied for a job somewhere, put your resume online, they found you on a classified job board, etc, never send info like this to people in an email if you have never specifically spoken with these people or know of their services, and even then, if you DID applay with them, they would have your info needed already. (Also, if the W9 attached was a PDF, DO NOT OPEN IT!!! Could be all real company info to look legit, but the W9 form COULD BE A BOOBY TRAPPED FILE! They should always link you to the IRS site to get a true W9!!)

This looks straight up phishing, for god knows what they would use it for, but also the W9 file, could be a metasploit file used to gain access to your machine! Who knows what they will do with the info you give them too, maybe have a page or thing they send out to sell their services, with faces of people and contact info, like recruiters, temp agency type stuff, and the person sending you the email, may need to meet a quota and just slap some info together to keep their own job, but either way, don't open the file. You can, go tothe IRS website, download a W9, and then do md5sum comparisons on the two forms. If they differ, then the file they sent you was tampered with!

Phone number is Arizona, website is godaddy(which, is also Arizona for nearly all thir IP addresses anyway - Geoip IP data for which looks like the path it was sent from godaddy (which almost always resolve to Scotsdale, AZ) - http://maps.google.c....6119,-111.8906 ) is Qwest 174-26-168-64.phnx.qwest.net ( so probably sent from her ISP )

The W9 form, most likely, will ask for your SS#, full name, address, etc, which once they have, can open credit cards in your name, or any other number of things, and since its a w9 and they are a supposed business, can use it to file taxes on yor behalf as if they paid you, and then write it off at the end of the year like you were one of their consultants and they get a kick back on the taxes.

Phone number in email:


Whois on office-techs.net - http://www.ewhois.co...fice-techs.net/ is, also godaddy.

Facebook page: http://www.facebook....&_fb_noscript=1

Check their favicon.ico site! -- http://www.officetec...net/favicon.ico == http://www.officetec...westoffice.net/


"Will the real Office Techs, please stand up, please stand up..." /cue slim shady music

Registrant name, look at the spelling!!


Ofice Techs

Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 08-sep-2012
Creation Date: 08-sep-2012
Expiration Date: 08-sep-2013

Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
Created on: 08-Sep-12
Expires on: 08-Sep-13
Last Updated on: 08-Sep-12

Ofice Techs &lt;&lt;-- Can't spell, or impersonating another business, perhaps there is a REAL "Office Techs" company??
12235 W Thunderbird Rd Apt 3104
El Mirage, Arizona 85335
United States
Google map of this address: http://maps.google.com/maps?hl=en&amp;q=33.6119,-111.8906 &lt;&lt;-- This is an apartment complex!!

Administrative Contact:
Mcfarland, Arnita officetechs@qwestoffice.net &lt;&lt;-- http://www.resumebucket.com/ArnitaMcfarland (also Arizona)
^^ Address from resume - http://maps.google.com/maps?hl=en&amp;q=13814+Crocus+Dr.++++Surprise+AZ.+85379&amp;bav=on.2,or.r_gc.r_pw.r_qf.&amp;biw=1436&amp;bih=710&amp;um=1&amp;ie=UTF-8&amp;sa=N&amp;tab=wl
Ofice Techs
12235 W Thunderbird Rd Apt 3104
El Mirage, Arizona 85335
United States

Technical Contact:
Mcfarland, Arnita officetechs@qwestoffice.net ( This looks like possibly her ISP, since qwest is a telephone and service prodider )
Ofice Techs
12235 W Thunderbird Rd Apt 3104
El Mirage, Arizona 85335
United States

Domain servers in listed order:


Whois Server: whois.corporatedomains.com
Referral URL: http://www.cscglobal.com
Status: clientTransferProhibited
Updated Date: 13-sep-2007
Creation Date: 11-jul-2006
Expiration Date: 11-jul-2014

Qwest Communications International Inc
Qwest Communications International Inc
1801 California Street
Denver, CO 80202
Email: domainadmin@qwest.com &lt;&lt; redirects to http://www.centurylink.com/ so most likley her ISP for officetechs@qwestoffice.net ||| http://qwestoffice.net/ is like the business lines of their internet service, sort of like comcast.net and then their Comcast business services vs residential internet services (I'm assuming, anyway...)

Registrar Name....: CORPORATE DOMAINS, INC.
Registrar Whois...: whois.corporatedomains.com
Registrar Homepage: www.cscprotectsbrands.com

Domain Name: qwestoffice.net

Created on..............: Tue, Jul 11, 2006
Expires on..............: Thu, Jul 11, 2013
Record last updated on..: Mon, Dec 21, 2009

Administrative Contact:
Qwest Communications International Inc
Qwest Communications International Inc
1801 California Street
Denver, CO 80202
Phone: +1.8887780053
Email: domainadmin@qwest.com

Technical Contact:
Qwest Communications International
Qwest Communications International
1801 California St
Denver, CO 80202
Phone: +1.8887780053
Email: andrew@qwestoffice.com

DNS Servers:


Also, I would upload the PDF to Virus Total, just to see if it finds anything in it. And if you want to open it, make a viirtual machine, take a snapshot, copy it over to the VM, then open it in the VM and see what happens. Make sure you compare processes running before and after the file ran, and use Wireshark, to see if when opened, the PDF doens't try to connect back to some site. I'd be curious to test it and see what happens when you run it(in a VM of course) and see if it communicates with another system, or exploits your machine. Same with that payroll file they attached.

Edited by digip
Link to comment
Share on other sites

Thanks digip! I woke up this morning ready to get all stalker on them this morning and you did it all for me. The PDF thing is exactly what I was planning on doing back to them. I figured that they wouldn't hesitate to open something that they thought their fishing attempt worked on. I called them a few times from different numbers. The first time the call sounded pretty official until I asked him a question he couldn't answer, then I was hung up on. I called back from another number and messed with him for a little bit until I was hung up on again. Then my wife wanted to get in on the fun so she called them and a lady answered, but she didn't answer as the company. All she said was "hello". So yeah they blew it and I figure I have someone to practice a few things on when I need a break from reading

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...