AQ'S Corner

I started DoorDash on June 27, 2025, and after a morning of dashing, I came home, kicked off my shoes, and settled in to do what I do every day: build my brand, work on my company, and look for new job opportunities. That’s when I opened my inbox and got hit with a digital gut punch: five obvious scam job offers.

But one stood out, and not just because it was dressed up nicely. No, this one had the audacity to name-drop the Department of Defense (DoD) and Aerospace work. The job listing was for a “100% Remote Tech Writer–Engineering Documentation Specialist,” allegedly supporting advanced military and engineering initiatives. Bold, right?

But the moment I began digging, what unraveled was not just a shady email, it was a systemic failure in how we police job listings, especially when they’re dangling the credibility of federal agencies to bait victims.

The Job Offer That Went Too Far

Here’s the original email from “Amit Sharma”, who claimed to represent a recruiter from ETalentNetwork:

“We are the sole agency that does recruitment for 22nd Century Technologies, Inc. (TSCTI)… The role supports SNC’s engineering transformation… Must have experience in Aerospace and Defense Industry or DoD…”

At face value, it sounds impressive. But as someone deeply entrenched in cybersecurity and hiring analytics, red flags shot up the second I read it.

My Investigative Process: How I Pulled the Thread

1. WHOIS Lookup
   
   • Registrar: NameSecure L.L.C. — not exactly synonymous with high-assurance infrastructure.
     
   • Domain Created: October 1, 2016
     
   • Last Updated: March 2017 (a digital eternity ago)
     
   • Domain Status: clientTransferProhibited
     
   • DNSSEC? Nope—unsigned.
     
2. This site is basically a static shell that hasn’t seen real security management in years.
   
3. No SSL Certificate
   The E Talent Network site loads over HTTP, not HTTPS, meaning no encryption, no protection. I don’t trust sites that won’t even encrypt their traffic, let alone claim to represent DoD contractors.
   
4. VirusTotal Scan
   The domain’s final IP was hosted on Apache. While the scan didn’t report malware, it categorizes the site as simply “blogs” or “job search.” No validation of their DoD affiliation. Just a generic site running unsecured job listings.
   
   • First submission: Nov 2016
     
   • Last analysis: March 12, 2025
     
   • Headers? Deny framing. Enforce XSS protection. But no HSTS or DNSSEC.
     

LinkedIn Confirms the Stakes

On June 26, 2025, a day before this scam hit my inbox, I was scrolling LinkedIn and saw a post from the Office of the DoD Chief Information Officer:

“We’re calling on industry leaders, innovators, and cybersecurity experts to help modernize the Risk Management Framework. Our goal: to accelerate secure tech deployment, enhance cyber resilience… Your input will shape future policy.”

This wasn’t just timely, it was a call to action. If scammers feel confident attaching their schemes to the DoD, it shows we’re not just losing the job market, we’re bleeding public trust.

Enter Project TrustHire – A Zero Trust Framework for Job Security

Enough is enough. We need to treat job scams as a national cyber crisis, not just a spam folder inconvenience.

So I built Project TrustHire, a proposal inspired by the NIST Zero Trust Architecture, but tailored for job platforms and hiring fraud prevention. We’re calling it SP‑TRUST (Special Publication for Trust in Hiring).

Core Elements of SP‑TRUST:

• Verified Identity Channels: Recruiters must use certified, encrypted identities tied to verifiable organizations.
  
• Content Integrity Scanning: Flag job posts that keyword-stuff government or defense terms without corresponding verification.
  
• Domain Reputation Scoring: Every posted job gets scored for DNSSEC, SSL, registrar integrity, and virus/malware checks.
  
• User Empowerment Layer: Job seekers get a dashboard showing each listing’s trust score before they click “Apply.”
  

🧩 My previous articles about Project TRUSThire :

https://aqscorner.com/2025/06/16/nist-responded-to-my-job-scam-proposal-heres-what-it-means-for-aqs-corner/

https://aqscorner.com/2025/06/12/i-wrote-a-national-framework-to-combat-job-scams-and-sent-it-to-nist/

NOTE: The proposal is by request only for organizations like NIST, DoD, and CISA 

How This Scam Breaks the Trust Chain

Let’s break down why ETalentNetwork should not be allowed to claim legitimacy:

• Name-dropping the DoD without validation
  
• No SSL or DNSSEC
  
• WHOIS details are stale
  
• No active engagement or transparency from “Amit Sharma”
  
• Links open to unsecured forms and resume drops
  

If they’re this careless with their own infrastructure, how secure do you think your private data is after you apply?

What You Can Do

1. WHOIS every job domain—check creation, registrar, and update history.
   
2. Refuse to send personal data via HTTP-only sites.
   
3. Use VirusTotal to scan job domains before clicking anything.
   
4. Share SP‑TRUST with HR teams and job platforms.
   
5. Push for recruiter identity verification on LinkedIn and Indeed.
   

If We Let Scammers Invoke the DoD, We’ve Already Lost

I planned on taking a day off from scam investigating today, but when bad actors start using the Department of Defense to trick job seekers like me, and potentially thousands of others, it becomes clear: this isn’t just about fake jobs. It’s a cyber threat.

If we can’t trust the inbox, the listings, or the platforms, then we need to rethink the hiring pipeline entirely. It’s time to build cyber-safe, scam-proof recruiting, and SP‑TRUST is my blueprint to do just that. Because if someone can fake a federal job, what else are we letting through?