Jobhunters applying for work at Harrods found their bank accounts emptied by computer fraudsters who managed to make more than £1million, a court heard yesterday.
Victims thought they were downloading application packs posted by the prestigious west London store on Gumtree.
But they were infact infecting their computers with a bug programmed by a so-called IT whizzkid on behalf of Nigerian conmen, the Old Bailey heard.
Jobseekers who found their computers hacked had their bank accounts ransacked and lost up to £4,700 each.
The alleged fraudsters were only caught when Harrods' security boss was alerted to the fake ads and he investigated.
The Gumtree ads, first posted in August 2010, promised job posts at Harrods.
Those who responded were sent emails purporting to come from the recruitment agency Blue Arrow and with supposed application packs to download and fill in.
But would-be applicants instead downloaded software allegedly written by 27-year-old Tyrone Ellis.
The gang was said to have hired 'mules' to go to banks and withdraw money from hacked accounts or used the stolen details for online shopping sprees.
The scam was uncovered by Harrods security director Gregory Faulkener, who called in US phishing experts. He warned off the gang but 415 more ads were posted.
Computer graduate Ellis, four Nigerians in their 20s and one of their mothers, all from south London, deny conspiracy to defraud and the case continues.
Raj Samani, chief technology officer at McAfee EMEA comments: "It's easy for consumers to trust well-known brands like Harrods, Blue Arrow and Gumtree, but often it is this trust which scammers will take advantage of in order to dupe their victims.
Consumers can look out for tell-tale signs of phishing emails including the accuracy of the company logo on the email - if it looks a bit blurry it's probably fake - and the email address from which the message was sent. If they're unsure whether an email is genuine, it's safer not to touch it.
As well as keeping their wits about them, in order to stay properly protected against future phishing scams like this, consumers need to ensure they've employed adequate online security which can recognise and flag up when something on an email or website is potentially risky."