Security experts have warned of a phishing scam targeting users of recruitment site Monster.com. The scam targets both job seekers and recruiters.
Emails asking users to click through and update their profile appear to be linked to Monster.com but can be traced back to a botnet in Turkey, according to McAfee Avert Labs.
Greg Day, a security analyst at McAfee, said: “Scammers are trying more and more diverse and sophisticated techniques to obtain information that can be of financial reward.
“With concerns about potential job cutbacks, many people are looking to the internet to find potential employment opportunities and see what’s available to provide some reassurance in the current climate.
“Unfortunately, scammers are getting wise to this as we have seen with a recent influx of phishing attacks looking to steal personal details by gaining access to online job hunting profiles or tempting victims with information of potential jobs.”
In August 2007, over 1.3 million users’ details were stolen from Monster.com when it was compromised by an illegal operation run from two server computers at a web hosting company in the Ukraine.
More recently Monster.com and other leading sites were targeted by the Russian ‘Phreak’ gang which extracted data from CVs using an identity harvesting tool.
Day warned that the repercussions of this type of attack are potentially huge. “If a cyber-criminal is able to access a large number of CVs, the information obtained could easily be used for malicious intent,” he said.
“As far as cyber-criminals are concerned, CVs offer a goldmine of information so this would be a major result for them.”
vnunet.com, 15 Jul 2008