Monster.com users targeted by CV phishers
McAfee has discovered a
new phishing scam targeting users of jobs site
Monster.com.
The scam targets both job seekers and recruiters using
Monster.com. E-mails asking users to click through and update their
profile appear to be linked to Monster.com, but can be traced back
to a bot computer in Turkey.
McAfee said the scam is most likely to impact recruiters, with
the perpetrators trying to gain access to their accounts and
consequently to hundreds or even thousands of CVs.
McAfee said CVs offered fraudsters a potential gold mine of
useful information.
Greg Day, a security analyst at the company, said, "With the
news full of stories about the credit crunch, leading to concerns
about potential job cutbacks, many people are looking to the
internet to find potential employment opportunities and see what's
available to provide some reassurance in the current climate.
"Unfortunately, scammers are getting wise to this, as we have
seen with a recent influx of phishing attacks looking to steal
personal details by gaining access to online job hunting profiles
or tempting victims with information of potential job
openings."
In August 2007, more than 1.3m users' details were stolen from
Monster.com when its system was compromised using two servers at a
web hosting company in the Ukraine.
More recently, Monster.com and other leading sites have been
targeted by the Russian gang "Phreak", which extracted data from
CVs using an identity harvesting tool.
Further information on the latest Monster.com attack
>>
Data breaches - the legal aftermath >>
Monster hack sees 146,000 government job applicants' records taken
>>