Monster.com users targeted by CV phishers
The scam targets both job seekers and recruiters using Monster.com. E-mails asking users to click through and update their profile appear to be linked to Monster.com, but can be traced back to a bot computer in Turkey.
McAfee said the scam is most likely to impact recruiters, with the perpetrators trying to gain access to their accounts and consequently to hundreds or even thousands of CVs.
McAfee said CVs offered fraudsters a potential gold mine of useful information.
Greg Day, a security analyst at the company, said, "With the news full of stories about the credit crunch, leading to concerns about potential job cutbacks, many people are looking to the internet to find potential employment opportunities and see what's available to provide some reassurance in the current climate.
"Unfortunately, scammers are getting wise to this, as we have seen with a recent influx of phishing attacks looking to steal personal details by gaining access to online job hunting profiles or tempting victims with information of potential job openings."
In August 2007, more than 1.3m users' details were stolen from Monster.com when its system was compromised using two servers at a web hosting company in the Ukraine.
More recently, Monster.com and other leading sites have been targeted by the Russian gang "Phreak", which extracted data from CVs using an identity harvesting tool.