Jump to content
almaty

Phishing attack plunders job site

By almaty in Off Topic

 Share

8 posts in this topic

Recommended Posts

almaty Grand Master

almaty   19

Posted
Filed: Citizen (pnd) Country: Kazakhstan
 Timeline
Posted

BOSTON - A recently disclosed fraud involving hundreds of thousands of people on the Monster.com jobs Web site reveals the perils of leaving detailed personal information online, security analysts say.

Before the scheme was uncovered last week by researchers at Symantec Corp., con artists had filched legitimate user names and passwords from recruiters who search for job candidates on Monster. Then with access into the Monster system, the hackers grabbed resumes and used information on those documents to craft personalized "phishing" e-mails to job seekers.

"What phishers are trying to do these days is make them as realistic as possible, by adding specific information," said Patrick Martin, a Symantec product manager. "If they know you've submitted a resume to Monster, that makes it (seem) a little more legitimate."

If the recipients took the bait, they had spyware or other malicious programs secretly installed on their computers. But even if the phishing attempt wasn't successful, the names, addresses and other details on the resumes can themselves be lucrative.

A server in the Ukraine used in the scheme held 1.6 million entries. Because of duplications, Symantec said those files actually held personal information for "several hundred thousand" job seekers. Another antivirus firm, Authentium Inc., said it parsed the same data and counted 1.2 million people.

Symantec said it relayed details to Monster.com so it could disable the compromised recruiter accounts. But the security company also advised Web users to limit their exposure to such frauds by reducing the amount of personal information they post on the Internet.

That advice was echoed in other corners. Ron O'Brien, senior security analyst for Sophos PLC, suggested that job seekers provide only minimal details about themselves on job sites, and then reveal deeper information only for queries that prove to be legitimate.

The same standards should apply on social networking sites such as Facebook that ask for a wealth of information, O'Brien said.

"With very little effort, I could put together a profile of you that includes such information as your home address, your home phone number, your e-mail address, your birthday," O'Brien said. "We need to kind of take a step back and decide whether it's really required for us to provide all the information requested of us. ... We have become a nation of people who want to be cooperative."

Other security specialists said Monster might share the blame if it doesn't ensure that people with access to its system use "strong" passwords that are frequently changed or hard to guess.

"They have a major responsibility when they have this information," said Laura Yecies, a vice president of Check Point Software Technologies Ltd.

Representatives for Monster Worldwide Inc., the New York-based parent company of the jobs site, did not return messages seeking comment.

On its Web site, the company advises its members to be extremely cautious about e-mails purporting to be from recruiters — advice that goes for all unsolicited messages.

To spot phishing attempts, look for misspellings or grammatical mistakes in the messages. Even if an e-mail passes that smell test, don't click on links in the e-mail or fill out forms asking for information. And if the message offers a deal that is too good to be true — such as easy money — it probably is.

Peace to All creatures great and small............................................

But when we turn to the Hebrew literature, we do not find such jokes about the donkey. Rather the animal is known for its strength and its loyalty to its master (Genesis 49:14; Numbers 22:30).

Peppi_drinking_beer.jpg

my burro, bosco ..enjoying a beer in almaty

http://www.visajourney.com/forums/index.ph...st&id=10835

Link to comment
Share on other sites
Chica Yeyé Grand Master

Chica Yeyé   41

Posted
Filed: Timeline
Posted

almaty,

Just yesterday I was checking out my moooooves on Monster and they posted the same information - warning users about email scams.

Posting one's resume online is a powerful self-marketing tool - specially for those moving to the US, but you can never be too careful. My resume is not searchable, and my personal info is confidential: call it paranoid, but I sleep better at night ;)

Great info!

L.

Link to comment
Share on other sites
Hilarious Clinton Grand Master

Hilarious Clinton   452

Posted
Filed: Lift. Cond. (apr) Country: Solomon Islands
 Timeline
Posted
Am I glad I never posted my resume online. :o

Me too. I never posted my resume at the bus station either.

"The fact that we are here today to debate raising America’s debt limit is a sign of leadership failure. It is a sign that the U.S. Government can’t pay its own bills. It is a sign that we now depend on ongoing financial assistance from foreign countries to finance our Government’s reckless fiscal policies."

Senator Barack Obama
Senate Floor Speech on Public Debt
March 16, 2006



barack-cowboy-hat.jpg
90f.JPG

Link to comment
Share on other sites
Dr_LHA Experienced

Dr_LHA   3

Posted
Filed: Citizen (pnd) Country: United Kingdom
 Timeline
Posted
Me too. I never posted my resume at the bus station either.

Do you prefer to hang out at the bus station and meet potential "employers" face to face then?

Link to comment
Share on other sites
Hilarious Clinton Grand Master

Hilarious Clinton   452

Posted
Filed: Lift. Cond. (apr) Country: Solomon Islands
 Timeline
Posted
Me too. I never posted my resume at the bus station either.

Do you prefer to hang out at the bus station and meet potential "employers" face to face then?

I only hang out at the bus station to make extra cash.

(but seriously. I e-mail my resume but don't post it)

"The fact that we are here today to debate raising America’s debt limit is a sign of leadership failure. It is a sign that the U.S. Government can’t pay its own bills. It is a sign that we now depend on ongoing financial assistance from foreign countries to finance our Government’s reckless fiscal policies."

Senator Barack Obama
Senate Floor Speech on Public Debt
March 16, 2006



barack-cowboy-hat.jpg
90f.JPG

Link to comment
Share on other sites
AnaAndDaniel Experienced

AnaAndDaniel   0

Posted
Filed: K-3 Visa Country: Mexico
 Timeline
Posted

not familiar with this site's setup. can someone create an account under a fake name, post resume and request that any contact be made via the system's PM?

If so, once a potential employer contacts the user, the user can then send pertainent info via email.

I am sure it isn't a technical problem. But maybe it isn't kosher.

Daniel

:energetic:

Ana (Mexico) ------ Daniel (California)(me)

---------------------------------------------

Sept. 11, 2004: Got married (civil), in Mexico :D

July 23, 2005: Church wedding

===============================

K3(I-129F):

Oct. 28, 2004: Mailed I-129F.

~USPS, First-Class, Certified Mail, Rtn Recpt ($5.80)

Nov. 3, 2004: NOA1!!!!

Nov. 5, 2004: Check Cashed!!

zzzz deep hibernationn zzzz

May 12, 2005 NOA2!!!! #######!!! huh???

off to NVC.

May 26, 2005: NVC approves I129F.

CR1(I-130):

Oct. 6, 2004: Mailed I-130.

~USPS, First-Class, Certified Mail, Rtn Recpt ($5.80)

Oct. 8, 2004: I-130 Delivered to CSC in Laguna Niguel.

~Per USPS website's tracking tool.

Oct. 12, 2004 BCIS-CSC Signs for I-130 packet.

Oct. 21, 2004 Check cashed!

Oct. 25, 2004 NOA1 (I-130) Go CSC!!

Jan. 05, 2005 Approved!!!! Off to NVC!!!!

===============================

NVC:

Jan. 05, 2005 ---> in route from CSC

Jan. 12, 2005 Case entered system

Jan. 29, 2005 Received I-864 Bill

Jan. 31, 2005 Sent Payment to St. Louis(I864)

Feb. 01, 2005 Wife received DS3032(Choice of Agent)

Feb. 05, 2005 Payment Received in St. Louis(I864)

Feb. 08, 2005 Sent DS3032 to Portsmouth NH

Feb. 12, 2005 DS3032 Received by NVC

Mar. 04, 2005 Received IV Bill

Mar. 04, 2005 Sent IV Bill Payment

Mar. 08, 2005 Received I864

Mar. 19, 2005 Sent I864

Mar. 21, 2005 I864 Received my NVC

Apr. 18, 2005 Received DS230

Apr. 19, 2005 Sent DS230

Apr. 20, 2005 DS230 received by NVC (signed by S Merfeld)

Apr. 22, 2005 DS230 entered NVC system

Apr. 27, 2005 CASE COMPLETE

May 10, 2005 CASE SENT TO JUAREZ

Off to Cd. Juarez! :D

calls to NVC: 6

===============================

CIUDAD JUAREZ, American Consulate:

Apr. 27, 2005 case completed at NVC.

May 10, 2005 in route to Juarez.

May 25, 2005 Case at consulate.

===============================

-- Legal Disclaimer:What I say is only a reflection of what I did, going to do, or may do; it may also reflect what I have read others did, are going to do, or may do. What you do or may do is what you do or may do. You do so or may do so strictly out of your on voilition; or follow what a lawyer advised you to do, or may do. Having said that: have a nice day!

Link to comment
Share on other sites
almaty Grand Master

almaty   19

Posted
Filed: Citizen (pnd) Country: Kazakhstan
 Timeline
  • Author
Posted (edited)

always be careful with personal info is my motto

Edited by almaty

Peace to All creatures great and small............................................

But when we turn to the Hebrew literature, we do not find such jokes about the donkey. Rather the animal is known for its strength and its loyalty to its master (Genesis 49:14; Numbers 22:30).

Peppi_drinking_beer.jpg

my burro, bosco ..enjoying a beer in almaty

http://www.visajourney.com/forums/index.ph...st&id=10835

Link to comment
Share on other sites
 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
- Back to Top -

Important Disclaimer: Please read carefully the Visajourney.com Terms of Service. If you do not agree to the Terms of Service you should not access or view any page (including this page) on VisaJourney.com. Answers and comments provided on Visajourney.com Forums are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Visajourney.com does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. VisaJourney.com does not condone immigration fraud in any way, shape or manner. VisaJourney.com recommends that if any member or user knows directly of someone involved in fraudulent or illegal activity, that they report such activity directly to the Department of Homeland Security, Immigration and Customs Enforcement. You can contact ICE via email at Immigration.Reply@dhs.gov or you can telephone ICE at 1-866-347-2423. All reported threads/posts containing reference to immigration fraud or illegal activities will be removed from this board. If you feel that you have found inappropriate content, please let us know by contacting us here with a url link to that content. Thank you.
×
×
  • Create New...