Markets

U.S. open in 24 hrs, 56 mins

DJIA

10,023.42

17.46

0.17%

NASDAQ

2,112.44

7.12

0.34%

S&P 500

1,069.30

2.67

0.25%

10yr Note

101.031

0.25

0.25%

FTSE 100

5,142.72

17.08

0.33%

Nikkei 225

9,789.35

71.91

0.74%

Hang Seng

21,829.72

350.64

1.63%

Euro (in USD)

1.485

-0.0024

0.16%

Yen (per USD)

89.94

-0.80

0.88%

Gold

1,095.10

6.40

0.59%

Oil

77.65

-1.97

2.47%

BUSINESS NEWS

INVESTING

Financial Glossary

PERSONAL FINANCE AT WALLETPOP

SMALL BUSINESS

Hackers Steal Data From Top Jobs Site

By BRIAN BERGSTEIN,

Posted: 2007-08-23 07:33:08

BOSTON (Aug. 23) - A recently disclosed fraud involving hundreds of thousands of people on the Monster.com jobs Web site reveals the perils of leaving detailed personal information online, security analysts say.

Before the scheme was uncovered last week by researchers at Symantec Corp., con artists had filched legitimate user names and passwords from recruiters who search for job candidates on Monster. Then with access into the Monster system, the hackers grabbed resumes and used information on those documents to craft personalized "phishing" e-mails to job seekers.

"What phishers are trying to do these days is make them as realistic as possible, by adding specific information," said Patrick Martin, a Symantec product manager. "If they know you've submitted a resume to Monster, that makes it (seem) a little more legitimate."

If the recipients took the bait, they had spyware or other malicious programs secretly installed on their computers. But even if the phishing attempt wasn't successful, the names, addresses and other details on the resumes can themselves be lucrative.

A server in Ukraine used in the scheme held 1.6 million entries. Because of duplications, Symantec said those files actually held personal information for "several hundred thousand" job seekers. Another antivirus firm, Authentium Inc., said it parsed the same data and counted 1.2 million people.

Symantec said it relayed details to Monster.com so it could disable the compromised recruiter accounts. But the security company also advised Web users to limit their exposure to such frauds by reducing the amount of personal information they post on the Internet.

That advice was echoed in other corners. Ron O'Brien, senior security analyst for Sophos PLC, suggested that job seekers provide only minimal details about themselves on job sites, and then reveal deeper information only for queries that prove to be legitimate.

The same standards should apply on social networking sites such as Facebook that ask for a wealth of information, O'Brien said.

"With very little effort, I could put together a profile of you that includes such information as your home address, your home phone number, your e-mail address, your birthday," O'Brien said. "We need to kind of take a step back and decide whether it's really required for us to provide all the information requested of us. ... We have become a nation of people who want to be cooperative."

Other security specialists said Monster might share the blame if it doesn't ensure that people with access to its system use "strong" passwords that are frequently changed or hard to guess.

"They have a major responsibility when they have this information," said Laura Yecies, a vice president of Check Point Software Technologies Ltd.

Representatives for Monster Worldwide Inc., the New York-based parent company of the jobs site, did not return messages seeking comment.

On its Web site, the company advises its members to be extremely cautious about e-mails purporting to be from recruiters - advice that goes for all unsolicited messages.

To spot phishing attempts, look for misspellings or grammatical mistakes in the messages. Even if an e-mail passes that smell test, don't click on links in the e-mail or fill out forms asking for information. And if the message offers a deal that is too good to be true - such as easy money - it probably is.

Copyright 2008 The Associated Press. The information contained in the AP news report may not be published, broadcast, rewritten or otherwise distributed without the prior written authority of The Associated Press. All active hyperlinks have been inserted by AOL.

2007-08-23 06:32:28

Must Read?

0 %

0 VOTES

Recent Comments

Post Your Own

1 - 10 of 48

48 comments

investag8ting 08:26:09 AM Aug 24 2007

Report This!

When the criminals are smarter than the business people it doesn't say much for a society. If the criminals are so smart why don't they earn a lot of money the right way? That or they're foreigners funding terrrorism against us, and if that's the case, this is really really bad. Either way this is really bad!

acherise7 02:06:03 AM Aug 24 2007

Report This!

i have never looked for a job on line but my boyfriend does. i thought he was just being lazy and that he should be hitting the pavement as they use to say lol but today you can even fill out a job applications on line. some company's only post jobs on line no more paper. cheaper and more effective ?? im old school i guess if i where to look for a job it would be pavement time for this old girl

mmoody5778 10:59:48 PM Aug 23 2007

Report This!

Check out Fraudwatcher.org/employment. This site opened my eyes to the scammers preying on job seekers.

kelli2l 08:31:11 PM Aug 23 2007

Report This!

TRY TO REMEMBER PEOPLE THAT THIS ADMINISTRATION (Bush) GAVE THE OKAY FOR OUR PHONE (and cell phone) NUMBERS TO BE SHARED WITH THE BUSINESS WORLD. EVEN THOUGH WE PAY FOR CELL PHONE INCOMING CALLS IT DIDN'T HAVE ENOUGH IMPACT ON THIS ADMINISTRATION TO STOP THIS FROM HAPPENING - WHY? BECAUSE THEY CARE MORE FOR THE RIGHT OF BUSINESSES TO MAKE MONEY THAN THEY DO FOR OUR SAFETY AND SECURITY.
THE PROBLEM I SEE - IS THAT THE CITIZENS ARE NOT PAYING ENOUGH ATTENTION TO WHAT'S GOING ON IN OUR GOVERNMENT. IT MAY BE DEPRESSING TO WATCH AND LISTEN TO THE NEWS BUT IT IS ESSENTIAL or YOU MAY NOT HAVE MUCH OF A LIFE ANYMORE. PLEASE GET INVOLVED !

kelli2l 08:21:59 PM Aug 23 2007

Report This!

WHAT IF ONE DAY WE FIND OUT THAT OUR OWN GOVERNMENT IS STEALING ALL THIS PERSONAL AND PRIVATE DATA !

nvsfmsb 08:03:47 PM Aug 23 2007

Report This!

Is it only Monster? My resume is on CareerBuilder and I must get about 30 "job Offers" a week offering me a salesposition where all I have to do is transfer Money into their bank accounts and I get to keep 30%.Oh thats after I cash the checks in my bank account,lmao.
I know scammers are out there and yes probably have my resume.Does it bother me..sure,but then again I don't have my social security # on it .

pushupsbootcamp 07:16:00 PM Aug 23 2007

Report This!

PEACE BE WITH YOU by RAIMONDO SALOMONE has been reviewed as,
“One of the most provocative novels in years. An important book.”
It’s the riveting story of three generations of Italian-Americans and the tenuous relationship they have with their Catholic priest. Search for it at Amazon or BarnesandNoble.com Read an excerpt at the author’s website,

www.RaimondoSalomone.com

HOW FAR WILL A PRIEST GO TO KEEP A SECRET?

dirtyga76 07:04:30 PM Aug 23 2007

Report This!

the real crooks are those buying the information off these people.

jokur1853 06:57:32 PM Aug 23 2007

Report This!

trucker42904: FYI If you post your resume online you still have to physically go for an interview. What would you do to find a job, just show up at companies and ask for a job. You sound like an idiot!!!!!!!!!!!!

RaKaPh1 06:17:00 PM Aug 23 2007

Report This!

Yes. Unfortunately, they are attacking us in our homes, at our offices, in our schools, but the criminals are now doing it all online. Holding information for ransom, paralyzing businesses, getting to our children. There may be no ONE answer, but my family uses a managed internet security service for our home and business, just like the big dogs do. It includes Identity theft protection as well.
You can fight back. go to www.stayoutofmypc.com to learn how with INVISUSDirect.

1 - 10 of 48

48 comments