Monster Hack update

It is Fraud not a computer virus or deeply placed rootkit on a trusted system.

Fraudster got credentials to query the database like a regular recruiters do.

A recently disclosed fraud involving hundreds of thousands of people on the Monster.com jobs Web site reveals the perils of leaving detailed personal information online, security Relevant Products/Services analysts say.

Before the scheme was uncovered last week by researchers at Symantec Corp., con artists had filched legitimate user names and passwords from recruiters who search for job candidates on Monster. Then with access into the Monster system, the hackers grabbed resumes and used information on those documents to craft personalized "phishing Relevant Products/Services" e-mails to job seekers.

"What phishers are trying to do these days is make them as realistic as possible, by adding specific information," said Patrick Martin, a Symantec product manager. "If they know you've submitted a resume to Monster, that makes it (seem) a little more legitimate."

source:
http://www.enterprise-security-today.com/story.xhtml?story_id=54834

Now playing: London Symphony Orchestra - Mars, The Bringer Of War

Trackbacks

Trackback URL for this entry is: http://blog.case.edu/lou.changeri/mt-tb.cgi/15063

Comments

Post a comment





If you have entered an email address in the box, clicking this checkbox will subscribe your email address to this entry so that you are notified if any updates or additional comments occur on the entry.