Friday, August 24, 2007

Internet criminals stealing information from job sites isn't anything new!

The recent reports about 1.3 million Monster users having their information stolen from the job site has become somewhat of a major news story. While this seems shocking, the truth is that job sites have been targeted for the information they contain, or to recruit people to commit crimes (sometimes unknowingly) for quite awhile now.

Jim Finkle at Retuers (courtesy of the Washington Post) recently covered this story:

Monster.com waited five days to tell its users about a security breach that resulted in the theft of confidential information from some 1.3 million job seekers, a company executive told Reuters on Thursday.

Hackers broke into the U.S. online recruitment site's password-protected resume library using credentials that Monster Worldwide Inc said were stolen from its clients, in one of the biggest Internet security breaches in recent memory.

They launched the attack using two servers at a Web-hosting company in Ukraine and a group of personal computers that the hackers controlled after infecting them with a malicious software program known as Infostealer.Monstres, said Patrick Manzo, vice president of compliance and fraud prevention for Monster, in a phone interview.
Symantec -- who broke the story has published some of the examples of the fake job offers being sent to people -- posting their resumes on Monster, here.

People can protect themselves by being aware of the social engineering aspects of these scams. The job offers are always too good to be true and normally don't make very much sense.

Most of them are ploys to either cash bogus financial instruments, or launder the proceeds of Internet crime. Another red flag is that the employee is solicited to wire money, normally across a International border.

The employee (victim) then ends up financially liable, and in some instances, can even end up facing criminal charges. In most areas, cashing bogus financial instruments and money laundering is considered a crime.

The scammers, who offer these jobs intend to get someone else to take all the risk for them, while they reap most of the financial rewards.

Monster isn't the only place, where this happens. The risk is there on just about any of the Internet job sites, including Craigslist.

If you use these sites, it's a good idea to verify, who you are talking to before accepting a job offer.

The Privacy Rights Clearinghouse has an excellent page about job scams on their website, here.

Because these fake employers gather their victims's personal and financial information, they are likely to become an identity theft victim, also.

The page on the Privacy Right Clearinghouse site gives good advice on how to deal with this, also.

The good news is these scams are pretty easy to spot and a little awareness can prevent them from happening altogether.

Reuters story (courtesy of the Washington Post), here.

No comments: