Saturday, August 25, 2007

Monster.com might be sending you a letter that your information was compromised


Photo courtesy of shane_allen at Flickr

If you posted your information for a job on Monster.com, you might be getting a letter notifying you that your personal details have been compromised:

Joseph Menn, Los Angeles Times is reporting:

Monster.com said Thursday that 1.3 million users had personal information stolen by criminals who hacked into the job-placement website. The company said it would warn each of the victims by mail.

Monster parent Monster Worldwide Inc. said it identified the victims after analyzing the data found this week by computer security firm Symantec Corp., which had estimated that hundreds of thousands of people were at risk.


In this latest data breach, it is being reported that only names, addresses and e-mail addresses were stolen. This information will likely be used to lure potential job candidates into what are known as job scams.

In a job scam, a person is recruited into cashing bogus financial instruments, or laundering the proceeds of Internet crime. In most instances, these bogus employers will request a lot of personal and financial information (supposedly to vet the new employee)and this is probably where someone would put themselves at a real risk of becoming an identity theft victim.

The LA Times article also stated:

Also Thursday, some Monster users said they had received such e-mails as far back as February.

Since job scams are nothing new and Monster isn't the only site, where scammers gather information to lure people into doing their dirty work, it's very possible that the current data breach has nothing to do with the e-mails going as far back as February.

I've seen these types of e-mails going back a lot further that February.

Here is a previous post, I did with an emphasis on the social engineering aspects of job scams:

Internet criminals stealing information from job sites isn't anything new!

LA Times article, here.

2 comments:

Anonymous said...

hi

today i got mail like this -

from: Monster [emea-id-904258948i@monster.com]
subject: IMPORTANT INFORMATION: YOUR Monster ACCOUNT
-----------------------------------
Dear Monster (Jobs & Careers) member,

Monster Technical Department requests you to complete Online Employer Form.

This procedure is obligatory for all clients of Monster.

Please select the hyperlink and visit the address listed to access Online Employer Form.


http://hiring-id42026.monster.com/membersdir/employer_form/mydata.aspx

These instructions are to be sent to all Monster members.

-----------------------------------------

© Monster - All Rights Reserved

0x356 rev, STF, media, K572, close


IS IT fraud or ?

Ed Dickson said...

Tried to take a look at the link to see exactly what information was being asked for, but it is down.

Probably was a takeover, which has been reported and shut down.

My guess is that given all the recent publicity Monster would not be requesting person details via email.

Therefore my best guess is that - Yes it is more than likely fraud.