Forum latest

For many, the pain has just begun!!
General
Written by Daniel   
Saturday, 25 August 2007 12:01
The Monster.com mess
How did so many job searchers become victim to identity thieves? Here’s what happened and what it all means

By Gregg Keizer, Info World
August 24, 2007
The last thing you need when you're unemployed is a bank account that's suddenly emptied. But that's exactly what some unwary users of employment search site Monster.com faced after identity thieves made off with the personal information of more than a million people looking for jobs.This still-developing story has enough nooks and crannies to confuse a gumshoe, but some facts are clear: Monster's resume database was looted, and the personal information taken was used to forge convincing messages that deposited password-stealing Trojans and ransomware on users' PCs.



Calculated and ambitious, the attack is striking for how it blended several elements -- stolen credentials of legitimate users, phishing e-mails, Trojan horses, money mules and more -- into a slick assault. Here's what we know so far.

Was Monster.com hacked? No, as Symantec said immediately. Instead, the attackers accessed the resume database with legitimate usernames and passwords, probably stolen from professional recruiters and human resource personnel who use the "Monster for employers" section of the site to look for job candidates. But it wasn't until Thursday that Monster.com admitted as much. "By gaining unauthorized access to employer accounts, the software was obtaining job seeker contact information," a new alert said.... More

Comment in the forum. 

 
Don't Click Here Don't Click Here Either