| Page 2 of 2 < |
Taking the Bait On a Phish Scam
|
TOOLBOX
   Resize
COMMENT
 Discussion Policy
 CLOSE
Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.
Who's Blogging  |
"Sometimes these phishing attacks look innocent because you're not giving up what you consider huge personal information. But it might be the final piece of the puzzle of the information they have on you," Wilbur said.
Job search sites offer identity thieves a rich source of personal information and a pool of potential victims willing to divulge even more in hopes of landing employment. Since 2004, some of the largest online job search firms, such as Monster and CareerBuilder, have taken more precautions against criminals looking to collect personal information from their users.
Privacy experts say the job sites could do more to weed out fraudulent ads. "People, when looking for work, are at their most vulnerable. Job sites owe it to consumers to take that extra step to make sure these scams don't slip through the net," said Pam Dixon, executive director of the World Privacy Forum, a nonprofit research and consumer group.
Spokespeople for Monster, CareerBuilder, and Yahoo said they include warnings about fraud on their sites, screen employment listings and employer Web sites and monitor job postings daily.
CareerBuilder removed job ads by USA Voice eight months ago, said spokeswoman Jennifer Sullivan. Monster removed ads by USA Voice and Instant Human Resources in December and ads by Internet Solutions last week, said spokeswoman Danielle Perry. Yahoo removed ads from Internet Solutions last week.
Privacy experts and security officials at the job sites agreed that the three Web sites in question are "particularly clever" and "very slick." Internet Solutions, for example, requires users to create a password. Dixon said this was probably a ploy to collect access codes for online bank and e-commerce accounts. Most people use the same password for everything, security experts said, and criminals know that.
USA Voice's victims were persuaded to harvest personal information from others. After posting her résumé on CareerBuilder, Emma Ward of Collegeville, Pa., was contacted by e-mail by USA Voice. The 24-year-old was told she qualified to be an editor and was responsible for recruiting her own writers. She just had to collect and send their e-mail addresses to the company. The writers, in turn, would be paid by the number of hits their stories received, giving them incentive to direct more people to the USA Voice site.
Ward never got around to recruiting anyone. She stopped hearing from USA Voice and started receiving spam.
Job seekers got offers, but not for legitimate employment. Instant Human Resources told Michael Coleman of Bronxville, N.Y., after seeing his résumé on Monster or CareerBuilder, that he could be the U.S. representative for an overseas firm. The 34-year-old Web project manager signed onto the Instant Human Resources' Web site, which required him to enter his name, address, phone number, and Social Security number and create a password.
Coleman followed the instructions but entered a fake Social Security number. The job, he said, "didn't sound right." He didn't pursue it any further after online research confirmed his suspicions: The position sounded like a scam involving cashing old money orders.
"For anyone looking for a job, it's a tough economy," Coleman said. "You don't want to go to a site and see some scam."
