Monster.com Users Get Fake Offers And Request

Network News

X Profile
View More Activity
By Rochelle Garner
Bloomberg News
Thursday, August 23, 2007

Job hunters using Monster.com, the employment Web site owned by Monster Worldwide, received fake job offers by e-mail that asks for their Bank of America account information.

The e-mail contains personal information collected when hackers tricked Monster.com customers into downloading a virus in a fake job-seeking tool, according to researchers at Symantec, the world's biggest maker of security software.

Victims of the scam are offered a position as "transfer manager" at an unnamed investment company, Symantec said on its Web site. The role has one unusual requirement: Job seekers must be Bank of America customers and must supply account details. The e-mail contains users' names in a ploy to make the offer seem legitimate.

"They're going after people they know are looking for jobs," said Patrick Martin, a senior product manager for Symantec Security Response. "That gives them the hook they need to tempt people into giving their bank accounts."

Monster Worldwide said it shut down a "rogue" server that was retrieving job seekers' information through unauthorized access of customers' accounts and placed a security alert on the Monster.com Web site, according to a company statement.

Customers got the virus by following a link in a fraudulent e-mail, Symantec said. The company found 1.6 million files, including duplicate records, of Monster.com customer information stored on a hacker's server.

"The people who have those records can sell them" to others who want to send spam e-mails, Martin said in an interview. "They will just change the name of the banks and the job offer, but the underlying technique will be the same."


© 2007 The Washington Post Company

Network News

X My Profile
View More Activity