A recently disclosed fraud involving hundreds of thousands of people on the Monster.com jobs Web site reveals the perils of leaving detailed personal information online, security analysts say.
Before the scheme was uncovered last week by researchers at Symantec Corp, con artists had filched legitimate user names and passwords from recruiters who search for job candidates on Monster. Then, with access into the Monster system, the hackers grabbed resumes and used information on those documents to craft personalized "phishing" e-mails to job seekers.
"What phishers are trying to do these days is make them as realistic as possible, by adding specific information," said Patrick Martin, a Symantec product manager. "If they know you've submitted a resume to Monster, that makes it [seem] a little more legitimate."
If the recipients take the bait, they have spyware or other malicious programs secretly installed on their computers. But even if the phishing attempt isn't successful, the names, addresses and other details on the resumes can themselves be lucrative.
A server in Ukraine used in the scheme held 1.6 million entries. Because of duplications, Symantec said those files actually held personal information for "several hundred thousand" job seekers.
Another antivirus firm, Authentium Inc, said it parsed the same data and counted 1.2 million people.
Symantec said it relayed details to Monster.com so it could disable the compromised recruiter accounts. But the security company also advised Web users to limit their exposure to such frauds by reducing the amount of personal information they post on the Internet.
That advice was echoed in other corners. Ron O'Brien, senior security analyst for Sophos PLC, suggested that job seekers provide only minimal details about themselves on job sites, and then reveal deeper information only for queries that prove to be legitimate.
The same standards should apply on social networking sites such as Facebook that ask for a wealth of information, O'Brien said.
"With very little effort, I could put together a profile of you that includes such information as your home address, your home phone number, your e-mail address, your birthday," O'Brien said. "We need to kind of take a step back and decide whether it's really required for us to provide all the information requested of us ... We have become a nation of people who want to be cooperative."
Monster Worldwide Inc, the New York-based parent company of the jobs site, advises its members to be extremely cautious about e-mails purporting to be from recruiters -- advice that goes for all unsolicited messages.
To spot phishing attempts, look for misspellings or grammatical mistakes in the messages. Even if an e-mail passes that smell test, don't click on links in the e-mail or fill out forms asking for information. And if the message offers a deal that is too good to be true -- such as easy money -- it probably is.
ROLLER-COASTER RIDE: More than five earthquakes ranging from magnitude 4.4 to 5.5 on the Richter scale shook eastern Taiwan in rapid succession yesterday afternoon Back-to-back weather fronts are forecast to hit Taiwan this week, resulting in rain across the nation in the coming days, the Central Weather Administration said yesterday, as it also warned residents in mountainous regions to be wary of landslides and rockfalls. As the first front approached, sporadic rainfall began in central and northern parts of Taiwan yesterday, the agency said, adding that rain is forecast to intensify in those regions today, while brief showers would also affect other parts of the nation. A second weather system is forecast to arrive on Thursday, bringing additional rain to the whole nation until Sunday, it
CONDITIONAL: The PRC imposes secret requirements that the funding it provides cannot be spent in states with diplomatic relations with Taiwan, Emma Reilly said China has been bribing UN officials to obtain “special benefits” and to block funding from countries that have diplomatic ties with Taiwan, a former UN employee told the British House of Commons on Tuesday. At a House of Commons Foreign Affairs Committee hearing into “international relations within the multilateral system,” former Office of the UN High Commissioner for Human Rights (OHCHR) employee Emma Reilly said in a written statement that “Beijing paid bribes to the two successive Presidents of the [UN] General Assembly” during the two-year negotiation of the Sustainable Development Goals. Another way China exercises influence within the UN Secretariat is
LANDSLIDES POSSIBLE: The agency advised the public to avoid visiting mountainous regions due to more expected aftershocks and rainfall from a series of weather fronts A series of earthquakes over the past few days were likely aftershocks of the April 3 earthquake in Hualien County, with further aftershocks to be expected for up to a year, the Central Weather Administration (CWA) said yesterday. Based on the nation’s experience after the quake on Sept. 21, 1999, more aftershocks are possible over the next six months to a year, the agency said. A total of 103 earthquakes of magnitude 4 on the local magnitude scale or higher hit Hualien County from 5:08pm on Monday to 10:27am yesterday, with 27 of them exceeding magnitude 5. They included two, of magnitude
Taiwan’s first drag queen to compete on the internationally acclaimed RuPaul’s Drag Race, Nymphia Wind (妮妃雅), was on Friday crowned the “Next Drag Superstar.” Dressed in a sparkling banana dress, Nymphia Wind swept onto the stage for the final, and stole the show. “Taiwan this is for you,” she said right after show host RuPaul announced her as the winner. “To those who feel like they don’t belong, just remember to live fearlessly and to live their truth,” she said on stage. One of the frontrunners for the past 15 episodes, the 28-year-old breezed through to the final after weeks of showcasing her unique