Porn News

Thieves Sreal data from Monster.com, then aim for users’ bank accounts

WWW- Hundreds of thousands of job seekers are at risk of being ripped off through a sophisticated scheme concocted by Internet criminals who have penetrated the resume database at Monster.com, one of the nation’s largest recruitment websites.

Using e-mail addresses, phone numbers and other personal information harvested from the job-hunting site, the crooks are posing as potential employers or as Monster.com itself in a bid to hustle the victims’ bank account numbers and passwords.

The scheme came to light this week after a major computer security firm, Symantec Corp., reported on its website that it had found a hoard of 1.6 million personal records stolen from Monster.com on a computer in Ukraine.

By Wednesday, Monster.com had posted a warning on its online “security center” that scam artists were sending bogus job offers to its users in an effort to get their bank information.

“We’re certainly going to try to notify all of our customers,” Monster.com Vice President Patrick Manzo said, who added that Monster hadn’t contacted law enforcement. No arrests have been made and are rare in online break-ins originating overseas.

The security breach is notable because of its complexity and its large size. Average computer users have grown accustomed to ignoring fraudulent come-ons for their bank information that purport to be from the likes of PayPal or CitiBank. But the Monster.com scheme is more convincing because the e-mails sent by the scam artists include personal information about victims’ lives such as their cellphone numbers and street addresses.

“They are just trying to make it more legitimate by adding some secret information that they’ve stolen,” said Patrick Martin, a senior product manager at Symantec. “We haven’t seen too many like this.”

Martin said the job pitches sent by scam artists were especially effective because Monster.com users were hoping to hear from strangers.

In interviews, Monster.com executives did not dispute Symantec’s analysis of the multi-stage fraud operation.

Neither Symantec nor Monster.com would release the names of any victims, though Symantec estimated that the cache of records covered several hundred thousand people.

The criminal ring obtained passwords used by employers to scan Monster when looking to fill positions. Those passwords led them to records that included names, e-mail addresses and phone numbers of prospective employees.

At least three types of follow-up e-mails were sent to the job seekers, according to researchers at Symantec. One of the e-mails purports to come from an employer looking to fill a job facilitating money transfers and asks applicants to supply their own bank account information. Symantec said accounts would almost certainly be drained.

Two other e-mails appear to come from Monster.com itself and ask recipients to download an automated Monster Job Seeker Tool. Clicking on that link can download a program known as a keylogger into a victim’s computer, giving the con artists access to financial account numbers and passwords. It can also download what’s known as ransomware — a program that encrypts the user’s files and allows renewed access only for a fee.

Users of Monster.com can fill out electronic forms provided by the site or post completed resumes. Using the second method, some job seekers can include Social Security numbers, although Monster.com recommends against doing so. Manzo said it was possible that some of those crucial identifiers had been spirited away by the Internet thieves.

The initial attack echoes the debacle exposed two years ago at ChoicePoint Inc., the massive data broker spun off from one of the major credit bureaus. In that case, a Nigerian crook used a phony business to get information on 145,000 people, some of whom became victims of identity theft. Monster.com, likewise, missed the abuse of its system, perhaps in part because the site requires only a user name and password to log in. Manzo said Monster.com would soon demand more authentication from corporate users.

The follow-on scams aimed at individuals, on the other hand, exemplify a trend toward sophistication that has also targeted users of smaller websites and even employees of a single company. A number of cases investigated by Secure Computing Corp. of San Jose, a tech security firm, are similar to the Monster.com scam, if smaller.

In those incidents, online retailers, including some specializing in electronic goods, had their customer databases breached over the Internet, said Dmitri Alperovitch, principal research scientist at Secure Computing.

Instead of simply maxing out the customers’ credit cards, he said, the crooks posed as the online retailers and were able to swindle the victims more than once.

In another technique, scam artists target only one company at a time. That makes it easier for them to pose as a colleague or customer and lets them dodge corporate filters that weed out malicious programs that have been widely deployed and discovered by security firms.

Some of those e-mails duped hundreds of senior executives at big companies this summer into installing keyloggers disguised as consumer complaints forwarded by the Better Business Bureau. The con artists picked managers with the authority to handle such complaints, who were also likely to have useful information on their computers, according to researchers at SecureWorks Inc.

Although multiple malicious programs are in use against Monster.com and its clients, Symantec said they all appeared to be written by the same band of thieves.

That isn’t always the case, Alperovitch said. For years, groups have been buying and selling hundreds of thousands of credit card numbers at a time on underground websites.

Now, whole databases can change hands — a given company’s list of customer names and their addresses, for example.

“Because of all the information these criminals have been able to collect over time, with Google searches, blogs and other systems, they’re essentially able to reproduce their own versions of ChoicePoint,” Alperovitch said. “You can create a database for a particular name from stolen and public sources and use that information for targeted attacks.”

234 Views

Related Posts

Taboo Entertainment, StripPOV Announce 2024 Taboo Award Winners

Feb 12, 2025 4:44 PM PSTLAS VEGAS — Taboo Entertainment and StripPOV have announced the Taboo Award Winners for 2024."The highest honor of the Taboo Awards goes to none other than Luna Legend — the embodiment of seduction, talent and…

TadpoleXStudio Drops New Hardcore DVD, VOD Releases

Pro-am studio TadpoleXStudio has released two new titles, "Porn Convention: Gangbangs and Orgies Vol. 1" and "Tad Pole Fucks Pretty Babes! Vol. 4," now available on DVD and VOD.

Ray Ray’s Content Now Available on DVD From Pulse Distribution

Adult star Ray Ray has made her content available on DVD, after securing a deal with adult distributor Pulse Distribution.

SayUncle Names Giovanni as February’s ‘AllStar’

Feb 11, 2025 5:06 PM PSTLOS ANGELES — SayUncle Network has named Giovanni as its February AllStar, spotlighting him with Benji Jagger in "Giovanni’s Valentine Dick Down Debut." Jagger plays "a reserved young man looking to boost his confidence before…

Francesca Le, Mark Wood Debut ‘The LeWood Anal Hazing Crew 9’

Married AVN Hall-Of-Fame members Francesca Le and Mark Wood have released the fetish-themed "The LeWood Anal Hazing Crew #9," available now on VOD and DVD from Evil Angel.

Leave a Reply

Your email address will not be published.