A recently disclosed fraud involving hundreds of thousands of people on the Monster.com jobs website reveals the perils of leaving detailed personal information online, security analysts say. Before the scheme was uncovered last week by researchers at Symantec, con artists had filched legitimate user names and passwords from recruiters who search for job candidates on Monster. Then with access into the Monster system, the hackers grabbed resumes and used information on those documents to craft personalized “phishing” emails to job seekers. Symantec relayed details to Monster.com so it could disable the compromised recruiter accounts. But the security company also advised web users to limit their exposure to such frauds by reducing the amount of personal information they post on the internet.
On its website, Monster.com jobs advises its members to be extremely cautious about emails purporting to be from recruiters – advice that goes for all unsolicited messages.To spot phishing attempts, look for misspellings or grammatical mistakes in the messages. Even if an email passes that smell test, don’t click on links in the email or fill out forms asking for information. And if the message offers a deal that is too good to be true – such as easy money – it probably is.