Monster.com job database comes under attack by phishers
MASSACHUSETTS - Monster.com, one of the world's largest internet recruitment agencies, has been targeted by cybercriminals in a large-scale phishing scam. Using personal information from the Monster.com client database, the hackers posed as potential employers or Monster.com employees to contact clients in a bid to extract their bank account details and passwords.
Details of the breach were discovered only after computer security firm Symantec reported on its website that it had found a new kind of trojan, called Infostealer.Monstres, which had gathered a hoard of 1.6 million personal records stolen from Monster.com and had uploaded them to a remote server on a computer in Ukraine. The trojan only attacked the "Monster for Employers" site, the section used by recruiters and human resources personnel to search for potential candidates, which was probably accessed using the stolen credentials of a Monster.com employee.
On discovery of the attack, Symantec informed Monster.com, which disabled the affected accounts and posted a warning on its online security centre that clients were being sent fraudulent job offers in an attempt to gain access to their financial information. Monster.com has not reported the crime to police and no arrests have been made.
The threat is not yet over for Monster.com as the personal data stored in the database - from potentially several hundred thousand, mainly US-based, people - could also be used to steal personal identities and perpetrate financial fraud. The personal details and the Monster.com name made the phishing scam appeared more genuine than those most online consumers have become used to. The victims were also expecting to be contacted by strangers with job offers as a result of signing up with the recruitment site.
In a statement, the data vaulting and security specialist Cyber-Ark said the data leakage could have been avoided if the site had maintained its database in a secure and encrypted format. Calum Macleod, European director for Cyber-Ark, said: "Modern encryption and digital vaulting techniques mean personal information uploaded to a website like Monster.com need only be decrypted when the database is interrogated. Using this approach means the data can be held securely on the web server and, even if hackers succeeded in downloading the files, the fact that they were encrypted would render the data unreadable - and therefore unusable."
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Regulation
Basel III endgame: overall relief hides winners and losers
G-Sibs gain from surcharge reform while AOCI hits regional banks
One thing missing from US Basel III proposal: a deadline
Without a deadline, risk teams will struggle to secure resources to begin implementation projects
In simplifying credit risk models, EBA could compound capital costs
Skipping hard yards of internal ratings-based approach might trip higher capital charges and implementation costs
Change fatigue could dim EBA’s credit risk simplicity drive
Revisions may be kept to a minimum as short-term implementation burden weighs on banks
Foreign banks can swerve US Basel op risk capital charges
New proposal offers category III and IV banks op-out from regime, but intragroup trades penalised
BoE’s Bailey expects global consensus on FRTB internal models
Isda AGM: UK is reviewing proposals from US and EU regulators before finalising its IMA rules
DRW chief slams ‘ridiculous’ OCC stablecoin rule
Isda AGM: Wilson warns week-long redemption freeze would deter use of Genius Act coins as cash leg of tokenised repo
Dealers push for more revisions to Basel III endgame
Isda AGM: Goldman, JP Morgan bankers want changes on cross-product netting, CVA and default risk charges
