Smart Security Shop

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, 16 July 2008

Ever put your CV on a job site?

Posted on 02:25 by Unknown

McAfee Reports Recent phishing attempts have been targeting some popular social networking sites and jobs websites, such as facebook.com and monster.com. Due to the amount of personal and sensitive information which is saved there, they are very valuable to phishers. This data could be used to further target or spear phish individual victims by name and even work interests.

We have seen phishing attacks which targeted careerbuilder.com in the past. The latest target is another big recruitment site - monster.com. Just like typical financial phishing emails, the Monster phishing emails have subjects including imperatives like “Monster customer service: important notice” or “Monster customer service: please confirm your data!”

But please do not be fooled! These are not from Monster at all!!

monster.com phishing site

monster.com phishing site

The phishing domain would appear to be hosted on a new UK domain with dns leading to a bot in Turkey. We can see from this phishing site, the phisher is mainly targeting recruiters for their logins and passwords. This would enable them to access hundreds or even thousands of job seekers’ CVs which often contain a gold mine of sensitive data. Other elements of the recruiters account could be useful as well.

The level of personal data on a CV is pretty high, and in the wrong hands outright dangerous. Be vigilant against unsolicited emails!

Email ThisBlogThis!Share to XShare to Facebook
Posted in Phishing | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Registrations for OWASP Mumbai Meet [31st July 15:00hrs]
    Hi All, Everyone is welcome to join us at our next chapter meet to be held on Monday , 31 st of July. Registrations for the eve...
  • Free Web Proxy List
    A web proxy is becoming more and more important in todays internet. Schools and Companys tend to block sites pretty quickly nowadays, especi...
  • How do you use RSA for both authentication and secrecy?
    RSA is based upon public key/private key concept. For authentication one can encrypt the hash (MD5/SHA) of the data with a private key. This...
  • Does the code use MapPath?
    Review code for the use of MapPath. MapPath should be used to map the virtual path in the requested URL to a physical path on the server to ...
  • New Rogue Security Product: Smart Antivirus 2009
    Smart Antivirus 2009 is a new rogue security product and a near clone of AntiSpyware 2008 Smart Antivirus 2009 Home page Typical fake/Scare ...
  • Impersonation without Windows Authentication
    How to Impersonate the Original Caller without Windows Authentication When using non-windows authentication like Certificate Authentication ...
  • Firefox popups
    Firefox popups Like you, I love Firefox for many reasons, including popup blocking. So over the last few weeks I’ve been surprised to see oc...
  • Spam - It also impacts the environment
    McAfee has released The Carbon Footprint of Email Spam Report . The study looks at the global energy expended to create, store, view, and fi...
  • Botnet Attack Details from Kaspersky
    One of the good folks over at Kaspersky Lab, Yury Namestnikov, has written a great white paper about the worldwide botnet “industry.” The st...
  • Can Security be incorporated in the Computer Science & IT courses?
    Attacks on the web systems have become a common place and most of the issues have been attributed to software vulnerabilities. The IT softwa...

Categories

  • Account Lockout
  • Anti-XSS
  • Antivirus
  • Application Security
  • AppSec Conference
  • ASP.NET
  • Attacks
  • Authentication
  • Banks
  • Botnets
  • Break
  • Broadband
  • Browsers
  • Change Management
  • Citibank
  • Clear Text Secrets
  • Computer Performance
  • Computer Security
  • Credit Card
  • Cyber Security
  • Cyber Terrorism and Economy
  • Data Validation
  • Database Security
  • Defragmentation
  • Design
  • Developer Training
  • Development Tools
  • DSS
  • eCrime
  • Education
  • Encryption
  • Ettercap
  • Exchange 2007
  • facebook
  • Frauds
  • Google Hacking
  • Hacking
  • ICICI Bank
  • India Leaders
  • Internet
  • IRCTC
  • Java
  • Legal
  • Live Demo
  • Load Testing
  • Mail Security
  • Malware
  • Mastek
  • Message Security
  • Mobile Security
  • Money Laundering
  • News
  • one time password
  • Online
  • Oracle
  • OWASP
  • PC Errors
  • PCI
  • Performance Testing
  • Phishing
  • Popular Posts
  • Punishment
  • Requirement Engineering
  • Retail
  • Rouge
  • Routers
  • Rugged
  • Security
  • Security Industry
  • Security Management
  • Security Requirements
  • Security Tools
  • Sensitive Data
  • Sniffing
  • Social Networking
  • Software Industry
  • Solutions Community
  • Spams
  • SQL Injection
  • SSL
  • Sudhakar Ram
  • Summer of Code
  • SUN
  • Technology
  • Testing
  • Thick Client Security
  • Third Wave
  • Times of India
  • Typo Squatting
  • UI Security
  • University Programs
  • Virtual Keyboard
  • Virtualization
  • WCF 3.5
  • Web 2.0
  • Web Applications
  • Web Security
  • Web Services
  • WiFi
  • Windows
  • Workshops
  • X.509 Certificates
  • XSS

Blog Archive

  • ►  2011 (5)
    • ►  September (1)
    • ►  July (2)
    • ►  March (2)
  • ►  2010 (5)
    • ►  November (1)
    • ►  June (1)
    • ►  March (1)
    • ►  January (2)
  • ►  2009 (19)
    • ►  December (1)
    • ►  October (1)
    • ►  September (1)
    • ►  August (1)
    • ►  July (2)
    • ►  June (2)
    • ►  May (1)
    • ►  April (4)
    • ►  March (2)
    • ►  February (2)
    • ►  January (2)
  • ▼  2008 (29)
    • ►  December (7)
    • ►  November (2)
    • ►  September (3)
    • ►  August (1)
    • ▼  July (1)
      • Ever put your CV on a job site?
    • ►  June (1)
    • ►  May (2)
    • ►  April (3)
    • ►  March (2)
    • ►  February (3)
    • ►  January (4)
  • ►  2007 (29)
    • ►  December (2)
    • ►  November (3)
    • ►  October (11)
    • ►  September (5)
    • ►  August (2)
    • ►  July (1)
    • ►  June (1)
    • ►  April (1)
    • ►  March (1)
    • ►  February (1)
    • ►  January (1)
  • ►  2006 (36)
    • ►  December (1)
    • ►  November (3)
    • ►  October (6)
    • ►  September (3)
    • ►  August (4)
    • ►  July (3)
    • ►  June (1)
    • ►  May (5)
    • ►  April (2)
    • ►  March (4)
    • ►  February (1)
    • ►  January (3)
  • ►  2005 (20)
    • ►  December (6)
    • ►  November (14)
Powered by Blogger.

About Me

Unknown
View my complete profile