Some scammers have weaseled their way into Monster.com and are using email addresses gleaned from the site to run a phishing scam.
From the Boston Herald:
“What we’re talking about here is not a hack of Monster,” Manzo said. “These criminals have gotten access to customer login user names and passwords. They’ve probably gotten this directly from our customers.”
Symantec Corp. security analyst Amada Hidalgo uncovered the infiltration of Monster’s site and posted his findings on the California network security company’s Security Response blog on Friday.
What’s known as a Trojan horse in computing terms – a program that installs malicious software – accessed Monster.com and uploaded information from it to a remote computer server.
“Such a large database of highly personal information is a spammer’s dream,” Hidalgo said.
Phishing e-mail sent to the addresses taken from Monster.com bore the company’s logo and personal information about the recipients. The e-mails asked recipients to download a fake “Monster Job Seeker Tool,” which is actually a copy of a Trojan horse.
“This Trojan will encrypt files in the affected computer and leaves a text file requesting money to be paid to the attackers in order to decrypt the files,” Hidalgo said.
If you receive a request to download the “Monster Job Seeker Tool,” beware!