Hi Tabatha,

I got a note from Monster yesterday purporting to alert me to phishing scams and showing five examples to click on.  I was suspicious, but the IP address matched Monster, and Monster.com does have an email phishing page with those same examples.

Now, I got this in my work email account.  It seems that Monster was alerting their global user base to this problem without disclosing that they were hacked.  This could be related to the post you already made regarding Monster.  Regards, [Confidential].

----------------------------

From: [removed for privacy]
Sent: Friday, August 31, 2007 9:29 AM
Subject: USAJOBS Website Hacked

The USAJOBS web site has recently been hacked.  Monster.com is the service provider for the USAJOBS web site and hackers broke in stealing over 146,000 resumes.  Of greatest concern is the fear that the hackers will use the information in the resumes to generate authentic appearing emails to PHISH your identity.  [We] want to be sure that everyone knows of the event and that regardless of how official the contact seems, USAJOBS will never send you an unsolicited email asking you to provide information concerning your identity.  Please remember that no legitimate organization will ever contact you and ask you to provide information concerning your identity unless it is in response to your first contacting them.  I am enclosing a copy of the email USAJOBS is sending to folks with resumes online. 

Subject: USAJOBS Security Notice

8/30/2007

Dear USAJOBS User,

Recently, malicious software, known as Infostealer.Monstres, was used to gain unauthorized access to the Monster.com resume database to steal the contact information of job seekers. Monster Worldwide is the technology provider for the USAJOBS website and regrettably, some of the contact information captured came from USAJOBS job seekers.  

The information captured included name, address, telephone number, and email address. Monster Worldwide has assured the U.S. Office of Personnel Management that Social Security Numbers were NOT compromised because of IT security shields USAJOBS has in place. 

Access to the data was obtained through the use of a private sector Monster customer's computer using legitimate employer credentials. OPM is working closely with Monster to quickly protect the USAJOBS data. Monster Worldwide already has identified and shut down a rogue server that was accessing and collecting the job seeker contact information. Further safeguards are being put into place.

We ask you to remain alert for counterfeit "phishing" emails that may appear to come from Monster.com asking you to click on a link. USAJOBS will NEVER request personal information via unsolicited email (i.e. not a response to an email sent by you). Monster has also assured us THEY will NEVER ask any site users to download any software, "tool" or "access agreement."

Please also be on the alert for fraudulent email that advertises positions managing financial transactions, or cashing checks. These emails are attempting to engage job seekers in a money laundering or bad check scam.

If you receive a suspicious email regarding your USAJOBS search, email it, with the full "header" information intact, to us at: This e-mail address is being protected from spam bots, you need JavaScript enabled to view it .

Instructions on obtaining header information can be found at: http://www.spamcop.com/help_with_headers/

Sincerely,

Steve Connelly
Program Director, USAJOBS

USAJOBS respects your online time and privacy. This is a service-related email to notify you of important account information.

Questions? Email us directly by visiting http://www.usajobs.gov/jsfeedback.asp. Please do not reply to this email.

To read the USAJOBS Privacy Commitment, visit http://www.usajobs.gov/privacy.asp 

See also:

• Warning to job seekers: Monster got hacked
• Monster members - did you get your letter too?

Related Items:

• About
• Eight hundred Monsters have been set free!
• Fraudwatchers.org
• Fun with stats - my top 5 page hits...
• Goodbye, Goodman Evans

---

Tag it:

Comments (2)

	1. 12-09-2007 16:42
	Monster lied in June Monster lied to you in June 2007!    After reading in the news that Monster had taken steps to tighten security of job seekers information after getting hacked into twice, I finally decided to register with them to find a job.  This is early September '07 and less than a week after I posted my resume I received an email forwarded anonymously by Monster from SixQ Executive Search!  Is there ANY safe place to job search?  Name Withheld Report

Pam

	2. 12-09-2007 22:40
	Monster lied in June I'm sorry to hear this! I'm pretty pissed at GoDaddy about this right now too because they've had plenty of time and more than enough evidence to shut SixQ down.     On a positive note, I recommend searching at www.indeed.com. It's just a search engine, Google-like, and shows you jobs like a job board. You don't need to register and you can find out who's hiring and go to their websites directly.    I haven't tried looking for "work at home" or telecommute positions there though...could be a good test to see how much junk indeed.com picks up. I probably shouldn't give them too much credit until we find that out, huh? http://www.tabathamarshall.com Report

Tabatha Marshall

Write a comment

Name:
Homepage
Title:
BBCode:
Comment:
Code:*
	I wish to be contacted by email regarding additional comments
	MathGuard security question, please solve: NFI 9DF B 1 I K 8U2 2 QYP 4 W J U P C N5J C PIO

powered by AkoComment Tweaked