CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 7th, 2008

Cyber Criminals Extract Personal Details From CVs Posted Onto Job Sites

Hackers have turned the harvesting of personal information from Monster.com and other large US jobsites into a profitable black market business. A Russian gang called Phreak has created an online tool that extracts personal details from CVs posted onto sites including Monster.com, AOL Jobs, Ajcjobs.com, Careerbuilder.com, Careermag.com, Computerjobs.com, Hotjobs.com, Jobcontrolcenter.com, Jobvertise.com and Militaryhire.com. As a result the personal information (names, email addresses, home addresses and current employers) on hundreds of thousands of jobseakers has been placed at risk, according to net security firm PrevX.

Phreak has begun selling its “identity harvesting services” to fraudsters, charging $600 for data that might be applied to targeted phishing attacks, ID fraud or other nefarious purposes. Would-be clients are able to contact the gang on ICQ. For a fee the gang will filter its database for entries that refer to a particular country or particular employer.

Jacques Erasmus, director of research at PrevX, explained that he came across adverts for the tool in an underground forum. The PHP-based utility uses built-in recruiter IDs to scan job sites and return results in a handy web form, he explained. The utility is quite sophisticated and attempts to make sense of the data format found in CVs, extracting only useful information. Phreak is selling its services to people running higher-end targeted spear phishing attacks.

PrevX said the latest attack is distinct from one carried out by a Trojan horse program last year. This time around the attack affects far more sites than Monster.com alone. Also the attack involves a harvesting engine, rather than the use of malware.

Job sites might be able to guard against the latest assault on user data by limiting the number of searches and by applying CAPTCHAs to distinguish between requests from an automated program and humans.

Share this item with others:

More on CyberInsecure:
  • Jobs.ie Hacked And Customers CV Data Stolen
  • PSS World Medical applicants affected by job boards breach
  • The Guardian Newspaper Loses 500,000 CVs
  • Video Game Publisher Eidos Interactive Servers Breached, Sensitive Data Stolen
  • Hacker Published Confidential Records Belonging To Six Million Chileans On The Internet

    • Posted in Data Theft, Phishing, Privacy | Print This Post Print This Post

    This entry was posted on Monday, July 7th, 2008 at 2:15 pm and is filed under Data Theft, Phishing, Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Cyber Criminals Extract Personal Details From CVs Posted Onto Job Sites

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »