Job hunters blackmailed in Monster.com hack

Monster, the world's largest recruitment website, was left reeling this week when thousands of jobseekers were targeted in a sophisticated phishing blackmail scam.

American users who had registered with the site received e-mails last week inviting them to download a Job Seeker Tool from Monster. What they got was a Trojan horse virus that encrypted their files and a message from a group called Glamorous Team demanding a $300 ransom to decrypt their files.

Coverage in the UK newspaper, The Guardian, recounted the experiences of several people who were affected by the attack. One of the reasons it proved so effective was that it presented a plausible scenario from a site that would have been known and trusted by its users. What is almost as worrying as the blackmail technique is how the criminals were able to crack the Monster database to get hold of the users' e-mail addresses.

According to Symantec, which identified a Trojan virus called Infostealer.Monstres on August 16th, the attack started by accessing employer sections of Monster.com and uploaded details on several hundred thousand people to the remote website.

The second part of the attack spammed the e-mails harvested with an executable file Trojan.Gpcoder.E, which was carried as an attachment with an icon designed to look like the Monster.com logo.

When researchers from the UK security company Prevx reverse-engineered the encryption virus and used victims' details to log into the website where data was being held hostage, they were able to download personal information on several people and decrypt personal data such as system passwords and PayPal account details.

According to Prevx, the attack targeted Monster.com users in America and appropriated data from around 1,000 PCs.

By John Stokdyk, for our sister site, AccountingWEB.co.uk

You may like these other stories...

Whenever I speak to accountants about creating a cloud practice, the most common question is, “How do I charge my clients?” Ten years ago, maybe even five years ago, if I would’ve posed this question...
While reputational risk is the No. 1 nonfinancial concern among corporate directors, cybersecurity/IT risk is gaining steam. In fact, both private companies and organizations with more than $1 billion in revenue felt they...
Accountants who specialize in forensic and valuation services point to electronic data analysis, or big data, as the most pressing issue they’ll face in the coming months, according to results of a new survey released...

Upcoming CPE Webinars

Jul 31
In this session Excel expert David Ringstrom helps beginners get up to speed in Microsoft Excel. However, even experienced Excel users will learn some new tricks, particularly when David discusses under-utilized aspects of Excel.
Aug 5
This webcast will focus on accounting and disclosure policies for various types of consolidations and business combinations.
Aug 20
In this session we'll review best practices for how to generate interest in your firm’s services.
Aug 21
Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.