Proofpoint: Security, Compliance and the Cloud

October 26, 2009

UK's Guardian Newspaper Hit by Hackers: Half a Million Resumes (CVs) Leaked, Job-related Spear Phishing Predicted

As reported by The Register ("Guardian loses half a million CVs") and other outlets today, the online job site run by Britain's Guardian newspaper, had been hit by a "sophisticated and deliberate" attack in which attackers have stolen personal information on as many as 500,000 users.

In the past, this type of attack against other jobs sites (such as Monster.com) has been used to gather contact information from job seekers and then hit them with highly targeted phishing attacks (aka "spear phishing") including phony job offers and even job offers that ultimately ensnare the recipient in illicit activities including wire fraud. (See my recent post regarding the Washington Post's great expose on the operation of online job scams.)

I'd expect to see the same sort of thing in this case. All online job seekers—whatever sites they use—should be aware that having your resume posted online can put you at risk for being targeted by online job scams. But they can be fairly easily avoided by following common sense and simply being aware of how such scams work.

Proofpoint offers the following advice to consumers in order to avoid being victimized by online job, "secret shopper," wire fraud and similar scams—which are often initiated via an unsolicited email message:

  • Remember, first of all, that any offer presented to you that sounds too good to be true usually is—whether it's presented via email, phone or direct mail.
  • Simply do not respond to these sorts of solicitations. Especially do not click links presented in such emails (which may lead to fraudulent websites that attempt to install malicious software on your personal computer). Note that the latest job scam emails do not include links, asking job seekers to respond to a generic webmail account (like a gmail or Yahoo mail account).
  • Keep in mind that anyone can place an online ad, send you an email, or post a "lure" in otherwise legitimate online forums.
  • Never pay a company to hire you. If the employment process involves sending the employer money, it's almost definitely a scam.
  • Do not wire money (which is the same as sending cash) to individuals unknown to you or to firms that have supposedly hired you.
Posted by Keith R. Crosley at 11:58 AM

Technorati Tags: , , , , , , , , ,

Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a010535f33a5b970c0120a678852f970c

Listed below are links to weblogs that reference UK's Guardian Newspaper Hit by Hackers: Half a Million Resumes (CVs) Leaked, Job-related Spear Phishing Predicted:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Archives

Blog Search

Email Security Gateways, 2011

Magic Quadrant

Recent Posts

Blogroll

Tweets

Follow us @Proofpoint_Inc »

What people are saying right now about us.

©2012 Proofpoint, Inc.
threat protection: Proofpoint Enterprise Protection compliance: Proofpoint Enterprise Privacy governance: Proofpoint Enterprise Archive secure communication: Proofpoint Encryption