Proofpoint: Email Security Blog

« Email Horror Stories... Just in Time for Halloween | Main | Blended Threat Sighting: "FDIC has Officially Named Your Bank a Failed Bank" / "You Need to Check Your Bank Deposit Insurance Coverage" / "FDIC Alert" Malware Emails »

October 26, 2009

UK's Guardian Newspaper Hit by Hackers: Half a Million Resumes (CVs) Leaked, Job-related Spear Phishing Predicted

As reported by The Register ("Guardian loses half a million CVs") and other outlets today, the online job site run by Britain's Guardian newspaper, had been hit by a "sophisticated and deliberate" attack in which attackers have stolen personal information on as many as 500,000 users.

In the past, this type of attack against other jobs sites (such as Monster.com) has been used to gather contact information from job seekers and then hit them with highly targeted phishing attacks (aka "spear phishing") including phony job offers and even job offers that ultimately ensnare the recipient in illicit activities including wire fraud. (See my recent post regarding the Washington Post's great expose on the operation of online job scams.)

I'd expect to see the same sort of thing in this case. All online job seekers—whatever sites they use—should be aware that having your resume posted online can put you at risk for being targeted by online job scams. But they can be fairly easily avoided by following common sense and simply being aware of how such scams work.

Proofpoint offers the following advice to consumers in order to avoid being victimized by online job, "secret shopper," wire fraud and similar scams—which are often initiated via an unsolicited email message:

  • Remember, first of all, that any offer presented to you that sounds too good to be true usually is—whether it's presented via email, phone or direct mail.
  • Simply do not respond to these sorts of solicitations. Especially do not click links presented in such emails (which may lead to fraudulent websites that attempt to install malicious software on your personal computer). Note that the latest job scam emails do not include links, asking job seekers to respond to a generic webmail account (like a gmail or Yahoo mail account).
  • Keep in mind that anyone can place an online ad, send you an email, or post a "lure" in otherwise legitimate online forums.
  • Never pay a company to hire you. If the employment process involves sending the employer money, it's almost definitely a scam.
  • Do not wire money (which is the same as sending cash) to individuals unknown to you or to firms that have supposedly hired you.
| More

Posted at 11:58 AM |

| More

Technorati Tags: , , , , , , , , ,

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a010535f33a5b970c0120a678852f970c

Listed below are links to weblogs that reference UK's Guardian Newspaper Hit by Hackers: Half a Million Resumes (CVs) Leaked, Job-related Spear Phishing Predicted:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Post a comment

If you have a TypeKey or TypePad account, please Sign In

 Subscribe

Follow us on Twitter @Proofpoint_Inc