NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0089 Resumes on CareerBuilder.com targets of phishers:

Attackers are launching targeted phishing scams from the job-related site CareerBuilder.com, according to one network manager who says his engineering firm recently had to combat phishing techniques that use the lure of phony online resumes. The manager of network services at a midwest engineering firm that he requested remain unidentified, says his firm routinely posts job openings on CareerBuilder.com. Recently he had seen evidence that the online recruitment process is being exploited for phishing attacks. This is typically done by an attacker who sends emails to managers seeking job applicants, asking them in a cover letter to visit a web site to view a resume provided via a web link. If a manager clicks on the link, the web site then tries to execute a backdoor Trojan to compromise the machine. He says his department has been blocking these phishing web sites through web filtering as they are discovered and has started raising awareness about the potential problem among corporate managers. He also said he isn't aware of similar situations arising from use of other job-related sites, such as Monster.com. He said the importance of recruiting via online job sites means that his engineering firm is unlikely to change the way it locates job candidates through online processes, but greater caution in preventing phishing attacks is clearly in order.

(Network World 13MAR07)

Last Modified: Sunday, 18-Mar-2007 23:16:09 EST