It’s another game of chance for Monster.com users: TrendLabs has just discovered a suspiciously-constructed URL that is possibly involved in a phishing attack against the said popular job-hunting site:

• http://{BLOCKED}-id874926.monster.com.kkkmode.cn/membersdir/employer_form/mydata.aspx

Initial analysis from Joey Costoya of the Trend Micro Incident Response Team (TMIRT), indicates that the said link was created using Rock Phish, a well-known phishing toolkit that makes it possible for relatively nontechnical people to create and carry out phishing attempts.

Below is a screenshot of the said phishing page:

It seems the attacks against Monster.com are not over yet. Readers may recall the malware targeting users of the said site in this post. Thus, users, especially those who have accounts at Monster.com, should exercise caution when clicking on links found in unsolicited email. Monster.com’s Security Center has also posted a notice about avoiding online fraud.