The increase in attacks targeting job hunters calls for more security measures for both of job recruitment sites owners and job seekers alike, especially on the disclosure and access of information being posted by job seekers.
A service involving a tool that scours through popular US job recruitment sites to harvest jobseekers’ information right from their curriculum vitas (CV) is currently being offered by the Russian gang, Phreak, TheRegister reports.
The tool uses a predefined recruiter ID which it uses to sift through job recruitment sites like the following:
- Ajcjobs.com
- AOL Jobs
- Careerbuilder.com
- Careermag.com
- Computerjobs.com
- Hotjobs.com
- Jobcontrolcenter.com
- Jobvertise.com
- Militaryhire.com
- Monster.com
Acquired data from CVs are then returned as a Web form to the users of the tool, displaying information such as names, home addresses, and email addresses. Phreak reportedly charges $600 for the data, which will most likely be used for targeted phishing attacks.
Job hunters are well becoming frequent targets by malware authors, with popular job recruitment site Monster.com being defaced and also being frequently used for phishing attacks. More recently, a spam posed as a CareerBuilder job offer to entice recipients on sending their CVs to a certain email address.
Threat Analyst Jasper Pimentel advises job seekers to limit the information on curriculum vitas to the necessary information only. It would also be helpful to setup a separate throw away email account for situations as such, where email addresses may be disclosed publicly.
