The scam was first reported by researchers at computer security firm Symantec Inc. The company discovered a new “Trojan horse” program infecting hundreds of computers on the Internet. Machines infected with the program would log on to Monster, using legitimate passwords belonging to companies that use Monster to hire new workers. Investigators don’t yet know how the data thieves obtained those passwords. But the Trojan program would use them to collect personal data from resumes at the site, and forward the data to a computer in Russia belonging to a Ukrainian firm.
Most of the stolen data – names, addresses, phone numbers – was easily available elsewhere and posed little risk. But the e-mail addresses were valuable to phishers because the addresses gave them a mailing list of Monster subscribers. They could use the list to launch precise spear-phishing attacks with a likelihood of success.
“The phisher will look for any affinity between an institution or situation and a human being,” said Peter Cassidy, secretary-general of the Anti-Phishing Working Group in Cambridge. “They’ll find any relationship and mine it.”