Data Thieves Hit Monster.com

Security firm Symantec recently discovered that a Ukraine-based computer server contains some 1.6 million records stolen from the on-line job search site Monster.com. Symantec informed Monster about the discovery. The stolen records include names, email addresses, and phone numbers, but not Social Insurance Numbers or financial information.

Apparently, the records were stolen to harvest emails as part of an elaborate "phishing" scheme in which people who have posted resumes at Monster receive a phishing email that appears to have been sent by Monster. The fake Monster email advises the recipient to install a job-search program; recipients who install the program will actually be downloading a keylogger program or ransomware program. The former program records online banking passwords with the user's knowledge, while the latter places a virtual lock on important computer files, preventing them from being accessed unless the user pays a $150 ransom.