Résumés are bait for ‘phishing’ scams

By Steph Mostaccio

Technology, as helpful as it is, has its disadvantages, as Monster Inc., the online career networking company, recently learned.

According to an e-mail sent to its users in September, the corporation was the victim of online fraud.

“The Monster résumé database was recently the target of malicious activity that involved the illegal downloading of information such as names, addresses, phone numbers and e-mail addresses for some of our job seekers with résumés posted on Monster sites including MonsterTRAK,” Sal Iannuzzi, chairman and CEO of Monster Worldwide, said in the e-mail.

A Rider student was scammed Oct. 29 after she put her résumé on an online job-posting site, according to Public Safety. A fake company claimed to be interested in her and provided a name and address. However, because of her alertness she did not follow through with the request and her identity was not compromised. Lawrence Township Police also took note of the fraudulent post.

However, John LeMasney, manager of OIT-Instructional Technology, said there is no evidence that students were victims of the Monster scams in September at Rider, which offers the college division of Monster called MonsterTRAK.

Yet that could be because not many people know when they are being scammed.

In his statement, Iannuzzi attributes the breach in security to “phishing” e-mails, which is a term that many Internet users are not familiar with, according to LeMasney.

“I would say that for every person who knows what phishing is, there are 10, 20 or 40 who don’t,” he said.

Monster has dubbed the malicious phishing software Infostealer.Monstres.

According to LeMasney, phishing e-mails appear to be from a legitimate source, such as a company like Monster, but are not. He said the messages often use the exact same header, graphics, language and “legitimate” purpose in their content. The difference would be in the link, which does not take individuals to the valid company sites.

“Instead of sending you to the right place online, it sends you to their place online,” he said. “You might not notice if you’re not paying attention that it’s sending you somewhere besides eBay, besides Monster, besides rider.edu.”

Inside the e-mail, the scammer would ask for confirmation of a username or password for a specific site, as well as a Social Security number in order to continue. Once this information is submitted, the site will stop functioning.

“The thing is: they got your information,” LeMasney said. “What do they need to have on the site?”

It could be very dangerous for someone when scammers acquire personal information for their own benefit, according to LeMasney.

“If somebody has your address, your first name, your last name [and] your Social Security number, they pretty much have carte blanche to use your identity without asking,” he said.

Angela Brady, OIT instructional technologist, added that online scams could have severe consequences for the victims, such as problems buying a house or taking out loans.

“Basically, they’re ruining your life in seconds by one click,” she said.

Patrick Manzo, vice president of compliance and fraud prevention at Monster, noted in a company statement released in August that despite reports that the scam was an issue of identity theft, Monster was not aware of any specific cases as such.

In response to the phishing scam, Monster indicates on its Web site that it has conducted a comprehensive review of internal processes, secured the accounts of the customers whose login information had been stolen, and shut down a rogue server that was hosting these records. The site also indicates that Monster is in the process of implementing enhanced security measures.

Nancy Silvester, Career Services staff assistant and MonsterTRAK administrator, said the résumé database is safe for students to use.

“We’re still training everybody on it,” she said. “As far as I know there is no problem.”

She noted that students have several security options when posting a résumé. They could choose to put their résumé online for employers to access without including their address or decide not to allow anyone but themselves to see it until they apply for a job.

“Sometimes there are reasons why a person doesn’t want to have that personal information available,” Silvester said. “And if that’s their situation, all they have to do is just say, ‘Don’t put it out!’”

Silvester added that students’ private information for the account itself is not visible to anybody but them or the Career Services staff.

Still, both LeMasney and Brady believe it would be wise for Internet users to be more cautious about what information they reveal online and to whom they are revealing it.

According to them, there are several options for ensuring that personal information remains private online. These choices include: avoiding anything that looks suspicious, creating a junk e-mail account, clicking on the “enhanced security” preference in e-mail servers, and making sure that “https” is in the URL whenever entering information online, not “http.”

LeMasney said it is crucial for Internet users to be able to recognize the possible scams on all of their online services.

“It’s important to stay vigilant about it, because if you slip up it means that someone gets your bank account or your Social Security number,” he said. “Once someone gets information from you from your credit card and some information from you from other places and start to link all that together, it becomes really hard for you to retain your privacy, and retaining privacy is hard enough today.”

LeMasney and Brady urge anyone interested in learning more about online safety or another technological issue to sign up for one of OIT’s workshops at www.rider.edu/training.