The fake emails have subject headers like “Monster customer service: important notice” or “Monster customer service: please confirm your data!”
The phishing scheme was designed to lure job seekers to enter usernames and passwords into the fake site in hopes of obtaining personal data, such as Social Security numbers and date of birth, Dave Marcus, director of security research and communications for McAfee Avert Labs told SCMagazineUS.com on Tuesday.
“It appears the phishers are just looking for personal information at this point,” Marcus said.
According to the blog, the phishing domain appears to be hosted on a new UK domain with its DNS translating to a Turkish bot server.
”Monster is a very high profile lure,” he added.
As phishing attacks spoofing real companies becomes more common, site developers need to become more proactive, said Avivah Litan of Gartner.
“Why wait for the attacks to take place before working to prevent them?” she asked. “Companies like Monster need to make sure they have the security on their end to prevent the information from being stolen.”
However, Litan admitted that the people behind these phishing attacks are getting smarter, especially in using bots.
For this reason, Marcus added that it is important to check the address bar first to confirm the correct address or look to technologies that can verify web addresses or tell you when you are on a malicious site.
”We do not want to dissuade users or recruiters from using sites like these,” Marcus said. “We just want to remind them to exercise caution and good security awareness when surfing these sites.”