The types of service offered include help with resumes, cover letters, company research, networking, and advice targeted to individuals whose careers are currently in a transitional state. Career-management advisors are on hand for daily chats if required. The site is well organized and easy to navigate.
The site is well established and has been in existence since it was formed in 1999. It has the largest job search engine in the world. As this hacking case proves however, the security aspect of the site has left a lot to be desired. Monster.com has addressed these issues. However, nothing in internet security is foolproof as will be seen in this report.
The hackers had stolen the login credentials by use of "phishing" (the cloning of websites) techniques, and managed to extract several personal details. The BBC claimed in their news article on the topic that the stolen data would most likely be used to send phishing and spam emails. However, this was not the true purpose as was later discovered.
The fraud in operation was typically, identity theft, as opposed to a lapse of security on the Monster.com website. This occurred via a Trojan. This is a common technique used to obtain personal information, including login and email details.
There are numerous lessons to be learned from this incident. Monster.com has over 75 million visitors to its site. It offers a wide breadth of services. It also has approximately 5,200 employees and operations in 36 countries. Therefore it has a huge responsibility for the welfare of both its employees and the personal data of every person who registers on the site.
The data was used for phishing and spam attacks, and a "phishing blackmail scam" (Stokdyk, 2007, Para 1). The victims were persuaded, by a very realistic phishing campaign that the emails and the site they were associated with were genuine. They were fooled into downloading a job research tool, named the "Monster Job Seeker Tool." This was in fact a program that encrypted files in the victims' computer. The next stage was to demand a ransom note for money to provide the decryption.
In this instance, no amount of security or encryption on the site could have prevented the hackers gaining access to the personal data. They had access to all the information required throughout. Identity theft refers to the stealing of personal information with a view to using it in an illegal manner. This might be to use someone's credit card details or to apply for bank loans using false papers. There are several ways in which a stolen identity can be used for illicit purposes. The identity theft can be paper, or non-paper based. New ways and means of stealing personal data are being concocted on a daily basis.
Identity theft is rife in other areas of the business world, including the financial sector, and has caused numerous problems: "Growing numbers of identity theft