Security Centre: Expert advice on avoiding online fraud
Dear Valued Monster Customer,
Protecting the job seekers who use our website is a top priority, and we value the trust you place in Monster. As you may be aware, the Monster CV database has been the target of malicious activity that involved the illegal downloading of the contact information of some Monster job seekers. We responded to this specific incident by conducting a comprehensive review of internal processes and procedures and securing the accounts of those customers whose login credentials had been stolen and used to access the database. We then notified affected job seekers that their contact records had been downloaded illegally, and shut down a rogue server that was hosting these records.
We are committed to maintaining an ongoing dialogue with all of our job seekers about Internet security and the steps Monster is taking to protect its job seekers. With this in mind, we want to make you aware of several security enhancements that Monster is in the process of implementing. Not only do these changes aim to deter unauthorised users from accessing our system, but they also protect your account information with an even higher level of security.
- To reduce the chance that account information may be accessed by unauthorised persons, several new methods are being introduced to increase the security of our customer's accounts.
- Monster is working with law enforcement officials to report and investigate incidents of data theft and unauthorised use of our customers' credentials.
- Global monitoring of all website activity is being conducted around the clock, so that any future attempts to access job seeker information can be identified and terminated as soon as possible.
- Our ongoing anti-phishing efforts include real time monitoring for phishing incidents and reporting phishing sites for termination.
- Monster has formed a Security Task Force made up of senior management from the Monster organisation. The task force is committed to developing infrastructure advances that will further enhance the security of our customers and services.
- We continue to provide our customers with educational material that ensures awareness of phishing, account security and conducting a safe job search. Learn more
- As always, Monster provides customer support around the clock. Rest assured that, if you suspect your Monster account information has fallen into the wrong hands, you can contact us at any time to discuss your concerns.
Sincerely,
Sal Iannuzzi
Chairman and CEO
Monster Worldwide
Every Internet site in the world is facing the growing issue of fraudulent usage of information, and we want to work with users around the world to stop this practice. Please keep reading to learn more about the warning signs and what you can do.
Spam email is such a common occurrence today that you may think you know what to look for. But there are two types of email scams – what's known as 'phishing' and 'spoofing' – that can be more difficult to identify. Both practices concern fraudulent email where the 'from address' has been forged to make it appear as if it came from somewhere, or someone, other than the actual source. Below are the warning signs to look for:
What’s 'phishing' all about – and how do I spot it?
Phishing emails are used to fraudulently obtain personal identification and account information. They can also be used to lure the recipient into downloading malicious software. The message will often suggest there are issues with the recipient's account that requires immediate attention. A link will also be provided to a spoof website where the recipient will be asked to provide personal/account information or download malicious software. Monster will never ask you to download software in order to access your account or use our services.
How is it different than 'spoofing'?
Spoof emails often include a fraudulent offer of employment and/or the invitation to serve as a go-between for payment processing or money transfers. This scam is primarily directed at a general audience, but it can also reach Monster members who have included contact information on their CV. Like with phishing emails, the sender's address is often disguised.
Examples of fraudulent email
These examples of fraudulent email show you what to watch out for (click to see details):
The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. The Anti-Phishing Working Group has compiled a list of recommendations that you can use to avoid becoming a victim of these scams.
- Be suspicious of any email with urgent requests for personal financial information
- Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
- They typically ask for information such as usernames, passwords, credit card numbers, social/national security numbers, date of birth, etc.
- Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic
- Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser
- You should only communicate information such as credit card numbers or account information via a secure website or the telephone
- Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
Managing Your Account
Your login information, especially your password, is the key to your account. To prevent unauthorised access to your account, we recommend that you never share your login information, change your login information at least every three months, and always use a complex password.
Here are tips on how to create a complex password:
- Simple passwords that might be easy for others to guess (e.g., monster, monster1, 1234) are prohibited. Instead, try using words or phrases that have more personal meaning.
- Your password must have a minimum of 8 characters. Try using more if you can. Each additional character helps.
- Make sure you use at least one number or symbol (other than '&', '<' or '@', which are restricted) in your password. Not only is it required, but doing so makes your password harder to guess and harder for automatic decoders to generate.
- To make it easier to remember, try replacing several letters in your password with a number or symbol that look similar; for example, use a zero instead of the letter O, and replace the letter S with a $.
- Create a pass phrase. Monster supports use of the space bar in passwords, so you can use a complete phrase as your password.
Avoid these common password mistakes:
- Words found in the dictionary are easier for others to guess. Using a random series of characters is best.
- Sequences of characters and repeating characters (e.g., 123456, abcdefg, 9999) are also easier to guess. If you change your password every month from 'password1' to 'password2', 'password3', etc., someone could easily crack your code.
- Never use a password that is the same as, or a variation of, your username, email address, real name, or company name.
- Never use a password that is used as an example of a secure password.
Keep your password secure:
- You're the only person who needs to know your password. Don't share it with anyone. If you're concerned that someone else might know your password, change it immediately.
- As tempting as it might be to write your password down to help you remember it, this is very unsafe. Take a few minutes to memorise your password.
- Never email anyone your password, and most importantly, never respond to an email that is asking for your password. Monster will never email you asking you to supply us with your password.
To learn more, see Microsoft's Strong Passwords: How to create and use them.
Reporting Fraud
If you suspect that you've received a fraudulent email that is targeting Monster and its members, please contact us so that we can investigate and take the appropriate action. After reporting the fraudulent email, you should delete it from your inbox.
Note: To ensure we can thoroughly investigate your reported fraud, please do not change, or retype, the subject line of the fraudulent email. Also be sure that you include the complete header information from the email. For instructions on how to display complete header information, please visit the SpamCop website.
More Resources
