Got an email informing you about an exciting job offer that not only suits your requirements like salary but location, too? Don?t hurry, as that can be a fraudulent mail.
In an era of organised cyber crime, fraudsters are not missing a single opportunity to haunt innocent users including job-seekers and interestingly, employers, too.
The fraudster logs in through a fraud server on job portals to hack out confidential information floating on the websites, ranging from details of job-seekers to employers.
?This is a complex social engineering attack,? said Srikiran Raghavan, regional manager, RSA, the security division of EMC.
The fraudster, who gets all relevant data including names, addresses, phone numbers and email addresses from the portal, uses them to send ?phishing? emails to people or opening a ?phishing? email address that attempts to acquire financial information or lure job seekers into fraudulent financial transaction.
?The main motive of the fraudster is to use this information for financial frauds,? said Raghavan.
?Since the fraudster gets all the authentic data, it is easily able to prove the victim?s identity to the tele-banker, ending up in illegal financial transactions?, he added.
There are two ways in which fraudsters do this. One is by sending ?spoof? mails that contains details of a fraudulent offer of employment and/or the invitation to serve as a go-between for payment processing or money transfers.
The mail either reads for instance, ?We have found your resume at ?a particular job portal? or the message comes from an employer looking for a candidate and asks for an active account number as one of the pre-requirements. Since the mail bears the logo of the original job portal, it wins the confidence of the job-seeker who replies to it without cross-checking the authenticity of the sender.
Another way is by sending ?phishing? emails to users asking them to download (malicious) software to access their account on the job portal or using the portal?s services.
?The mail says that this software will speed up the search and since it bears subject and address of the original job portal, the user ends up downloading the new software?, he explained.
These malicious softwares often called as ?crimewares? gets saved at an unknown destination on the user?s computer and since it stops doesn?t work properly the user soon forgets about exposing him/her to grave danger.
These softwares help the fraudster to track what ever the user does on his/her computer.
?So from opening a website link to checking your bank account on net all that you do is transferred by this malicious software to the fraudster leading to grave danger,? Raghavan said.
The job portals are on guard to protect the confidential data keyed in by the users and keep the users? trust intact. Monster.com persistently informs its users about the same through mail and making them aware of what precautions they should undertake to combat such kind of frauds.
InfoEdge (India), which runs naukri.com , is also not taking chances and monitors every move that takes place on the portal.
?Such incidents have not happen yet on our portal?, said Sanjeev Bikhchandani , CEO, InfoEdge (India), adding that the portal is taking all necessary steps to combat any such frauds from happening.