Since the icendent that happened to the job site Monster.com, I’ve been thinking. Here’s some of the thoughts I’ve been stuck on:

- Monster was not hacked
- Users of Monster were hacked
- Bot networks and phishing works despite all the education and
  warnings
- This possibly, at least in my mind, open the door for a more
  dangerous attack

I’ll be honest. I’ve not read all the news and articles about the subject. But I’ve skimmed enough to glean that Monster was in fact not hacked. You have to read between the lines to get this, but it is far more likely that users were somehow conned into giving up personal information. Most of the personal information that was in this cache, is freely available on Monster or the phone book anyway. Bot networks and phishing scams are successful because people keep clicking and downloading this malware despite all the warnings from the news, security experts, and friends and family. If they weren’t successful we wouldn’t be dealing with them right now. And even though that’s not what the news is saying about Monster, that’s what I believed happened. They scrapped Monster for verified user info. Sent them all an email stating that their accounts needed attention and they should click a link to update their information ASAP or their painstakingly entered resumes would forever be deleted. I didn’t receive one, but that would be pretty convincing don’t ya think. I get a similar one on a weekly basis from “Paypal”. Which arrives at an email address that isn’t associated with my Paypal account at all. So that’s a tip off. I also get frequent ones from “Bank of America”. A bank that I don’t even bank at. But, by getting email addresses for actual users of a site would make an attack that much more likely to succeed. The last thought is one that particularly troubling to me. A few weeks ago I was on one of the job sites and found a interesting job. When I clicked apply it took me to the employer’s website. Here I basically had to re-enter all of my data in order to apply for the job. Much of the information was required to complete the process. Every bit of it was required in order to apply for the job. I did follow through and applied for the job. Now I’m thinking that this “employer” could have just as easily of been a scammer. How hard is it to get an employer account anyway? How much does it cost? They could post up a few jobs that were irresistible and when you click “Apply” it takes you to their site. Then they have you. They can require any and all bits of info. And just like me the other day, you’d probably complete the process. The sites I applied on the other day did not ask for mt SSN, but they weren’t reputably known companies either. I’m not sure if I would or would not have provided that info had they asked for it. Would you?