I’ve had a resume up on Monster.com for years. Haven’t done much to it for most of them.
So I was surprised to get an email today purportedly from Monster telling me that I need to download some file to ensure “security.”
Naturally, the link does NOT go to monster.com, but instead to some executable file on this blog. The actual link is http://www.krazynonsense.com/blog/MProtectOne.exe. Whether the owner of that blog is an identity thief or just got his/her blog owned I don’t know. Viewing the raw source of the email, you can tell that it actually came from u15165024.onlinehome-server.com – IP address 217.160.240.148.
But wow.
I mean, how do unsophisticated web users survive? The email looks real. Has a Monster logo. Appears to come from Monster. The message is written in a credible manner (if you don’t know anything about browser security). The program name, Monster ProtectOne, sounds like something an MBA-wielding marketer would come up with.
I’m glad I have familiarity with internet scams, but my dad would click on this in a heartbeat.
I’ve gotta get him a Mac.
[ update ]I haven’t found anything on Google about this scam yet, so I’ve let Monster know about it via the live chat feature they have on their site – very cool.
Transcript:
[tags] phishing, monster.com, virus, identity theft, john koetsier [/tags]Received:Hello John.
Received:Thank you for contacting Monster Customer Central. My name is Sebin. How may I assist you today?
Sent:Hello, I just got emailed a phishing scam email that purports to be from Monster.com
Sent:I’ve posted the details here: (link to this post)
Sent:Please inform someone in your technical/security team
Sent:(sorry for contacting you, but this was the only way I found on your site to actually let someone know about this problem)
Received:Sure I will do that..
Received:Thank you for bringing this to our notice.
Sent:if they want to get a copy of the actual email from me, my email address is john@sparkplug9.com
Sent:you’re welcome
Received:I will get back to you with the details..
Sent:have a great day.
Received:Is there anything else I can help you with?
Received:You too..
Received:Thank you for using Monster..
Sent:ummm … no, I don’t think so
Received:Bye.
Hi there!
I’m actually the owner of KrazyNonsense.com and I was just recently informed of the activity on my site. Yep, I got h4x3d :[
I believe there was also another phishing thing there that was for Chase bank. Yikes!
Anyhow, thanks for letting Monster know. I’m taking that thing offline because it’s been nothing but problems and I don’t use it anymore.
Thanks again!
Good to hear from you, Michael, and glad that it’s all fixed up now!
[…] I appreciate the warning, especially given the increasing sophistication of phisher’s attacks. And, as you might imagine, this has happened before: http://www.sparkplug9.com/bizhack/2006/07/20/monster-phishing-scam/ […]