THE MONSTER STORY JUST WON’T GO AWAY

The International Herald Tribune—a subsidiary of the New York Times, who has an agreement with Monster.com to sell help-wanted advertising—printed a story on August 31, updating the earlier version. It quoted Monster’s CEO, Sal Iannuzzi as saying the data stolen “might be much bigger than the company believed…” Haven’t we heard this one before? He went on to say, “It could be in the millions.” We have also learned that 146,000 users of a government site, USAjobs.gov, run by Monster, had their data stolen. Using passwords lifted from companies that use Monster to find new employees, the scam progresses to the con artists contacting job applicants, posing as Monster.com, and asking them for personal data, ultimately to be used to hijack their identity. This is called spear-phishing, a technique that parallels a personalization ploy used by junk mailers in affinity mailings when they use the name of a major company as endorsement in mailing offers to their customers. It is this way that I received my United Airlines Mileage-Plus Visa card. The added endorsement by United, with whom I had been a member of Mileage-Plus for years, gave me confidence in the mailing. It is in this same level of implied assurance that Monster job-hopefuls are in when they receive these bogus e-mails. Back in 2005, my wife gave me a post from Monster.com relating to the protection of their online clients titled, “Protect Your Info,” by a member of Monster’s staff. This is a must read! It is almost as if the writer, Ben Murray, had a premonition of what just happened. Quotes from this article like “…would-be swindlers have found a new avenue by which to reach victims: Online job postings…” and “…allows con artists to reach vast numbers of potential victims.” and “Taking advantage of job seekers’ desire to please potential employers…” The piece goes on to caution users of the site what data to provide and what not to give up. Many obviously didn’t read this, and will suffer the consequences of the theft of their identity resulting in hours of effort, and thousands of dollars to put it back in order, if ever. But the worst blow to the Monster situation is Iannuzzi’s comment: “There is no guaranteed fix.” Interpreted: future breaches will occur unless you take control of your sensitive data.