Scope of Monster.com Data Theft Widens

Computer data thieves who hit the Monster.com job site managed to acquire confidential information posted by more than 1 million job seekers, a company official says. The attack on Monster's site was executed from a server in Ukraine.

Copyright © 2007 NPR. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

RENEE MONTAGNE, host:

That phishing attack on the Monster.com jobsite was even worse than the company first admitted.

An executive said yesterday that confidential information was stolen from more than a million jobseekers. That's our last word in business today. The hackers who attacked Monster's site gave their hacking software program an appropriate name - info stealer monsters.

Copyright © 2007 NPR. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to NPR. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.

Beware of E-Mails 'Phishing' for Dollars and More

A phishing e-mail pretending to be from Citibank. i

A phishing e-mail pretending to be from Citibank. FDIC hide caption

itoggle caption FDIC
A phishing e-mail pretending to be from Citibank.

A phishing e-mail pretending to be from Citibank.

FDIC

In the News

Tom Regan in the 'Christian Science Monitor'

Examples of 'Phishing'

The most common form of phishing is an e-mail pretending to be from a legitimate retailer, bank, organization or government agency. The sender asks to "confirm" your personal information for some made-up reason:

  • Your account is about to be closed.
  • An order for something has been placed in your name.
  • Your information has been lost because of a computer problem.
  • Phishers say they're from the fraud departments of well-known companies and ask to verify your information because they suspect you may be a victim of identity theft.
  • In one case, a phisher claimed to be from a state lottery commission and requested people's banking information to deposit their "winnings" in their accounts.

Source: National Consumers League

It happens countless times a day. People receive e-mails from what looks to be a familiar company — their bank, credit card company or another organization. It looks legitimate, often featuring a company logo, but something just isn't right.

Online "phishing" scams reel in unsuspecting users, who can have their personal information, identities and money stolen by unseen thieves.

Tom Regan, host of the NPR News Blog, recently had a close call with a phisher. He talks to John Ydstie about what happened and how to avoid being a phishing victim.

"I think it's the way most people do get caught," Regan says of his phishing encounter. "I wasn't paying any attention to what I was doing."

He opened an e-mail that looked very similar to one he received from his bank. It asked him to log into the site by entering a user name and password. Regan filled in his user name but then looked at the Web address.

"That's when I knew right away I had made a mistake because the URL was not the URL of my financial institution," he says.

He closed the browser immediately, went to the correct Web site and changed his password.

"I got lucky," he says.

In most cases, phishers and scammers can't duplicate the exact URL of a bank or a credit card company. But they try to make it appear as if they're a legitimate site.

For example, in faking the Web address for PayPal, a popular online payment tool, phishers will use the number "1" instead of the letter "l" in the company's name.

"They count on people not to notice that," Regan says. "They'll slightly misspell a word ... but people are busy and they don't notice. They click on it and they go."

Also, watch out for https at the beginning of the URL. Normally, that's a sign of a secure site. If the tiny lock at the bottom of a browser is open, the site is not secure.

Your name, birth date, Social Security number and mother's maiden name can all be used by online thieves.

"They're phishing constantly for any little bit of information that they can find that they can use to get access to your money," Regan says.

In the end, you have to weigh the risks of convenience against security.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.