Watch Out for Identity Theft through Bogus Job Postings
Tap to Call - (877) 250-8242

Phony Ad Among Online Job Listings Leads To Identity Theft

Some people who have been using online job search sites such as have gotten more than they bargained for at the websites.

A fraudulent advertisement on the sites has reportedly been installing a Trojan on users' computers that was designed to steal their personal data, and their identities.

A Trojan is a program that installs a malicious piece of software on a computer.

Unlike a virus, a Trojan relies on the user to execute the software in order to operate. Trojans often masquerade as something useful or fun in order to trick the user into executing the program.

Once the malicious software is unleashed, it operates in a stealth mode so that the user often never realizes that their computer is infected until the damage is done.

Don Jackson, a researcher from the security company SecureWorks, has said that he has found data caches that have information on approximately 100,000 stolen identities.

The identity theft ring responsible for these Trojan-laced ads has been nicknamed the "car group" because they store the stolen information on servers named after different car companies.

The size of the stolen data files indicates that the thieves have found reliable ways to obtain the personal information and are possibly using many different methods.

The data has been stolen using the latest variance of the Prg Trojan, which also is known as Ntos, Tcp Trojan, Zeus, Infostealer.Monstres and Banker.aam.

The information that has been collected by the identity thieves includes information on users' bank and credit card accounts, Social Security numbers and online account usernames and passwords.

Researchers estimate that the Trojan appeared on two major job sites beginning in early May and each user's computer was infected individually.

Jackson explains how the Trojans infect users' computers and gather data this way: "The hackers behind this scam are running ads on job sites and are injecting those ads with the Trojan."

When a user views or clicks on one of the malicious ads, their PC is getting infected and all the information they are entering into their browser, including financial information being entered before it reaches the SSL-protected sites, is being captured and sent off to the hacker's server in Asia Pacific."

He added that there is still one server out there that is collecting stolen identities and as many as 9,000 to 10,000 people at a time are unknowingly sending their personal data to this server.

Online job listing sites are extremely popular and these thieves have cashed in on it. Since job websites receive so much traffic it has been easy for these hackers to simply place their ads on the sites in order to infect computers all over the world with their data-collection Trojan programs.

Microsoft's Internet Explorer web browser, WinZip and Apple's QuickTime were all vulnerable to the Trojan and since the problem has been identified the manufacturers have patched the software.

Some of the servers that have been storing the stolen data were located in Russia and Hong Kong, but the researchers believe that the major caches of stolen information are on a server in Malaysia.

The Trojan responsible for this identity theft is often difficult to locate and remove. New versions of the Trojan are scrambled so that anti-virus software often misses the infection.

Researchers at SecureWorks say that if a computer has port 6081 open, it is likely infected. To remove the Trojan users should reboot into Safe Mode and try their virus scanner again. If the anti-virus software still cannot detect and remove the Trojan, at that point the operating system may need to be re-installed to get rid of it.

If you believe your computer has been infected by a Trojan at a job search site, experts advise putting a freeze on accounts and attempting to remove the Trojan from your computer. Your online passwords will also need to be changed from a known clean computer.

Notify your bank and creditors that you believe you may have been a victim of identity theft and have them take the appropriate action to secure your accounts.

It is really a pain to have to freeze all of your accounts, change all of your passwords and even possibly re-install your computer's operating system; however the alternative is much worse. If you are a victim of identity theft your credit can be destroyed in an instant.

A thief can destroy you financially and send you running to court for bankruptcy protection, all through no fault of your own.

Be cautious with your personal data. Run virus checks often and regularly update your virus definitions. The old cliché is true here: It's much better to be safe than sorry.

» Back to Bankruptcy Articles

Tap to Call - (877) 250-8242

Disclaimer: The information provided on this site is not legal advice, does not constitute a lawyer referral service, and no attorney-client or confidential relationship is or should be formed by use of the site. The attorney listings on the site are paid attorney advertisements. Your access of/to and use of this site is subject to additional Supplemental Terms.