The message, featuring a subject such as “Monster customer service: important notice” or “Monster customer service: please confirm your data!”, provides a link that the user must click in order to arrive on the upadte page.
As expected, the link actually leads to a phishing domain hosted on a new UK domain with dns leading to a bot in Turkey.
“We can see from this phishing site, the phisher is mainly targeting recruiters for their logins and passwords. This would enable them to access hundreds or even thousands of job seekers’ CVs which often contain a gold mine of sensitive data. Other elements of the recruiters account could be useful as well,” says McAfee’s Zhedong Chen
“Due to the amount of personal and sensitive information which is saved there, they are very valuable to phishers. This data could be used to further target or spear phish individual victims by name and even work interests. The level of personal data on a CV is pretty high, and in the wrong hands outright dangerous. Be vigilant against unsolicited emails,” he adds.