Seek.com.au targeted by e-mail harvesting tool

Seek.com.au targeted by e-mail harvesting tool

Summary: Security researchers have discovered an e-mail harvesting tool that was pre-configured to target Seek.com.au's candidate database — but a Seek executive claims its database is immune to such an attack.

SHARE:

Security researchers have discovered an e-mail harvesting tool that was pre-configured to target Seek.com.au's candidate database — but a Seek executive claims its database is immune to such an attack.

The e-mail harvesting tool, which has been assessed by security researcher Dancho Danchev, attempts to pilfer candidate details from databases that are usually only accessible by advertisers. It is configured to attack 10 different recruitment sites — mainly based in the US and UK.

The tool relies on the availability of stolen passwords, likely acquired through targeted malware and keylogger attacks on potential advertisers, Danchev told ZDNet.com.au.

"The tool uses and logs onto the site as a registered user, in order to gain access to [information] normally restricted to [advertisers]. Going through some of the log files that I obtained, full names associated with e-mail addresses from certain sites were found," he said.

However, Seek product director Carey Eaton told ZDNet.com.au that even if an account had been compromised, Seek's databases are immune to the automated attack tool because of the way it structures advertiser access to its candidate databases.

"All those [US recruitment sites] offer casual advertisers résumé database products where customers can get wholesale access to the database of candidates — Seek does not have such a product and part of the reason we don't have one is because of this issue," said Eaton.

"Only trusted advertisers of a certain volume can get access to the résumé database. That's the first hurdle," he said. Also, advertisers can only search within specific categories relevant to previous job postings.

"For example, if you place an IT job in a certain location, you can only search the résumé database within IT in that location, so this means there is no such thing as doing a search on our entire database," he said.

But Danchev claims there is a risk: "Any database of any of the sites mentioned can be parsed to a certain extent — not the whole database, but significant parts of it... The idea behind the assessment was to raise awareness of the fact that automated tools are in the works, and how career Web sites should balance usability with security".

Seek's Eaton disagreed: "To use an automated tool to parse the database, it would have to post ads, and speak to customer service, so it fundamentally won't work."

Chris Gatford, senior security analyst for Pure Hacking, told ZDNet.com.au that Seek advertisers were recently targeted by phishers who were attempting to gain passwords to their Seek accounts to post job ads for money mules.

"Their rationale was that if you get an organisation like Commonwealth Bank advertising one of these money mule jobs, they would have more credibility and attract more people," said Gatford.

Seek's Eaton said fraudulent job advertisements is one area that Seek "throws resources".

"We throw resources — money and time — at the detection of fraudulent activity... For every new advertiser, we check that they are a human being. The key goal is to reduce the amount of fraudulent activity published to the Web site to zero, and to reduce the impact to job seekers."

"We are dealing with highly sophisticated criminal activity, generally around money laundering, identity theft, and fraud," he said.

Other recruitment sites targeted include CareerBuilder.com, ComputerJobs.com, MilitaryHire.com and Monster.com.

Topics: Collaboration, Malware, Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Seek related spma

    I get at least 2 emails a month from people offering me money mule jobs, how did they get my address, possibly from seek. I have not given this address out to anyone else so...
    anonymous
  • offering money mule jobs

    yup welcome to the world of promises of protection frm spams......!!!

    i get 5-6 a day or even more....!

    are you on face book..? or any other live wireds....!

    their taking us for fools gulliebled into thinking all is well... but look @ state of how all is not so squeaky clean....

    just covering up cover ups sweeping under carpet hoping all will go away as gillard pointed out on sbs that its in the hands of the police....???

    come on not born yesterday we´re made to believe their the best great fair @ what they do....!!!

    so why are there still racist views flying @ us from govts media etcs,,,??

    if really where on ball would rubber reinforce glass inbuilt domed solar panelled walls floors roofs containers shelves tubes tubs enclosures so all protected from these blow ins who professing all is safe healthy hygienic protecting planet....???

    just beyond me how can keep going on in such racist hatred towards certain people,,,,????

    sure wish would wake up &* see the damage doing to us planet fauna.....!!!!!
    anonymous