One of the first things I saw this morning was an email, apparently from Monster, alerting me to some new tool I need to download to continue using Monster. Naturally, the message included a convenient link to download the new tool. You know where this is going, don't you?
The message has the look of something from Monster, including lots of images, links to more Monster stuff, and the usual legalese at the bottom. It looks right:
I hope you're not surprised when I tell you that this is not from Monster. It's from someone who wants me to download an unknown executable file (http://[redacted].com/monst/jobseeker_tool.exe). I don't know what the program does, but I know two things: it's not a new Job Seeker Tool from Monster, and it doesn't do anything I want done to my computer.
How do I know (and what can you do when you get suspicious messages)?
- Any suggestion to download software from an email is automatically suspicious. Companies just don't do that anymore because of the risk of messages like this one.
- Look at the full message headers. Addresses that don't match the purported sender are a warning, but their absence doesn't mean the message is legit.
- Right click on the "click here" text and copy the link location. Paste the URL into a new message to read it. In this case, the link connects to a file that is not hosted on a monster.com address. That's pretty definitive.
If you can't copy the link location using the right click technique, look at the raw HTML of the message. You're looking for something that looks like this:
<a href="http://www.somewhere.com/file.exe">
Once again, if the link doesn't point to a monster.com address, something's wrong. And if it points to an executable file (.exe), you should be extremely cautious.
- If Monster really wanted me to download a new tool, I could get it from the web site. If you get a message offering software, type the URL or use your bookmark to go to the web site, and look for it there. Don't use the link embedded in the email message.
Whether it claims to be from Monster, eBay, PayPal, or a bank, this kind of fraudulent email is all too common. Before you click, think it through, and make sure you're not about to install some malicious program or give your personal information to the bad guys. A few minutes of caution now could save you a lot of cleanup later.
Monster has more tips for a safe job search.
Update: The folks at Monster reminded me that even the links to legitimate Monster pages may be compromised in this type of message. It's possible to make a link that looks right but actually links somewhere else. If there's any doubt, type the link address into your web browser for yourself.
Tags: Monster.com fraud email
