RI labor agency: Scheme targeted about 350 users of online career center

[Lee J <lee () riskbasedsecurity com>]

http://news.providencejournal.com/breaking-news/2013/10/ri-labor-agency-scheme-targeted-about-350-users-of-online-career-center.html

PROVIDENCE, R.I. -- The state Department of Labor and Training reported
Thursday that someone is pulling an online scam by fraudulently using an
employer's identification information to impersonate a business.

The fictitious employer contacted approximately 350 users of the DLT's
online career center, EmployRI.org, to request that they set up Yahoo
Instant Messenger accounts, import personal information and download
particular files, the department said late Friday.

The DLT has contacted the state police and is working with the Attorney
General's Office.

The DLT said it is concerned that anyone who did respond to these requests
or download these files may have compromised the security of their personal
information and/or their computers. DLT has records of all users contacted
by this fictitious employer, and, in the interest of timeliness, has used
email to notify those affected. DLT is also sending official notifications
by mail.

As a precaution, the department is recommending that any of the 350
contacts who did provide information or download files through Yahoo
Messenger immediately report a possible breach of security to the three
major credit reporting agencies: Equifax, Experian and Trans Union. The
department has also pledged to make up to three months of credit monitoring
services available to affected individuals if they choose this service.

It is important to note, the DLT said, that this security breach is limited
to the 350 users identified by the department, all of whom were invited to
pursue further contact with the fictitious company through the Yahoo
Messenger application. Those EmployRI.org users who have not received a
message to provide further information through Yahoo Messenger are not
considered at risk.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.