TEN26-07acc.pdf

ETA Advisory File Text

NO. 26-07 EMPLOYMENT AND TRAINING ADMINISTRATION U.S. DEPARTMENT OF LABOR WASHINGTON D.C. 20210 TO ALL STATE WORKFORCE LIAISONS ALL ONE-STOP CENTER SYSTEMS LEADS ALL STATE AND LOCAL WORKFORCE BOARD CHAIRS AND DIRECTORS ALL ONE-STOP CENTER SYSTEM STAFF FROM GAY M. GILBERT s Administrator Office of Workforce Investment SUBJECT Job Bank Security Fraud Awareness 1. Purpose . To increase awareness of potential threats to Personally Identifiable Information PII and other types of data stored in state job bank dat a systems and inform states and local areas about resources for job bank fraud prevent ion and reporting. 2. Background . The Internet and online job banks have changed the way people look for work. A recent Internet search on the words job banks retur ned over 1.1 million results. Many if not all state job banks are accessible over th e Internet. While the Internet can provide a safe and easy way for job seekers to ex pand the scope of their job search cyber scammers are targeting unsuspecting consumers using sophisticated tools and techniques. Threats to Internet security continue to increase. Attackers are becoming more organized and focused on financi al gain. Multi-staged attacks are increasingly used to obtain confidential information that can be used in identity theft and other Internet fraud activities and sc hemes. Attackers are targeting victims by first exploiting trusted entities such as job banks. Then using social engineering techniques they manipulate people into divulging confidential information that is then used to commit fraud. Cybercriminals are increasingly exploiting popular consumer Web sites to target trusting us ers. See Sharon Gaudin Cybercriminals Lurk in Dark Corners of Trusted Web Sites Information Week September 18 2007 available at http www.informationweek.com story showArticle.jhtml articleID 201807108 TRAINING AND EMPLOYMENT NOTICE DATE January 23 2008 2 EMPLOYMENT AND TRAINING ADMINISTRATION U.S. DEPARTMENT OF LABOR WASHINGTON D.C. 20210 3. Examples of Job Bank Fraud . According to recent media reports major commercial job Web Sites incl uding a government site run by a commercial organization have reported the the ft of confidential job seeker PII in the last six months A financial services company employee allegedly posed as an employer to gain access to a major commercial resume job bank in order to develop sales l eads. See Ross Kerber Online Job Hunters Grapple with Misuse of Personal Data Boston Globe October 1 2007 available at http www.boston.com business globe articles 2007 10 01 online job hun ters grapple with misuse of personal data Data apparently is being stolen using fraudulent ads placed on at least two online job sites and stockpiled by one hacker group using the latest va riance of the Prg Trojan program. See Susan Gaudin Phony Job Ad Nets More Stolen Identities Information Week August 21 2007 available at http www.informationweek.com news showArticle.jhtml articleID 2018015 51 . In addition ETA has received reports that job seekers in two states have become victims of Internet fraud after posting PII on a job bank. 4. Online Resources . The following government sponsored Web sites provide information about Internet fraud. Federal Bureau of Investigation FBI - IC3 s mission is to serve as a vehicle to receive develop and refer criminal complaints regarding the rapidly ex panding arena of cyber crime. The IC3 gives the victims of cyber crime a conven ient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations http www.ic3.gov . Common Fraud Scams and Internet Scams - A good source of information about common fraud scams and Internet scams is the Federal Bureau of Investigation Fraud Web Site. http www.fbi.gov cyberinvest escams.htm Federal Trade Commission - The FTC deals with issues that touch the economic life of every American and creates practical and plain-language educatio nal programs for consumers and businesses in a global marketplace with const antly changing technologies. http www.ftc.gov Federal Trade Commission Fighting Back Against Identify Theft - This Web Site is a one-stop national resource to learn about the crime of identity theft. It provides detailed information to help deter detect and defend against identity theft. http www.ftc.gov bcp edu microsites idtheft index.html Internet Fraud - This site provides a list of official government web resources to help in reporting and learning about Internet fraud. 3 EMPLOYMENT AND TRAINING ADMINISTRATION U.S. DEPARTMENT OF LABOR WASHINGTON D.C. 20210 http www.usa.gov Citizen Topics Internet Fraud.shtml Practical Tips from the Federal Government on How to be on Guard Against Internet Fraud http onguardonline.gov index.html . This site is maintained by the Federal Trade Commission with significant contributions from other Federal government organizations as well as the private sector. Protecting Personal Information A Guide for Business This site presents five key foundational principles of building a sound data security plan. http www.ftc.gov infosecurity Looks Too Good To Be True.com - This Web Site was built to educate the consumer and help prevent those using the Internet from becoming victims of an Internet fraud scheme. Funding for the site has been provided by the United States Postal Inspection Service and the Federal Bureau of Investigation . www.lookstoogoodtobetrue.com U.S. Postal Inspection Service - U.S. Postal Inspectors investigate any crime in which the U.S. Mail is used to further a scheme--whether it originated in the mail by telephone or on the Internet. The use of the U.S. Mail is what makes it mail fraud. http www.usps.com postalinspectors fraud welcome.htm 5. Reporting Internet Fraud . There are several sources to visit for information on how to report Internet-related fraud issues The Internet Crime Complaint Center http www.ic3.gov complaint . The Department of Justice s Reporting Computer Internet-Related or Intellectual Property Crime Web page provides access to a large number of agencies where you may report your information based on the type of occurrence. http www.cybercrime.gov reporting.htm The United States Computer Emergency Readiness Team US-CERT Web Site provides information on viruses and other issues related to cyber attack s. http www.uscert.gov . In addition the US-CERT Web Site can be used to report attempts either failed or successful to gain unauthorized acc ess to a system or its data including PII related incidents. The Econsumer.gov Web Site accepts complaints about e-commerce business or trade that takes place on the Internet across international borders. http www.econsumer.gov . 6. Action Requested . Addressees are requested to share this information with businesses job seekers and partners in their local areas as appropriat e. 7. Inquiries . For more information about Job Bank Security Fraud Awareness contact Anthony D. Dais Office of Workforce Investment at dais.anthony dol.gov 202 693-2650.