The latest attacks target job seekers in separate ways.

The scheme uncovered by Symantec uses stolen recruiter credentials, which are allowed to search the database of résumés with broad queries, to find potential victims and send their details to a server in Eastern Europe. Computers infected with the Infostealer.Monstres program requested the searches, making the database queries appear to come from a large number of systems, and thus, less likely to arouse suspicions.

The attack underscores that sites holding sensitive information need to have better technology in place to detect not just obvious attacks, but more subtle anomalies like the searches on Monster.com, said Prat Moghe, founder and chief technology officer for Tizor Systems.

"The job sites have not been an obvious target so far because they have advertised their information in the public space for some time," Moghe said. "But attackers have now figured out how to use those e-mails for other scams. This is a secondary attack."

The personal details mined from Monster.com were then used by scammers to send offers for work-at-home positions that required the victim to open a new bank account or use their current account. Any person that gave up such details would likely see several quick withdrawals, Symantec's Martin said.

"Part One of the attack is to steal information -- all attacks start that way -- and they just happened to steal job information," Martin said. "Part Two is they get your bank account and steal your money."

The attack uncovered by SecureWorks is more traditional, but uses malicious code in advertisements on job sites to infect victims, according to SecureWorks' Jackson. The information -- including name, address, and Social Security numbers -- is then used for identity fraud.

"These job sites get quite a bit of traffic, so it is no wonder that the hackers are having such success," Jackson wrote in his blog post.

Symantec has notified Monster.com of the stolen recruiter accounts, the company said.

If you have tips or insights on this topic, please contact SecurityFocus.

UPDATE: The article was updated with comment from CareerBuilder.com.