As national unemployment figures continue to remain high, you can find cybercriminals cashing in on the wave of applicants posting resumes to a range of job banks and other employment websites. In January 2009, both Monster.com and USAJobs.gov were hit with a monster-size breach that allowed thieves to confiscate personal information such as IDs and passwords, email addresses, phone numbers, DOBs, and more. Earlier this year, the Cyber Investigation Unit of the FBI reported an uptick in the number of employment schemes from mystery/secret shoppers to envelope stuffing to courier services scams, all involving victims that had relinquished their bank account data, social security numbers and other personal idenitifying information online.
In this current economic climate it’s never been more important to circulate a resume, and cybertheives have never been more interested in finding your resume to make a profit rather than finding you employment. The key to attracting legitimate employers is to recognize when and where to post your resume, and what job offers to respond to and which ones to ignore. Minimize your risks online by discouraging fraudulent businesses from approaching you.
Some applicants feel that by making employers take additional steps to obtain their resume, the company will quickly lose interest. But the fact is your legal name, address, phone number, work history and even your references, when posted publicly, can potentially fall into the hands of identity thieves. Most employment websites do offer a privacy feature that allows applicants to hide private information. If you should decide to post to an employment site that does not offer this option, use a disposable email address and purchase a P.O. Box at your local post office. Replace your current contact information with the disposable email and PO Box on your resume. You’ll be avoiding possible risks should the online job site have a data breach.
While it may or may not increase your chances with potential employers, the fact remains that you need to consider that your reference’s contact information is available to everyone that views or downloads your resume. You’re placing their private information at risk, which is not the best way to handle references should you need them in the future.
This statement falls somewhere between fact and fiction. As far as resume formats go, it’s an absolute necessity. However, you do need to consider that anyone can call your school and request your personal information without your consent. If you’re currently in college, request a FERPA (Family Educational Rights and Privacy Act) form from your school’s office. Once they have it on file, only legitimate institutions and businesses can have access to your information. Students under 18 will need their parents to sign the form. For more information about FERPA forms, see the U.S. Department of Education’s site.
The fact is online job sites have sped up the hiring process considerably, but that fact alone doesn’t necessarily make them legitimate. Most businesses continue to move through the hiring process methodically, requiring one, two and sometimes three interviews before having potential employees complete a formal written application asking for personal information, work history and references. If you feel rushed to supply the employer with your SSN or drivers’ license, then consider it a big warning to walk away. Legitimate employers do not conduct background checks until the interview process is completed. Consider the following as signs or warnings that you may be looking at a fraudulent job offer.
o The employer requests your bank account numbers
o The position requires you to transfer money
o The position requires you to open accounts with e-Bay, Pay Pal or Western Union.
Now some of this information may seem obvious, but the cybercriminal’s key to success is to rush you through the entire process before you’re even aware that you’ve been a victim.
Here are some other tips that may cause you to reconsider that too-fabulous-to-be-true, dream position:
o You receive an email about a job offer but the email address does not contain the domain name of the company.
o The fax or phone number does not have the same area code as the corporate phone number.
o Before giving any information whether through email or the phone, play Magnum PI and conduct an online search of the company making the job offer or the person who has contacted you. If you’re still not satisfied, contact BBBonline.com or the State Attorney General’s office where the company is located.
o Call the company’s HR department and verify that the person who’s contacted you on the company’s behalf is legitimate.
Unfortunately, this is more fiction than fact for many job seekers. The rule to remember here is, if a job offer emailed to you seems very “general” or has a “vague” job description; it may not be a job offer at all. The email might contain a link that redirects you to yet another job site inviting you to post your resume, or it might be an email marketing campaign for an employment conference, seminar or class attempting to solicit money from you. Either way, it pays to think twice before replying to these responses.
Some of the more common emails may include:
• Invitation to post to another job site and the invitee doesn’t bother to tell you they get a small referral fee when you do.
• Promises of a “dream job”, only after you paid their fee.
• Claims they have a great opportunity for you, only the recruiter can’t seem to remember the company or the job title to this spectacular position.
• Invitations to self-help seminars, promising a job only after you’ve purchased their seminar.
Some email job offers are actually valid. In a recent World Privacy Forum job search study, the best job offers come within the first month of a resume being posted. If responses seem scarce, you may want to take down your resume and start over.
For more information about online job sites, check out the Job Searcher’s Guide to Online Job Sites. The information on this site lists and rates job sites according to a specific set of criteria including privacy policies and the use of tracking cookies.