Career Advice for Job Seekers

Online Job Search: Beware of Spoofing, Phishing, and Other Scams

August 22, 2007

You’ve posted your resume to Monster.com, Careerbuilder.com, YahooHotJobs.com, etc., and begin monitoring your inbox eagerly for responses from recruiters with that dream opportunity. You respond quickly to any and all inquiries, some of which request that you to go to the company or recruiting firm’s website to submit further information. You have now entered the Internet Danger Zone.
Here is a possible scenario: You’ve received an e-mail indicating the sender has seen your resume online and has a potential opportunity that seems to be an excellent match for your qualifications. The e-mail has a form for you to fill out and submit, or contains a link to a website where you are asked to provide further information for your “application.”


Detailed personal information is requested, sometimes including social security number, driver’s license, etc. You dutifully complete the forms, and look forward to the next step in the recruiting process. But you never hear from these folks again, and when you try to visit the website 2 weeks later, it has disappeared. Your inbox is suddenly filled with mountains of spam, or your computer comes to a screeching halt due to viruses, adware, or malicious “bots” (software robots that run automated tasks over the Internet using your computer, such as denial-of-service attacks, spamming, or click fraud schemes). Worse yet, your identity may have been stolen, your bank account emptied, or your credit ruined.
Here are a few suggestions to help ensure that what you find on the Web is a lead to a wonderful new job, not a nightmare as was described above:

  1. Type any URL in an e-mail you receive directly into your browser, rather than clicking on a link in the e-mail.
    • Roll your mouse over the link to reveal the underlying URL and verify that it matches what shows on your screen. In some cases you can right-click on it and then “View Properties” to see the actual URL.
    • For greater safety, type only the main URL into your browser, and then locate the particular page in question by using the site’s navigation buttons.
  2. Make it a policy that you do not provide sensitive information to anyone via web (or phone), such as social security number, driver’s license number, bank account, credit card etc. Keep these things in mind:
    • When the appropriate time comes to fill out a job application that includes social security # or other private information, it is best to do it in person at the company’s or recruiter’s office.
    • Most legitimate companies will delay a background check until the interview process is well underway and an employment offer is about to be made.
    • There is NO reason that a recruiter, job board, or employer site should ever ask for your credit card number, bank account number, PIN, or password!
  3. Do not share personal information with anyone unless you have verified that they are who they claim to be. Some of the many ways to do this are:
    • Google the company and verify that they are legitimate.
    • Check the Better Business Bureau for any negative information.
    • Visit the company or recruiting firm’s website (accessing it via a link you find yourself via Googling, NOT one contained in their e-mail), and
    • Verify that the website URL you are being asked to visit is the same as the one you found independently.
    • See if the opportunity mentioned is listed there. The fact that it is not listed does not necessarily mean the opportunity is not real, but finding it there adds to your assurance.
    • Visit their “Contact Us” page and see if the e-mail addresses given there are structured similarly to the one on the e-mail you received, e.g., “nameofperson@nameofcompany.com.” You may even be able to verify that the person who e-mailed you is indeed a member of the firm as they represented.
      (There is a side benefit to doing this due diligence work: You will learn more about the company, the recruiting firm, or the specific person contacting you–intelligence that can be used to advantage in preliminary communications with your contact.)
  4. If you absolutely feel you must provide personal information online:
    • Be sure that you have properly verified the site and that once you have proceeded to the page requiring personal information, the URL begins with “https” (not just http). “Pharmers” can actually hijack domain name servers (DNS) and take you to a fake site, even when you type in the URL (such as “www.paypal.com”). The “https” ensures that an SSL-enabled (secure) version of the website is displayed, or if not, your browser should alert you via a pop-up that the site has been hijacked, saying that the site’s “SSL certificate” does not match the URL you accessed. (Be sure that IE is set to verify and notify you on certificate authenticity.)
    • Once on a site, do not fill out anything on a “pop-up” screen that appears while you are filling out the form. The scammer could have taken you to a legitimate site, and still hijack your information using a pop-up.
  5. Be wary of anyone asking for money in exchange for “representing” you or “marketing” you. A legitimate recruiter is paid by the company, not by the candidate.

Note that even your name, address, phone number, and e-mail address (contained in most posted resumes) can be of potential value to scammers. This information can be compiled for sale to spammers or junk mailers for use in their campaigns, or more ominously, used by those engaged in something called “synthetic identity theft” (a fake identity is created by assembling bits and pieces of real people’s personal information).
Posting your resume online has inherent risks that must be weighed against potential benefits. To completely avoid risk, don’t use the job boards. To dramatically limit your risk, post providing only an e-mail address and/or cell phone number obtained specifically for the job search, or use only those sites where you can post a “confidential” resume. If you do opt to post a complete resume with full contact information and specifics of your employment and academic history, be prepared for spam e-mails, and carefully evaluate any e-mail inquiries before responding. (The same caution should be exercised in dealing with telephone responses to your resume.)
Scammers, phishers, and spoofers are, of course, nothing new to online job search, and I have covered the topic briefly in some of my executive career transition blog posts. Prompting me to write another article now were FOUR prospective clients in recent weeks who related tales of woe regarding identity theft that had made them reluctant to ever use the Web again for employment search. One unfortunate individual had a very substantial bank account emptied, and another had elements of his professional knowledge and writings plagiarized.
The following links provide further information about Phishing and Spoofing to help you protect yourself against fraud and identity theft:
National Consumers League
Stay Safe Online
Career Builder Job Seeker Info
Washington Post Blog
Remember that identity thieves and scammers are experts at their craft, counterfeiting legitimate sites to fool job seekers into becoming victims. If you plan to use the Internet in conducting your job search, be sure to keep your Scam Radar set on high!
By Laurie Smith and courtesy of CareerHub.com. The Career Hub blog connects job seekers with experts in career counseling, resume writing, personal branding and recruiting.

New Job Postings

Advanced Search

Related Articles

No Related Posts.
View More Articles