Attorney Steven Fahlgren hoped to receive a flood of qualified applications when he posted a job opening on Monster.com for paralegal help at his Hilliard, Fla., law firm.
However, he wasn't expecting a school of "phish" to swim in on the deluge. Phish are those piranhalike e-mail probes that prey on the feckless.
"Shortly after I signed up, I got a bunch of e-mails purportedly from Monster.com, but I quickly determined that they weren't," Fahlgren says. "They weren't the typical sort of phishing e-mails; they had something that identified my (Monster) account."
Fahlgren was convinced that his information had been compromised. And he was right.
In January, Monster.com notified users that its database was breached and that account information -- including names, phone numbers, e-mail addresses, user names and passwords -- had been compromised.
Fahlgren's misfortune is just one example of a nefarious trend. Increasingly, identity thieves are targeting today's growing number of job seekers -- and the employers looking to hire them.
“People who have posted a resume anyplace online are now being targeted by the thieves.”
As banks, credit card companies and other financial institutions beef up security, data thieves naturally gravitate toward less-secure data sources such as job-search sites.
Good Defensive Financial Moves From Bankrate.com:
- How to Protect Your Identity
- Protecting Your Children's 529 Plans
- Money Moves for Tough Times
"To the extent that you were a skilled identity thief, you would look at the most low-cost, fertile areas," says Claudia Bourne Farrell, acting public affairs director for the Federal Trade Commission. "Online job posting companies would undoubtedly draw identity thieves."
Preying on the unemployed
Fortunately for Fahlgren, Monster.com generally does not collect -- and hence, could not lose -- resumes, which might have contained more sensitive information such as birth dates or even Social Security numbers.
Still, the tech-savvy Fahlgren says he was surprised by the sophistication of the phish.
"It's an example of how someone relatively sophisticated, who does try to secure his data, can still receive something that almost looks good enough to click on or use," he says. "I don't think it should put anybody off (Monster.com). I think technology is 99 percent good and 1 percent bad. You don't throw the baby out with the bath water. You just have to be careful."
Although the FTC does not specifically track identity theft specific to job seekers, the British-based Association for Payment Clearing Services found that the 873 bogus job postings in the U.K. for the first half of 2008 represented a 345 percent increase in fake ads compared with three years earlier.
Jay Foley, executive director of the San Diego-based nonprofit Identity Theft Resource Center, not only fields consumer complaints but also sets up and monitors his own job posting accounts to study the disturbing trend.
"For the last three months of 2008, I saw an increase of about 20 percent of spam or spam e-mails offering employment," Foley says. "People who have posted a resume anyplace online are now being targeted by the thieves."
Job seekers are a particularly vulnerable group, Foley says.
A name and email address are all that is needed...read more