[BreachExchange] Your Greatest Asset Isn’t Your People — It’s the Data About Your People

Destry Winant destry at riskbasedsecurity.com
Sat Jun 10 01:17:17 EDT 2017


http://recruitingdaily.com/greatest-asset-isnt-people-data-people/

An industry “influencer” recently posted a “SCAM ALERT” (his emphasis,
not mine) alerting other recruiters to an enterprise employer whose
candidate experience was, apparently, being imperiled by what seems
like a scam so simple and straightforward that one has to admire the
pure efficiency of the social engineering at play.

The company in question, a major multinational employer, was seeing
its job postings scraped from its corporate careers site, reposted on
third party sites, and candidates were encouraged to directly apply
through this intermediary, which was, in fact, in no way affiliated
with the company’s recruiting efforts.

For years, this was basically Indeed’s entire business model, but
apparently the morality line for most isn’t the basic theft of
intellectual property through aggregation and deduplication – and the
effective hijacking of their employment related SEO/SEM from the
“world’s #1 job site” has become codified instead of vilified for
reasons I don’t quite understand.

The major difference was that Indeed was built to drive these
candidates to the employers and jobs they were looking for in the hope
of monetizing the multi-billion dollar market for online job
advertising – 85 percent of which, according to Mary Meeker’s annual
Internet Trends report, comes from Google and Facebook, both of whose
recruiting plays probably means Indeed’s claim to the top spot is now
not only misleading, but inaccurate as well.

This new “fraud,” as it were, collects those candidates and instead of
passing them off to the company in question, poses as recruiters
themselves, hoping to obtain information such as addresses, dates of
birth, Social Security numbers and all the other information required
to commit identity theft (by far the fastest growing crime in the
world) – and making money off of the candidate through essentially
phishing this information under the guise of representing legitimate
employment opportunities.

Why hackers may be doing your company a favor

Most recruiters and HR practitioners will likely howl at this
duplicity – and, judging from the comment string, most are shocked,
shocked! that anyone would hoodwink a random online applicant by
asking for information like their SSN, despite the fact that our
applicant tracking systems have done this for years and actually made
it seem completely innocuous and commonplace.

Here’s the thing: These hackers are probably doing your company a
favor by screening out those candidates who would be susceptible to
these schemes before they’re employees, and before they have access to
your enterprise systems and you assume liability as an employee.


More information about the BreachExchange mailing list