It was inevitable: Scammers are stealing job seekers’ identities using over-the-top interview protocols established by employers to gather sensitive personal data. Have employers gone too far demanding too much of job applicants before they even need the information?
Great news! A well-known employer in your area sends you an e-mail saying it wants to interview you by phone — they found your resume online or your profile on LinkedIn. You answer the phone at the appointed time and have a job interview. Perhaps the interviewer makes an offer on the spot — your lucky day! He helps you complete the job application right there on the phone. What’s not to like?
Highmark, a BlueCross BlueShield healthcare company, warns on its website that the interview you think the company just conducted with you was a fraud — and someone stole your private information in the process:
Recently, Highmark has received several reports of possible fraudulent online activity in which an individual posing as a Highmark human resources representative contacts job seekers by e-mail or phone/text, conducts interviews and makes employment offers on behalf of the company. In most instances, those contacted have never applied for a position with Highmark. These false job offers are likely made in an attempt to gain access to your private information, such as your social security number.
While fake online job postings are common and used to get you to fill out forms with personal information that can be used to steal your identity, this fraud is bold. Someone posing as a well-known employer actually calls you up and interviews you — and by the time it’s over you’ve got a phony job offer and the scammers have your very real social security number and other private information.
How can this happen?
An alert job seeker might recognize a phony e-mail address behind the official-sounding name of the company and the recruiter. But some won’t. Job seekers are understandably excited to get an e-mail asking for an interview and will quickly follow the “script” we’re all accustomed to — an e-mail expressing interest, a phone interview with a recruiter, and an intimidating demand for highly detailed “job application” information that includes private personal data that no employer really needs — but demands anyway.
Of course, not all victims will believe they just got a job offer on the phone without an in-person interview — but some will. And even if the “recruiter” doesn’t make an offer on the phone, he makes it awfully easy to “complete the application” on the phone while he does all the writing for you. He’ll even write down your social security number and your home address and phone number. What’s not to like?
How employers help scammers steal your SS#
Employers have programmed job seekers to quickly disclose private, confidential information — when there’s no real benefit to doing so, but lots of risk. Long before the employer decides you’re even a serious contender for a job, it demands your home address, your social security number, names and contact information of your references and permission to contact them, your salary history (which you should never disclose) and loads of other information that’s none of their business at this juncture and which they don’t even need. (When you fork over your references, you’re putting them at risk, too — probably not a good idea if you want good references!)
Why do HR departments routinely demand all this information? Simply because they can. You’ve been trained to deliver “the required information” just to apply — while the employer hasn’t even checked your qualifications or indicated the slightest interest in talking with you much less hiring you. (See Does HR Go Too Far When Screening Candidates? — especially comments by HR manager Earl Rice. As you’ll note from the 2003 date on this article, this is not a new employer protocol.)
That’s why you become an easy target for scammers. Scammers exploit the intimidating “script” employers have taught you to follow. That’s how unreasonable, over-the-top job application requirements put you at risk. But it’s even worse.
Where’s your data?
Even a real, live employer that collects your private information puts you at risk. Many employers use third-party applicant tracking systems (ATSes) to log your application information and personal data. It all goes into “the cloud” — and good luck protecting it. When you complete that application, you’re usually asked to sign a waiver that gives the employer and its “agents” (translation: any third parties it deals with but that you don’t know about) permission to do with your data as they please.
You have no idea where your data goes, who has access to it, or how well (if at all) it is secured. Personal job application data is stored in unregulated, central repositories that even employers have no control over. Who controls these enormous databases? Companies like Oracle Taleo, Bullhorn, HRIS, IBM’s Kenexa, iCIMS, JobVite, HireBridge, JobScore, and ADP VirtualEdge among others. (For more about the applicant tracking system racket, see Employment In America: WTF is going on?)
Of course, to apply for a job you must provide basic information. But it’s up to you to be judicious about what you share and at what point in the recruiting process. Do they really need your social security number — when they haven’t even met you or given you any clear indication that they’re going to make a job offer? Most people today have already been brainwashed by the employment system to hand over anything and everything an employer says it “needs” to “process you.”
BAM! It’s that misconception that turns you into a sucker when a phony recruiter calls you and asks for all your data.
It’s time for employers to behave
It’s time for employers to stop demanding information they don’t need to recruit you. Today, HR departments ask for the kitchen sink simply because they have a database for kitchen sinks. “We’ll just get all the person’s data up front, so we don’t have to do it later.” More cynically, “We’ll get all their data before we even decide they’re viable candidates because then we can use a keyword scan to quickly reject people we haven’t even talked to yet.” (Less politely: Presumptuous Employers: Is this HR, or Proctology?)
When employers put some of their own skin in the game, then they can ask applicants to do the same. For example, what’s the salary range on the job? How much did you pay the last guy in that job and the one before that? What’s your Employer Identification Number? May I see some references from your customers, vendors and former employees? How about your credit rating? You’re privately held? I still need that information — I’m privately held, too. Are some of those questions over the top? Hmmm…
It’s also time for job seekers to stop being suckers. You are always free to politely but firmly decline to disclose any information you think is too private to share — until you think it’s warranted to process your job offer. Don’t be a sucker for either a legitimate employer who asks for too much — or for a scammer. See Fearless Job Hunting, Book 8: Play Hardball With Employers for tips about how to stay in control when you’re talking with an employer.
(For more on this story, see the Pittsburgh Post-Gazette, which interviewed me about the scam: Insurer says swindler posing as Highmark job recruiter.)
Where do you draw the line when disclosing private information to apply for a job? Do employers ask for too much, too soon? How do you apply for jobs while protecting your private information?