BreachExchange mailing list archives
Your Greatest Asset Isn’t Your People — It’s the Data About Your People
From: Destry Winant <destry () riskbasedsecurity com>
Date: Sat, 10 Jun 2017 00:17:17 -0500
http://recruitingdaily.com/greatest-asset-isnt-people-data-people/ An industry “influencer” recently posted a “SCAM ALERT” (his emphasis, not mine) alerting other recruiters to an enterprise employer whose candidate experience was, apparently, being imperiled by what seems like a scam so simple and straightforward that one has to admire the pure efficiency of the social engineering at play. The company in question, a major multinational employer, was seeing its job postings scraped from its corporate careers site, reposted on third party sites, and candidates were encouraged to directly apply through this intermediary, which was, in fact, in no way affiliated with the company’s recruiting efforts. For years, this was basically Indeed’s entire business model, but apparently the morality line for most isn’t the basic theft of intellectual property through aggregation and deduplication – and the effective hijacking of their employment related SEO/SEM from the “world’s #1 job site” has become codified instead of vilified for reasons I don’t quite understand. The major difference was that Indeed was built to drive these candidates to the employers and jobs they were looking for in the hope of monetizing the multi-billion dollar market for online job advertising – 85 percent of which, according to Mary Meeker’s annual Internet Trends report, comes from Google and Facebook, both of whose recruiting plays probably means Indeed’s claim to the top spot is now not only misleading, but inaccurate as well. This new “fraud,” as it were, collects those candidates and instead of passing them off to the company in question, poses as recruiters themselves, hoping to obtain information such as addresses, dates of birth, Social Security numbers and all the other information required to commit identity theft (by far the fastest growing crime in the world) – and making money off of the candidate through essentially phishing this information under the guise of representing legitimate employment opportunities. Why hackers may be doing your company a favor Most recruiters and HR practitioners will likely howl at this duplicity – and, judging from the comment string, most are shocked, shocked! that anyone would hoodwink a random online applicant by asking for information like their SSN, despite the fact that our applicant tracking systems have done this for years and actually made it seem completely innocuous and commonplace. Here’s the thing: These hackers are probably doing your company a favor by screening out those candidates who would be susceptible to these schemes before they’re employees, and before they have access to your enterprise systems and you assume liability as an employee. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Your Greatest Asset Isn’t Your People — It’s the Data About Your People Destry Winant (Jun 15)