Fraudsters are hacking into corporate job sites, e-mailing as a potential employer, and creating fake job sites to collect personal data
Never mind landing the job. Now people on the lookout for employment have another cause for worry: identity theft. As the joblessness rate soars, scammers are ginning up fake Web sites or posing as recruiters to trick job seekers into giving up sensitive personal information.
Corneilus Allison became a potential target after he applied for a position at Aetna (AET) in January, court documents show. In hopes of securing a position at the insurer, he entered required personal information into Aetna's job Web site. In May he received a response—but it wasn't an offer of employment. Aetna instead told him that his personal information, including his Social Security number, might have been compromised. Hackers had found their way into Aetna's job application site, managed by an outside vendor, nabbed e-mail addresses of job seekers, and sent correspondence as if from Aetna asking for additional personal information.
A lot of people, many of them unemployed and eager to divulge information they believe will land them a job, are the target of similar scams. "The job-seeker market has slowly but surely been invaded by scammers," says Jay Foley, executive director of the Identity Theft Resource Center.
Cybercriminals have for years built fake sites purporting to be PayPal (EBAY) or other financial-services firms to dupe Web surfers into giving up data that can in turn be used to defraud. Scammers now appear to be using false job-listing sites more frequently, security experts say. In the U.K., the number of fake job ads rose more than fourfold over the last three years, according to a report released in September by APACS, a U.K. trade association for payments.
Aetna's Breach Sparks a Class Action
In some cases, scam artists sell data on legitimate job seekers to people who lack credentials—say, illegal residents—who need the data to land jobs. Of the roughly 313,000 cases of consumers registering complaints of identity theft to the U.S. Federal Trade Commission in 2008, about 15% said thieves had perpetrated employment-related fraud with their stolen identities, according to a February 2009 report by the commission. That's up from 14% of 259,266 identity-theft complaints in 2007.
After Aetna discovered the breach in early May, the company contacted 65,000 job applicants whose e-mails were swiped and offered free credit counseling. About a month later, Allison sued in a class action, accusing Aetna of negligence, breach of implied contract, and invasion of privacy. "Aetna did the right thing by proactively notifying people about this incident and offering free credit monitoring," Aetna spokeswoman Cynthia Michener writes in an e-mailed statement. "It's unfortunate that we're being sued for acting with integrity and honesty." Aetna asked the court to dismiss the lawsuit, calling it meritless. Allison's legal counsel didn't respond to a request for comment. Contact information for Allison couldn't immediately be obtained.
In another popular scam, perpetrators pose as recruiters ready to extend an offer who request Social Security numbers or other personal information to do background checks. "We've even heard cases of fraudsters posing as potential employers, asking for bank account numbers," says Jeremy Miller, director of operations at Kroll's Fraud Solutions Practice. "They're using the fact that a person is looking for a job and has that need, and counting on the fact that they'll do anything to get that job."
A Spike in Craigslist Fraud
It's unclear how many identities are stolen through the job-application process, but ID theft in general is growing. The number of identity-fraud victims reached 9.9 million in 2008, a jump of 22% over 2007, according to the 2009 Identity Fraud Survey Report released in February by consulting firm Javelin Strategy & Research. Economic misfortune may be a contributor to the increase, since higher rates of fraud have historically occurred when the economy worsens, the report says.
On June 11, Colorado Attorney General John Suthers warned consumers of a spike in reported cases of fraudulent job listings on Craigslist and other popular job-search Web sites. In one posting, a foreign company seeks a U.S. resident to handle transactions. The employee would process payments through a U.S. bank and then wire money to his or her new employer. The payment checks are fake, but the victim wouldn't discover that until after wiring money abroad—and being left holding the bag.
Experts recommend that job seekers take care with personal information, particularly Social Security numbers, and not put it on résumés. Foley recommends using particular caution if a recruiter contacts a job seeker out of the blue, when they didn't apply for a position, and asks for sensitive information. It's a good idea to ask to call the recruiter back and then verify independently that he or she is indeed a representative of that company. Foley also says criminals have tried to harvest personal information from résumés on career sites. Some experts say it's best to send résumés directly to corporate sites.
"Job seekers are…faxing and e-mailing and posting on sites where criminals are trying to attack," says William Morrow, chairman and CEO of CSIdentity, a company that offers identity-protection services. "Once you get a few pieces of someone's identity, it's helpful in getting the rest."