As if searching for the perfect IT job is not challenging enough, IT professionals recently faced yet another obstacle that threatened not just their employment prospects but the security of their personal data.
With the help of a Trojan called, Infostealer.Monstres, hackers were able to scour the online resume database of job search giant Monster.com and get hold of some 1.6 million entries with personal records, according to a blog posting by Amado Hidalgo, a member of Symantec Corp.’s Security Response Team.
Monster.com has since identified and shut down the source of the malware, a Monster.com statement said. Posting resumes online has become common practice among IT professionals, but the job search site breach had caused many to evaluate the risks involved with online resume posting.
Many people put personal information on their resume, such as date and place of birth, social security and health card number, and these are potential “treasure finds” for identity thieves, said Tom Keenan, a University of Calgary professor and IT security spokesperson for the Canadian Information Processing Society (CIPS).
“A while ago…it made a lot of sense to post your resume online and people are getting jobs,” Keenan said. “Now, the reality is it’s probably a stupid thing to do because you’re more likely to be the victim of identity theft than to be hired by somebody.” Experts offered a few simple tips to keep your online job searching safe.
? Delete any personally identifiable data on your resume, such as your date and place of birth, health card number, social insurance number, driver’s license data and anything personal you wouldn’t want strangers to see, said Sandra Lavoy, regional vice-president at recruitment firm Robert Half International in Ottawa. Despite the risks, posting online resumes is still your best bet at getting a job, Lavoy said, but always be cautious of what you write in your online profile.
? Beware of e-mails claiming to have a job for you. If it looks too good to be true, chances are it is. “You don’t want to be so excited at the possibility of getting a job that you ignore the possibility that you’re being scammed,” said Keenan. A legitimate e-mail would typically have the full name, company name and contact information of the recruiter, said Lavoy.
? Avoid giving specific names of companies you worked for, as it will only give ID thieves more ammunition, Keenan said.
? Check your bank statements for any suspicious transactions if you feel your resume is among those looted from the Monster.com site. “All the standard stuff about identity theft apply here,” Keenan said.