Personal Information Security
(September 4, 2007)
Quietly, a number of folks have noted that you can accomplish everything
that happened in the Monster
Security Mess with a copy of
InfoGist.
InfoGist is a pretty standard resume search automation tool. It goes and
collects resumes on your behalf and then manages them. Managing resumes
includes tracking, emailing, deep review and so on.
You can download and manage resumes from a
huge
array of paid and free sources.
Platinum Recruiter integrates with desktop, enterprise and web
applications. Do you need to contact your prospective candidates
via email? With Platinum Recruiter, you can create email message
templates and send batch emails to all candidates that meet your
criteria in just a few mouse clicks. Already have a batch email
solution? You can import and export your contact email addresses
between Platinum Recruiter and other mailing systems. (From
the Website)
Really, there's
no
shortage of tools that give the same functionality. In the Sates,
where personal data is not particularly well regulated, resumes are
commodities. Since there is no penalty associated with using the
personal information in them, resume databases are accessed by all sorts
of commercial and political interests.
In the Monster Security Mess, what
appears to have happened is as follows:
- Somehow, unauthorized users got a
hold of legitimate Monster login(s) and password(s)
- They used the password(s) and
login(s) to perform normal system functions by downloading resumes.
- Those resumes were used to create
(varieties of) email for phishing
Not only isn't it complex, it looks a lot
like how the very low end of the job board business proposition works.
The unauthorized use of passwords and logins is a factor in every resume
based job board's business model. The only way to eliminate the risk of
unauthorized access with legitimate credentials would be to get out of
the resume business entirely.
In
computing, phishing is a
criminal activity using
social engineering techniques.[1]
Phishers attempt to
fraudulently acquire sensitive information, such as usernames,
passwords and
credit card details, by masquerading as a trustworthy entity in
an electronic communication. (Wikipedia)
Sadly, fraudulently acquiring sensitive
personal information is also a part of the low end game in our industry.
Things could (and should) change. These
days, my banks look closely at the exact computer I'm using to log on.
Digital Resolve helps security departments track and manage
anomalies in signons. If resumes were tracked like they are in
other places in the world, security would be enhanced.
The weird thing here is that this is news
at all. While there is a meaningful problem in personal information
security, it's a daily thing. The practices of each of the now 50,000
job boards simply can't be managed to avoid the distribution of their
data to unseemly customers (or criminals for that matter). There are
few, if any, job boards who currently claim to have adequate security
measures to interrupt a high volume user. They only have service
agreements to stop illicit use of data garnered from their services.
In the long haul, the question will
devolve back to the users. For many, it is worth being phished to get a
resume into circulation. Others will work to maintain their anonymity.
.Send To a Friend
-
Email John Sumser.
- .Permalink. - .Today's
Bugler