Applying Online Used to be Simple, What Happened?
The job application process has changed forms quite a bit over time. Depending on how long its been since the last time you actively searched for a new job, you may only believe the history of the job search has evolved from in person application, to online application, and that’s where things have been since then. This is correct however there’s a bit more to unpack in the online history and progression of job applications.
Initially, once the ability to apply for a job online became possible, each individual company would have an application process directly through their website. This is still the case, however there are layers to this process that make it more manageable. After all, there are countless companies out there and not all companies are globally recognizeable brands such as Walmart, so this creates a visibility issue for most companies. As a job seeker, how do I know a job exists if I’ve never heard of the company and am not spending time on their “careers” page. This is an oversimplification but ultimately this is the use case for online job boards such as Monster, Indeed, and LinkedIn.
In the earlier days of online job boards, the market was a bit more competitive and there was not really a clear “best” option. The job board with the most advertisement dollars attributed to it would attract the most people because of the heightened awareness. However, over time as users began to realize that the job postings on all sites were mostly similar, users began to seek platforms with the best user experience which is what led to the dominance of LinkedIn.
LinkedIn provided more than a job board, it added a social networking aspect to the job search that encouraged professionals not actively searching for jobs to engage with the platform. This, along with the user friendly mobile app separated LinkedIn from the competition because it provided the ability to search and apply to jobs, build connections between professionals, and maintain contact with professionals you meet in person. The last point is important because many professionals may maintain a LinkedIn account just to allow them to keep up with in person connections without sharing personal details like phone numbers.
Over time, LinkedIn would continue to enhance the networking aspect of the platform while also enhancing the flow of the modern job search. This meant that recruiters or hiring managers from jobs could see your resume after you apply through LinkedIn and reach out in an instant chat directly to you via LinkedIn. Having this ability changed the job search forever and made the search much safer initially, however as time has progressed, new risks and some old risks are appearing in the job search.
What are the Security Risks of the Modern Job Search?
There are too many to count honestly, however we’ll focus on some of the larger ones.
Old Habits Die Hard
In the past before LinkedIn reached the level of mass acceptance that it has today, commonly resumes would include much more personal information such as email addresses, phone numbers, and even addresses in some cases. This may sound silly today because we are usually directly sending our email to a person who is already in contact with us or attaching it to an application, however in the past this would be one of the only ways that an interested company could contact you after reviewing your resume. Of course, in today’s times, having a persons full name, address, phone number, and email can prove to be pretty advantageous if you are a malicious actor. If you happen to have any of these old resumes attached to your accounts on any job boards that you currently or previously use, be sure to delete or remove those files as job boards are a highly sought after target for hackers.
Something Doesn’t Sound Right
The average person today is aware of email phishing and are less likely to fall for a random email offering a large salary for a position that they’ve never heard of. However, 5 years ago this was more of a normal occurrence that could be possible. Legitimate jobs could email and say that they found your profile on Indeed or Monster and this was an accepted reality that made it easy for hackers to claim the same. Usually, there would be an immediate ask for social security numbers or bank account information that would alert you of fradulence. In modern days this has been updated to be a lot more clever and believable. Since most professional engagements take place on LinkedIn, these malicious actors will create profiles and load them up with experience (usually with unrecognizeable companies) and begin sending out chat messages. In today’s era they know not to immediately ask for personal details, so they may even schedule conversations or interviews to further legitimize the process. This is a more sophisticated attack that takes advantage of the current job market and how desparate many Americans currently are for consistent and in many cases remote work. To avoid falling for these attacks you can do research on each company in the person’s experience to ensure they are legitimate and as always, do research on the company that is offering you the position or interview. Usually it is pretty easy to spot a company that may not be legit, in my experience the websites will be incomplete with spelling errors and out of date. Additionally, checking google maps to see if the company has a location or reviews is also reliable. Lastly, search LinkedIn and click through a few more employees at the companies and do some research on whether these accounts operate legitimately or not.
How’d You Get My Work Email?
Within your work email, you may receive emails from people and companies that you have never heard of. Some of these emails are legitimate attempts to sale products and others are phishing attempts or spam. You may just assume that these emails are sent out to a bunch of random emails by guessing the addresses and due to pure luck it lands in your inbox. In the future, consider the fact that LinkedIn shows your full name and current company, if the person reaching out happens to know the typical email conventions used at your company, they can easily make a couple of guesses at what your email is. They know they’ve hit the jackpot and made it to your inbox if they don’t receive an “undeliverable” email response.
You Seem To Know Too Much About Me
The last risk we’ll discuss today is how LinkedIn can be used to connect and collect information on a person. LinkedIn stores phone numbers and emails of users, while this information is intended to only be accessed by recruiters, there are ways to exploit this. While this doesn’t mean you should remove that data from the platform, it is important to be aware of the potential risks of this. Keep in mind, LinkedIn allows the average person to see your full name, photo, current and previous job history, education history, city/state, and potential connections. Without access to phone numbers and emails this is already plenty of information to learn a lot about a person, you can even connect the dots and find other social media accounts if you work hard enough. While LinkedIn is professionally advantageous, it does open us up to a lot of risks and privacy concerns. Having awareness of these things can allow you to better protect yourself and potentially lessen the amount of identifiable information that you share online.
Should I Continue Using LinkedIn?
As mentioned, I believe LinkedIn is ultimately the most professionally advantageous platform that exists today. The more you understand how LinkedIn can be utilized by malicious actors, the better chance you have in identifying the attacks and the source that provides the information to the hacker.
The more you know, the better off you are.