december 2021

Security eMagazines
Facial expression, Formal wear, Dress shirt, Happy, Eyebrow, Forehead, Chin, Collar, Smile, Cheek

Career Intelligence

By Jerry J. Brennan and Joanne Pollock, Contributing Writers

Forehead, Nose, Smile, Cheek, Skin, Lip, Chin, Eyebrow, Hairstyle, Mouth

Is That Security Job Listing Real?

Searching for a new job is a frustrating and time-consuming endeavor in the best of circumstances. You can find yourself spending untold hours searching online job boards belonging to aggregators, companies and recruitment firms. Electronic application forms, countless emails and phone calls round out the experience.

One of the questions we most often hear from job seekers is asking whether a particular job posting is real. Depending on where they saw the listing posted, that answer can be complicated.

Companies often have minimum posting requirements even if they have already identified a candidate. The job gets published with the intention of allowing previously identified candidates to register with the organization’s online system and formally apply. This step facilitates the internal Human Resources management systems to process, document and generate offer letters and initiate background investigations.

Unfortunately, in an aggregator job board environment where information is constantly scraped, these pro forma listings appear as if they are new jobs. Postings are then continually scraped and re-scraped, meaning that the listing the company intended to run for three days can continue to live online for months, even though it has been removed from the company’s career portal.

This is one reason we encourage job seekers to go to an employer’s website and not rely on the various third-party job boards or newsletters. While not perfect, it is a better way to validate whether a job is currently open. Legitimate companies do not post positions that have not been approved or funded. Their listings generally reflect active external search efforts.

Product, Font

One of the questions we most often hear from job seekers is asking whether a particular job posting is real. Depending on where they saw the listing posted, that answer can be complicated.

The secondary reason to validate that a job is real is to prevent your personal data from being captured under false pretenses. It can be tempting to apply for a great-sounding job even though you can’t validate it. However, that may result in your information being collected and used by someone other than you intended.

There is a growing pattern of unethical and potentially illegal efforts by criminal enterprises, intelligence operations, recruiting companies and a wide range of businesses seeking to exploit and collect personal information and backgrounds for nefarious purposes. These job ads tend to be completely fake.

The objective for these schemes is always the same: collect information and leverage it. Often the scammers will ask not only for your resume and personal details, but also copies of government-issued IDs and banking details.

Another scheme is to engage in social engineering, which can be used to mount a penetration of your computer system. This can also be done by sending malicious code imbedded in innocuous documents.

Then there are marketing companies who want to gather targeted contact details to facilitate their own products, services and conferences. The leveraging or resale of your personal data for reasons other than how you intended is at minimum unethical and often illegal.

One of the most troubling recent patterns is the practice of firms on the fringe of the recruitment industry that publish a company’s security job listing although they are not under contract to fill the job. The advertisement falsely promotes the idea that they contracted to find someone to fill the position. In reality, they have posted it without the hiring company’s knowledge or authority.

We became aware of an incident where one recruiter posted a company’s job, collected resumes/CVs and then sent them to the hiring manager with a blank contract soliciting a business relationship. Candidate data was then shared with third-party organizations in several different revenue schemes intended to profit from the candidates' personal information. Candidates who called in response to other job ads they saw on this site were told, “We don’t actually have that job; we just put it up there so people like you would send us their CVs and personal details.”

There are robust privacy laws in place globally that aim to protect job seekers from a scenario such as this. When your personal data is falsely collected, the company is operating illegally and violating a number of international privacy statutes. If you feel you have been victimized in this manner, you can file online complaints through a global privacy organization.

This challenge is just the tip of the iceberg, and it is growing. Candidates need to be alert and cautious. If you have concerns about whether a job opening is real, do your due diligence. Research the company and be sure that the person with whom you are dealing is a true representative of the organization. Ensure that any third-party recruiter is under contract to recruit for the company. And lastly, if anyone either asks you for money or offers it, run.

About the Columnists
Jerry J. Brennan is Co-Founder and Chief Executive of the Security Management Resources Group of Companies (www.smrgroup.com), the leading global executive search practice focused exclusively on corporate and information security positions. Columnist image courtesy of Brennan

Joanne R. Pollock is Co-Founder and President of the SMR Group. Previous to SMR, she had a 20-year career at leading global corporations, working across diverse functional areas including human resources, sales and marketing, and information technology services. Columnist image courtesy of Pollock

Logo, Font, Text

december 2021 | securitymagazine.com