How to Protect Yourself from Identity Theft During a Job Search

Developing a robust online presence that showcases your technical prowess, project expertise and thought leadership is no longer optional for tech pros hunting for a new job. Today, some 91 percent of employers use social media to find candidates, and nearly 80 percent of recruiters check candidates out online before they make contact.

However, posting professional and personal information on the web can expose even security-savvy tech pros to identity theft, scams and résumé fraud. Here are some ways to protect yourself from criminals and identity thieves during a job search.

Provide Limited Information

Jessica Dillard no longer includes a street address on the résumés she creates for candidates, just their city and state. To make it harder for an identity thief to “connect the dots,” the professional résumé writer (and co-founder of Dillard & Associates) sometimes uses only the first letter of a candidate’s last name.

She also recommends setting up an email address that is just for job hunting, as well as creating a separate list of user names, passwords, and PINs for filling out applications, taking online assessments, registering for coding challenges, and so on.

“Separating your personal, professional and job-hunting email accounts and information make criminals’ jobs more difficult,” she noted.

Christian Lees, information security expert and CISO at InfoArmor, recommends that tech pros go by a professional pseudonym on networking and code-sharing sites. Using a “handle” not only helps safeguard your identity; it’s also a good way to promote your brand.

You may want to consider adjusting your privacy settings to limit the information you share with recruiters on job boards and social networking sites. Just remember that you may get fewer inquiries if you make it harder to view comprehensive information about your background or qualifications.

Watch Out for Scams

Don’t be bashful about verifying the identity and credentials of recruiters and employers who reach out to you online or via email. Even if the posting seems legit, do your due diligence on the company, the hiring manager, and the position, warned Mark Pribish, VP & ID Theft Practice Leader for Merchants Information Solutions, Inc.

“Even though online job search platforms try to weed out fake employers and fake jobs, they still show up on legitimate job search platforms,” he noted.

Indeed, phishing scams are rampant, and the bad actors are very clever about getting naïve job hunters to apply for fake opportunities. In fact, the FBI’s Internet Crime Complaint Center has issued a PSA about the prevalence of phony job offers. To protect newbies from age-targeted scams, Dillard has started eliminating graduation dates or information that may give away a candidate’s age on résumés.

Many fake postings use the name of a real company, so as a reminder, don’t share your social security or driver’s license number, date of birth, mother’s maiden name, references – or consent to a background investigation, credit check or direct deposit – with any recruiter or employer until you’ve interviewed and received a written offer.

Also, don’t use open networks at coffee houses or other public places to fill out job applications, or apply through non-secure websites. Legitimate companies and recruiting agencies generally provide a secure site, and don’t ask for sensitive information right off the bat.

Remain Vigilant

Have you ever spotted a résumé or online profile that is exactly like yours? It’s probably not a coincidence; it’s résumé fraud.

Stop fraudsters from “lifting” your professional identity and work history by setting up a Google alert for some unique language or phrasing in your résumé, Dillard advised. You’ll be surprised at how often the exact same wording shows up on the Internet.

Monitor your credit report at all three of the major credit reporting agencies (Equifax, Experian and TransUnion) to make sure that nobody has stolen your identity and opened accounts during your job search. You can also use myE-Verify to see where your information has been accessed by employers (and prevent unauthorized use of your social security number).

25 Responses to “How to Protect Yourself from Identity Theft During a Job Search”

  1. I’ve had a couple of recruiters ask me for the last 4 digits of my social security number and month and day of my birthday. Saying they need a unique identifier to track submitting me for a job. Mitchell Martin is one such recruiting firm that asks for this information.

    • I have questioned this practice as well. In the past, the first 3 digits of the SSN were assigned by geographic area. Now, you give someone your last 4. They only have to guess the middle 2 numbers or 100 chances.

      Since 2011, the first 3 digits are randomly assigned. But, older individuals could still be at risk by nefarious individuals using public records to steal an identity as they use the older numbering systems.

      My best advice? Don’t give your SSN or last 4 to anyone who you don’t trust. And, remember, not all recruiters are in the US and, therefor, may not be subject to US law on data and privacy protection.


  2. wageSlave

    Defining the resume data mining problem as an identity theft problem hides the scope of the problem. All the data mining models add costs to the labor transaction that fall almost entirely on the job applicant. When a data minor uses data meant to find work for any other purposes, without permission, and using nefarious techniques like fake jobs, they are stealing. When applicants waste precious time filling out online forms for fake jobs the applicant is not filling out legitimate forms that will lead to employment and at times like a recession fake job listing can consume 100% of an applicant’s time. This is a major problem for our labor markets because it affects perceptions of self-worth and thus applies downward pressures on the pricing mechanism which needs to float freely to work. You know there is an equilibrium problem because the market is not allowed to float freely and that leads to shortage conditions at price points. The explosion of resume mills and data mining are directly related to the decades of stagnant wage growth adjusted for inflation that has occurred since their birth.

  3. 1) Never do business with Indian recruiters. They seem to think they speak perfect English, yet sound like they talk with marbles in their mouths. Garble, monotony and confusion is all I get from those people.

    2) NEVER give away any info that you would enter into a loan request. If anyone asks, report their ass to the BBB and FTC. It’s high time we stop allowing these sociopaths to walk all over us.

    Indian recruiters always pester me for address, DOB, and last 4 of social. They say that larger companies such as GE or Philips require this info for submission. I highly doubt this is true.

    I think a journalist should put these recruiters AND companies under the microscope. If a company like GE is driving this process then it needs to be made public and go viral. They need to be publicly shamed and humiliated for setting job seekers up for identity theft.

    • Mark,
      You raise some very valid points and a good call to action. Would you be OK with me sharing this information to say Michael Smerconish from CNN who is open to this sort of input, especially after the Facebook/Cambridge Analytica scandal?

      • Thanks Nick!

        Please let me clean up my post first. I’ve been dealing with this for a while now (five years or so) so I’m pretty hacked off about this.

        Your contact over at CNN might get more traction with less confrontational language. Ie you can attract more bees with honey rather than vinegar.

    • Is it a coincidence that most of the scammers that I get by phone are from India and most of the recruiters that contact me by email are Indians too? What frustrates me the most are the recruiters that contact me about an out-of-state job when my resume clearly states that I am only available for local positions. When they call me before 6:00 AM, I just hang up. The bottom line is that I don’t give them information that is not already on my resume.

      • AmyInNH

        re: out-of-state/local positions
        It is for purpose of saying they couldn’t hire an American therefore need to hire an H1. The most ludicrous contact I’ve gotten: position is across the country (Texas), a 2 month contract, pay your own relocate/housing. Yeah, right.

        • Steve

          Yup, those short-term out-of-state contracts are a joke. Most Americans are not going to relocate out-of-state for a job, especially for a short term contract, that is unless it is in a nice vacation destination place. Given the recent tightening of H1, will Indians still come to the U.S. for a short term contract, hoping that they can get a longer one afterwards?

    • Leslie Stevens-Huffman

      The site notes the following features once you register:
      “Case History” See past use of your social security number in E-Verify
      “Self Lock” Control the use of your social security number in E-Verify and self-check from within your my E-Verify account
      Hope this is what you were looking for,

  4. I’ve seen online applications require the last 4 digits of my social security number. I try circumvent that by putting in 9999. They also ask for my graduation dates from high school and college. Matrix Resources was one firm that asked for the last 4 digits of my SSN. They say it’s required for their tracking system. They don’t need to track us by our SSNs at all. Most systems create a unique identifier for an applicant. This is indicative of a lack of interest in protecting client information.

    I refuse to give out my SSN without a job offer on the table.

  5. I received a phone call about an “opportunity” at Nike in Oregon. The Headhunter, who found me on Dice, wanted to know when I could start. I told him no sooner than 30 days. He screamed at me, expecting that I would start the following Monday. I told him to calm down and asked him if he knew where I lived, based on my Dice profile. He affirmed that I lived in Florida. So I said that he should understand that it would be at least a 5 day drive. Again, he screamed at me saying I had to many questions and that it was almost midnight. I looked at my caller I’d and saw that it said the call was coming from Texas. I asked where he was cLling from and he said Mumbai.
    There are a few problems here. One is this offshoring model for recruiting. Recruiting firms must stop doing that. The other is technology, where offshore businesses can have local phone numbers. The phone providers have to stop offering that to offshore business in certain industries. In addition, just like the banking industry does, certain countries must be sanctioned and be legally prevented from providing recruiting services. This is how money laundering is dealt with and identify theft is the new money laundering.
    Call me xenophobic, but this is the truth. Many Indian based companies recruit with unsolicited emails to candidates saying that their company is a “world class” provider of IT Solutions in the United States where the job description is similar to what you’ve seen before. They use all the correct words and terms in their email “minority owned business”, “women owned business” and my all time favorite is a United States Postal Address in the signature block of their email. Most candidates won’t even verify the validity of that postal address or that there is a business at that address.
    The solution to the problem is quite simple. Federal legislation must be created so that all major employers whose VMOs outsource their recruiting practices MUST publicly disclose the corporate name, corporate address and corporate phone number of their preferred vendors on their websites. Often times, these scammers will identify who the hiring company is when you ask them. Then you can verify and be safe.

    • You are not being xenophobic. Your point is well taken on “Federal legislation must be created so that all major employers whose VMOs outsource their recruiting practices MUST publicly disclose the corporate name, corporate address and corporate phone number of their preferred vendors on their websites.”

      This should also be in the recruiters signature as you noted your “all time favorite is a United States Postal Address in the signature block of their email.”

      I have often been suspicious of this…

      • I often get 10 or more different Indian recruiters calling me about the exact same contract in a given day. Sometimes they are from the same firm like infojini or net2source.

        I also get calls about positions in other parts of the country and of course no one will pay travel or living expenses. No I don’t want to go to Burlington Vermont or Janesville Wisconsin!

        • “I often get 10 or more different Indian recruiters calling me about the exact same contract in a given day.”

          “I also get calls about positions in other parts of the country”

          Exact same thing here from the Indian recruiters. I am coming very close to concluding that posting my resume on the standard Internet job boards is a huge waste of my time given the volume of worthless emails from these Indian recruiters. The before 6 AM phone calls from them are even worse!

  6. I don’t think you’re being Xenophobic at all. They have a vastly different culture. I often receive solicitations for contract assignments clear across the continent. I would never uproot for a temp gig whereas they will.

    Xenophobic would be to imply they’d have no compunction about hobo-ing around because they live in shanty towns of tin shacks (which far too many do).

  7. Very few people get my ss, including doctors. I tell them my insurance has it, if they insist I will give a drivers license number instead. A big company in USA wanted to use my last 4 digits as an identifier. I explained the security risk and asked for a different number. After some talk, they gave me a new one. You have to be insistent, don’t cave. Its easier than you think if you are polite about it.

  8. Recently a recruiter from TEKSystems asked for last 4 digits of SSN, Legal Name and Month and Date of the Birthdate for application submission to JP Morgan Chase. When I raised concern, I was told that they have to submit application through JP Morgan Chase HR system which requires this information and they do not have any control over it.

    Such sensitive information should not be required in the very early stage of job application process.

  9. Jan Jenkins

    Most recruiters shopping for banks and financials will tell you they need SSN# or last 4, DOB, etc. Make something up. You can always say they mixed it up or something but never give it out. Banks know not to use SSNs anymore since way back before 9/11 so this is crap. I receiver lots of emails saying “they found my resume posted on such-n-such website so they contacted me. Well hey! My resume is not posted anywhere nor have I given permission to post it anywhere. SCAM SCAM SCAM And PLEASE, delete your social media accounts like FB and Linked in. They do more harm than good.

  10. AmyInNH

    Recruiter’s Linked In says 7 years with the recruiting company, while the Secretary of State’s web site says the company is 2 years old.
    Lots of fake credentials/claims out there.