The Great Resignation: Faux Recruiters Social Engineering the **** Out of Applicants
by lg0p89
We certainly live in "fun times." We have the recession, looking towards stagnation, the variance between InfoSec demand and qualified staff supplies growing and growing, and gas over $5 a gallon on the west coast. One germane and interesting aspect for our time has been termed "The Great Resignation." With demand so high, our trusted associates can leave their job and find another one at the same level within a few weeks at the same or much higher pay. While this has been helpful for us filling our 401(k) and investment accounts, there has been a dark side. This increase in demand has brought the recruiters to the table looking to place people in new positions for a fee. There are also persons who would use this to gain your personal data and leverage this to help themselves at your expense.
Anyone can set themselves up online as a professional recruiter with a website, phone lines, and email addresses. Setting up a fake job board is also not a complicated venture. If they don't want to create a catchy new name, they could also use job board names that are no longer in existence. They are able to social engineer data from people hoping to find a better position or lifestyle with appropriate hours and staffing levels.
One method is during the application process involves asking for your data. They may require your data points as part of your application. One of these I've found annoying is the last four of your Social Security Number (SSN). This is "required" so they can track your application. There are other, less invasive ways to track your application, other than your SSN. In particular, <sarcasm> I don't know </sarcasm>, your name! Think about this. The last time you called your bank or credit card, other than your name, what did they ask for? Was it the last four of your SSN and your home address?
Do you use LinkedIn? I thought so. They can build trust with you and try to pull other private data from you. Recruiters use this also. They can create a fake profile as the lead recruiter for Acme Corp. (for those of a certain vintage who know about Acme).
Not all recruiters are malicious/evil/blood-suckers. There are those though that will leverage your need for their uses. The takeaway is simple. If you don't think they really need a particular set of data, they probably don't.
Be cautious.