Those who responded to a job listing for a marketing manager position were asked to fill out this form. The data was actually stolen by an ID thief.
By Bob Sullivan Technology correspondent
msnbc.com

It was just the job lead Jim needed: a marketing manager position with Arthur Gallagher, a leading international insurance broker. And only days after Jim responded to the job posting on Monster.com, a human resources director sent along a promising e-mail. We’re interested in you, the note said. The salary is negotiable, the clients big. In fact, the clients are so valuable and sensitive that you’ll have to submit to a background check as part of the interview process. Eager for work, Jim complied — and sent off just about every key to his digital identity, including his age, height, weight, Social Security number, bank account numbers, even his mother’s maiden name.

It was all just an elaborate identity theft scam designed to prey on the most vulnerable potential victims — the increasing ranks of the unemployed.

Job seekers don’t have a lot of leverage when they are asked to jump through hoops by prospective employers — not now, anyway, with unemployment continuing to rise at a menacingly slow, steady rate. October saw the highest rate of job cuts since January, and the national unemployment rate now sits at 5.7 percent.

Online job classifieds seem the like the perfect antidote for those in the job market, like Jim, who began his search in August after he learned his company is involved in a big-ticket merger, with layoffs likely.

So Jim didn’t really consider rejecting a request for a background check from William T. Levinski, who identified himself as Arthur Gallagher’s human resource director. After all, Arthur Gallagher is a billion-dollar-a-year insurance firm with locations in eight countries.

“I’m sure they have a lot of sensitive client information, so it made sense,” he said. Plus, it was a great opportunity. Jim, who requested his identity be withheld for this story, filled out the extensive background check form.

Sinister scam
The scam is thorough, and sinister. The form Jim showed MSNBC.com even asked applicants to supply a four-digit number that would act as a password, promising access to a special Web site full of potential company projects. The request sounds innocent enough, but it’s clearly designed to take advantage of the fact that most people use the same passwords for all their personal accounts, so any 4-digit number supplied by an applicant would likely double as the PIN attached to their debit card.

Jim is no fool: He was a lieutenant in the U.S. Navy, and has nearly 20 years of management experience. But it all happened so fast. He responded to the Monster.com job listing the weekend of Oct. 12. By Monday, he’d received the alleged response from Arthur Gallagher. Levinski’s note suggested urgency, music to any job-seeker’s ears.

“The position will start in 3 weeks,” the letter read, so please start the background check process immediately. “They usually take a few days to get them done, so if you could get it done by Wednesday I would appreciate it.”

Naturally, Jim submitted the form almost immediately. But by Wednesday, he hadn’t heard anything, so he called Levinski and left a message. The call was a bit unnerving; Levinski’s voice-mail message was bare-boned and impersonal: “Leave a message and I’ll call you back.”

A day later, the phone line had been disconnected and the job listing on Monster.com had been withdrawn. So Jim called Arthur Gallagher headquarters. No one with the name Levinski works here, he was told. Finally, a sympathetic human resources employee told Jim that the job posting was a fraud.

‘It's all out there now'
“I feel so stupid,” he said. “I spent the rest of the afternoon canceling all my credit cards and setting up fraud watches with the credit bureaus. ... I’m checking my account balances every day.

“But it’s all out there now. They’ve got everything, down to my height and weight. I’m just telling you about it so no one else falls for this.”

It’s not clear how many victims there are, but Jim is not the only one. An employee at Arthur Gallagher told Jim that the firm had gotten a number of calls from other victims who were also looking for Levinski. The company did not immediately respond to requests for comment.

And in a note to Jim, Monster.com said it was “currently working with the Federal Bureau of Investigation in several jurisdictions and several state law enforcement authorities which are investigating certain parties who have placed fraudulent job postings on the Monster Job Database.”

Company spokesman Kevin Mullins wouldn’t comment on the incident or the investigation, saying only that incidents of fraud are “very, very infrequent” on the site. He said the firm quickly removes suspicious job postings when it receives complaints from users.

“Protecting job seekers is a a top priority for us and we devote resources to that,” he said.

But Jim complained that he didn’t receive any warning from Monster.com when it removed the job listing.

“They withdrew the listing because they knew there was a problem, but they didn’t notify me,” he said. “When I talked to them, I said ‘I think you have a responsibility to do a little better checking on the people (who post jobs),’ but their response was that their terms of service say ‘We’re not responsible.’ ”

Don't give out SSN
On the “frequently asked questions” section of its Web site, Monster.com does warn users not to “give your Social Security number to any prospective employer even if they suggest that it is for a “routine background check.” The same section also advises users not to give out credit card numbers or bank account numbers. “Monster’s Terms of Use prohibit job postings which require job seekers to pay any funds prior to employment,” the note says. But the advice is listed on a page with nearly 50 other questions and answers, and Jim didn’t get the warning until it was too late.

This is not the first time that the privacy perils of online job-seeking have been exposed. Putting a resume online can expose critical personal data such as former employers, date of birth, even Social Security numbers. Experts recommend leaving personal information off a resume that’s posted online — even omitting detailed work history — to protect against identity thieves who use resume Web sites to mine data.

Monster.com is the 800-pound gorilla of the online classified business, claiming a database of 17 million resumes and a promising list of 800,000 jobs. But that means it’s also the subject of additional scrutiny. A year ago, the Privacy Foundation issued a report critical of Monster.com’s privacy practices. The report, written by Pam Dixon, indicated Monster.com had considered selling its vast reams of private data to marketers and stored resume information even after job seekers removed their listings. The company rejected both claims and vowed it would never sell customer data to marketers.

Spotting the scam
Like many online scams, bad spelling, grammar mistakes, and awkward sentence structures are often a tip that something is amiss. The note Jim received is fairly well crafted, but there are several sentences with missing words, and in some cases, the name “Arthur Gallagher” is misspelled. The scam artists also requested communication at a private e-mail address, rthurgalagherhrdir@safe-mail.net — outside of company e-mail. A real human resources employee would never do that. In retrospect, Jim realized that the area code for the fax number where he sent his background check information actually pointed to a Las Vegas location, contradicting the address atop the form, which suggested a Washington D.C. address. That should have raised red flags

Text of the scam letter:
Thank you for applying for the Marketing Manager position with Arthur Galagher. I just had a chance to review your resume and am going to send your application through for hiring. If you are not interested in the job please let me know no later than Wednesday so I can look at other candidates.The position will start in 3 weeks, and pay is negotiable so you will need to start thinking about your salary requirements so we can discuss them later this week. I would like to give you a call, what’s the best time to reach you and at what number? You can email me at my personal account, which is arthurgalagherhrdir@safe-mail.net. My office line is 1-310-388-5791.The position will require a background check because of the nature of the high level of security that we have with several of our clients. I am attaching the form in this email. Just open it up, fill it out, and fax it back to 1-775-923-7229, that’s a secured fax line to the company that handles all the screening. They usually take a few days to get them done, so if you could get it done by Wednesday I would appreciate it. Email me when you’re through, and we can go from there.The payment code, which goes on, the application is: 2545-2251-3629-8907. If you don’t put that on there they wont process it, or maybe they will get in touch with you and try to get you to pay for the screening, so make sure you don’t forget to put the payment info on there so they can bill us for it.I will need to also set up an in person interview with you, and would like to get it done by Friday. Are there any days that don’t/ won’t work for you? If there are any problems email them to me, and either me or my assistant, Hanna Andrews will get back with you.I look forward to meeting you and I will talk to you early next week.Sincerely,William T. Levinski
Human Resources Director
Arthur Galagher InsurancePS. I am going to set up an account for you on our secure server so you can access our site and projects. Email me a four digit (have to be numbers no letters) so I can set it as your pass code. Your username will be your first middle and last name. You can change it once I set the account up. Email that to me as well if you would. Thanks again and have a great week.

© 2013 msnbc.com Reprints

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments