There is no such thing as privacy on the Internet.
This became even clearer in the past few weeks, when news broke about employers who asked job-seekers for their Facebook passwords in order to vet the interviewees' personal lives.
Job-hunters, as well as Facebook, cried foul over the practice, and rightly so.
The problem isn't just a matter of employers checking social media sites to get the dirt on potential employees. Hirers can do that easily enough with a Google search.
Rather, the news of employers asking for passwords highlights the overall privacy risks involved with the job hunt.
[ 5 Simple Steps to Prevent Identity Theft ]
Would you trust someone you've never met?
Many of us have learned by now that giving up a password is like giving up the combination of a safe filled with valuables, so it is no wonder that people recoil at the idea of handing theirs over to a stranger.
Yet we put our private information and personal identities at risk early on in the job-searching process just by handing out our resumes.
"The riskiest part of the online application process is the storage of the applicant's personal information," said Gant Redmon, general counsel and vice president of business development at Co3 Systems in Cambridge, Mass. "Once the information has been provided by the hiring company, the information must be stored and becomes susceptible to both internal and external threats. That means ... company insiders, as well as outside hackers, could try to access the information to commit bad acts."
There is also a lot of risk when employers send job applications to candidates after a resume has been sent in, said Ryan Disraeli, vice president of fraud services at Marina del Rey, Calif.-based TeleSign. Job-seekers are prime targets for online scammers.
"One common scam is to email the candidate a link to a survey or application that they must fill out to solidify their candidacy. These links can ask private information or even try to phish for account passwords," Disraeli said.
"Another common scam is sending applicants a fake credit application to fill out and then ask for personally identifiable information that can be used for identity theft or fraud. Sometimes this is done for affiliate scams when the affiliate is paid for every application they refer."
What you shouldn't tell prospective employers
There are two pieces of information that should never be revealed on your resume: your date of birth, and your Social Security Number. Companies are entitled to this information after an employee is hired, to verify citizenship and withhold taxes, but having the data on a resume puts the job-seeker's personal and financial data at risk.
If a prospective employer asks for your birth date or Social Security number, either by demanding that it be included on your the resume or during the job interview, it's perfectly acceptable to inquire why either is needed and how your personal data will be safeguarded, said Mitchell D. Weiss of financial consulting firm M.D. Weiss LLC in Farmington, Conn.
"While I recognize how important getting a job is for many folks, frankly speaking, a weak or dismissive response to these perfectly reasonable and important questions should give serious pause," Weiss said. "For example, what if you don't get the position? What will happen to your paperwork? Anyone requiring sensitive info must be held accountable for safeguarding it."
Job-seekers should also avoid providing copies of identification documents, such as a driver's license or passport, or bank-account information during a job interview.
"Common scams involve asking applicants to send a copy of ID or bank-account information needed to set up [payroll] direct deposit," said Disraeli. "While identification may be a request to hold a job, it should not be a requirement during the interview process."
Common sense
Job-seekers should also remain vigilant when applying for a job. Take to heart the old advice: If it seems too good to be true, it probably is.
"Your inbox as an active job-seeker is going to fill up with spam. This is just the way it is in the 21st century," said risk management and privacy expert Alexis Moore, based in the Sacramento, Calif., area. "Don't reply [to] or click on links in emails that appear to be from HR departments or have HR in the subject line or when you know for a fact they are not responses to your resume or application."
Scammers use such bogus human-resources emails to prey on people in the midst of a job hunt. Links in the emails could lead to malicious websites, or the emails could be part a phishing scheme devised by a crook who wants to leverage the personal information found on your resume.
In the same manner, be cautious when replying to job-offer ads, especially if the ad isn't forthright about company details. Know whom you are dealing with — ask for details about and check out the company — before sending your resume or, indeed, anything more than your name and email address.
"Less is best," Moore said, referring to providing personal details during a job hunt. After all, your resume could be a lot more damaging to the safety of your identity than your Facebook password ever could.