The evolution of online job portals has seen huge growth in the number of people uploading their CV’s onto a wide range of websites. This is done in order to find a job or to provide details on professional progression and achievements.
Finding a wide range of these documents is simple, using a very basic Google search uncovers 1000’s of CV’s across a wide range of websites and platforms. This is not a hack, it is just a Google search.
If you click on the search result, we are then taken to the actual CV itself. This is very accessible and provides a great deal of convenience for all concerned. This is also very convenient for a cyber criminal.
I have found hundreds of CV’s on numerous South African websites that contain all the information I would need to perform cyber-crime or identity theft. In most CV’s people put in their ID number, physical address and loads of other personal information. Some even provide the details of the number and age of their children.
So now the blank look and you ask; so what?
Please let me run over a scenario with you.
- A Google search brings up your CV, containing your name, address, mobile and ID numbers.
- I open the CV. Your data is mine.
- I then spend a small amount of time doing some research on your numerous social media platforms and discover who your bank and/or mobile service provider is. You would have tweeted about something.
- I now have all the information I require and have so many options.
- A simple approach is to simply call you and pretend to be from your bank. I will tell you we have had a security incident and we are in the process of securing online accounts.
- You are suspicious, so I do not ask for any personal information (as it is a security risk). Instead I verify the information we have about you.
- The information I have from your CV is all I need as I read your physical address and ID number from the document. This confirmation means that I have your trust because I am “legitimate”.
- Now that you are comfortable - I ask you to perform the final step in the validation process.
- As I change the password to your online banking profile, I ask you to verify the one-time password I have just sent you. You give me the PIN and I can now continue without suspicion.
This is but only one scenario. So many people do not understand the numerous risks of freely sharing of unnecessary personal information online. We live in a hyper connected world and cybercrime is a real threat that affects people and businesses on a daily basis.
Do not become a victim. As a start, take down all documents that contain personal information such as ID, Tax numbers and physical addresses. The hyper connected world is tough enough to navigate without making it so much easier for those with ill intent. Remove additional personal data from all online documents. You do not need to disclose your ID number or physical address.
This information can be provided later and securely once you have an offer.
John Mc Loughlin – J2 Software