Select Website 

Recruitment Directory's Blog - Australia's #1 Recruitment Technology Blog!

Back to Menu Back to Menu

Is your Job Application Form redirecting candidate applications to identity thieves?

Posted By: Thomas Shaw, 1:52pm Wednesday 10 February 2010    Print Article

Did you know on some application forms you can manipulate the URL and have the candidate’s job application redirected to someone else’s email address? Job boards, career/recruitment websites are already a haven for identity thieves and this "oversight" on your application form is fueling their business!

You would think by now that recruitment technology providers, job board developers, risk management experts would be able to identify security risks in the candidates job application process. But alas, no - there are still many examples of this security risk present on application forms. 

So what exactly am I talking about?

When a candidate applies for a job, they are usually redirected to an online application form. The application form URL may contain the destination email address (usually the recruitment consultant or inbox email address).

This is BAD!




If you change the email address in the URL you maybe able to redirect the candidate’s application to another email address. Guess what? You would not even be aware this may be happening on your application forms already!

This is not an issue which is going to go away. If your application form has an email address in the URL you need to immediately fix this problem!

Job boards can minimise their exposure to redirecting candidates to insecure websites by restricting URLs that contain an email address. It is better to be safe than sorry.



Article URL: http://www.recruitmentdirectory.com.au/Blog/is-your-job-application-form-redirecting-candidate-applications-to-identity-thieves-a330.html

Article Tags: hijacking job application forms identity theft url manipulation hacking job boards recruitment agency application form candidate details 3rd party application form email address url security risk

Comments Hide Comments (7)

Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.

 Jamie (2:03am Thursday 11 February 2010)

Tisk tisk. How could programmers get away with this.


 Najara V. (2:13am Thursday 11 February 2010)

Shame on the whole recruitment industry for not taking security seriously.

It's only a matter of time before a recruitment agency gets exposed for a lack of online security.

What about the poor candidate? I feel sorry for them.

Name and shame.
Name and shame.


 J (10:38am Thursday 11 February 2010)

Would these recruiters be part of the RCSA?


 Tony B. (2:59pm Sunday 14 February 2010)

This is probably one of the best information sources for recruiters. Well done to Recruitment Directory for providing this. I can't wait to see what blog post is next?

Thomas, are you currently working fulltime for a job board or still freelancing? Drop me an email I have some work for you on our job board.

Keep up the good work.

Tony.


 John (11:31am Monday 15 February 2010)

I'm not sure what you think the security risk is. Who are you saying would change the URL? The candidate? Why would they do that? The job board? That seems like a pretty average way to protect your revenue stream.


 Irini Cavalliotis (12:22pm Tuesday 16 February 2010)

I agree - name and shame! Employment Office application forms definately do not have an email address in the URL. Thanks Thomas for brining it to the attention of candidates.


 Application Forms (4:42pm Monday 26 April 2010)

I too agre with Irini Cvlliotis without any url, why Employment Office application forms does not have an email address?


Your Name: * Required
Your Email Address: * Required
Website URL:
Comments: * Required
Refresh
Enter the code you see in the image above (case sensitive). Click on the image to refresh it.
 


Back to Menu Back to Menu



Random Blog Articles

Incorporating Web 2.0 into your Recruitment Strategy
Published: 11:25pm Monday 19 January 2009

Social Recruiting in Australia and New Zealand. What do Recruiters really think about it?
Published: 8:00am Friday 30 April 2010

Data Applications and Infrastructure at LinkedIn
Published: 8:30am Friday 06 August 2010

Is it time to say farewell to 3rd party application forms?
Published: 11:30am Tuesday 19 July 2011

The difference between a Video Interview and Video Resume
Published: 2:06pm Monday 12 January 2009