Recruitment Directory's Blog - Australia's #1 Recruitment Technology Blog!

Is your Job Application Form redirecting candidate applications to identity thieves?

Posted By: Thomas Shaw, 1:52pm Wednesday 10 February 2010

Did you know on some application forms you can manipulate the URL and have the candidate’s job application redirected to someone else’s email address? Job boards, career/recruitment websites are already a haven for identity thieves and this "oversight" on your application form is fueling their business!

You would think by now that recruitment technology providers, job board developers, risk management experts would be able to identify security risks in the candidates job application process. But alas, no - there are still many examples of this security risk present on application forms.

So what exactly am I talking about?

When a candidate applies for a job, they are usually redirected to an online application form. The application form URL may contain the destination email address (usually the recruitment consultant or inbox email address).

This is BAD!

If you change the email address in the URL you maybe able to redirect the candidate’s application to another email address. Guess what? You would not even be aware this may be happening on your application forms already!

This is not an issue which is going to go away. If your application form has an email address in the URL you need to immediately fix this problem!

Job boards can minimise their exposure to redirecting candidates to insecure websites by restricting URLs that contain an email address. It is better to be safe than sorry.

Article URL: http://www.recruitmentdirectory.com.au/Blog/is-your-job-application-form-redirecting-candidate-applications-to-identity-thieves-a330.html

Article Tags: hijacking job application forms identity theft url manipulation hacking job boards recruitment agency application form candidate details 3rd party application form email address url security risk

Hide Comments (7)

Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.

	Jamie (2:03am Thursday 11 February 2010) Tisk tisk. How could programmers get away with this.
	Najara V. (2:13am Thursday 11 February 2010) Shame on the whole recruitment industry for not taking security seriously. It's only a matter of time before a recruitment agency gets exposed for a lack of online security. What about the poor candidate? I feel sorry for them. Name and shame. Name and shame.
	J (10:38am Thursday 11 February 2010) Would these recruiters be part of the RCSA?
	Tony B. (2:59pm Sunday 14 February 2010) This is probably one of the best information sources for recruiters. Well done to Recruitment Directory for providing this. I can't wait to see what blog post is next? Thomas, are you currently working fulltime for a job board or still freelancing? Drop me an email I have some work for you on our job board. Keep up the good work. Tony.
	John (11:31am Monday 15 February 2010) I'm not sure what you think the security risk is. Who are you saying would change the URL? The candidate? Why would they do that? The job board? That seems like a pretty average way to protect your revenue stream.
	Irini Cavalliotis (12:22pm Tuesday 16 February 2010) I agree - name and shame! Employment Office application forms definately do not have an email address in the URL. Thanks Thomas for brining it to the attention of candidates.
	Application Forms (4:42pm Monday 26 April 2010) I too agre with Irini Cvlliotis without any url, why Employment Office application forms does not have an email address?

Back to Menu

Search Blog

RSS Feed

Random Blog Articles

Monster.com Test Ads
Published: 1:11pm Monday 01 June 2009

Taking your job search to the next level with Social Networking
Published: 3:29pm Thursday 23 April 2009

Inspecht releases 21st Century Recruiting eBook
Published: 4:30pm Thursday 18 December 2008

MyCareer iPhone App
Published: 8:00am Monday 31 May 2010

Are you using WordPress for your Recruitment Website? Check your security
Published: 12:01pm Monday 19 April 2010

Latest Blog Articles

Silly mistakes

QR Codes in Print Job Ads

I don't care that you have more LinkedIn connections than me. You can buy them for $5

More jobs than SEEK?

Fail Whale. Phishing link love

if(candidate.experience.contains(it)) ++bonusPoints

For bonus points, apply using the API

"Attaging" with QR Codes - The security threat for mobile recruitment

SMS "Apply" to...

Typo squatting and the doppelganger domain threat

[1] 2 3 ... 44 Next

Newsletter Mailing List

Stay informed of current news, upcoming events and promotional offers.

Top 25 Most Influential

Article Calendar

September 2012 (1)
August 2012 (1)
April 2012 (3)
February 2012 (2)
October 2011 (3)
September 2011 (1)
July 2011 (2)
June 2011 (1)
May 2011 (2)
March 2011 (3)
February 2011 (4)
January 2011 (3)
December 2010 (6)
November 2010 (7)
October 2010 (5)
September 2010 (8)
August 2010 (7)
July 2010 (8)
June 2010 (9)
May 2010 (10)
April 2010 (14)
March 2010 (13)
February 2010 (10)
January 2010 (8)
December 2009 (12)
November 2009 (14)
October 2009 (17)
September 2009 (14)
August 2009 (20)
July 2009 (21)
June 2009 (24)
May 2009 (22)
April 2009 (17)
March 2009 (33)
February 2009 (23)
January 2009 (45)

Your Name:	* Required
Your Email Address:	* Required
Website URL:
Comments:	* Required

Enter the code you see in the image above (case sensitive). Click on the image to refresh it.

Home > Blog	Powered by RecruitmentZOO
Site Map \| Contact \| Privacy Policy \| Terms & Conditions
Copyright © 2007 - 2010 Recruitment Directory Pty Ltd