Is your Job Application Form redirecting candidate applications to identity thieves?

Posted By: Thomas Shaw, 1:52pm Wednesday 10 February 2010

Did you know on some application forms you can manipulate the URL and have the candidate’s job application redirected to someone else’s email address? Job boards, career/recruitment websites are already a haven for identity thieves and this "oversight" on your application form is fueling their business!

You would think by now that recruitment technology providers, job board developers, risk management experts would be able to identify security risks in the candidates job application process. But alas, no - there are still many examples of this security risk present on application forms. 

So what exactly am I talking about?

When a candidate applies for a job, they are usually redirected to an online application form. The application form URL may contain the destination email address (usually the recruitment consultant or inbox email address).

This is BAD!

If you change the email address in the URL you maybe able to redirect the candidate’s application to another email address. Guess what? You would not even be aware this may be happening on your application forms already!

This is not an issue which is going to go away. If your application form has an email address in the URL you need to immediately fix this problem!

Job boards can minimise their exposure to redirecting candidates to insecure websites by restricting URLs that contain an email address. It is better to be safe than sorry.