Some people don't realize that there is such a thing as "resume phishing", and there are two basic definitions that job seekers should be aware of. The first is that yes, there are real "recruiters" (and I use the term loosely and with professional contempt) that will send you an email saying they saw your resume and you would be a great fit for an opening they have. The second is a more insidious type of phishing scam that appears to be in regards to a job, but is really trying to gain personal information to misuse for identity theft. It isn't that expensive for those that are practicing identity theft to purchase recruiting packages on Monster, or Careerbuilder.
Now, below is an example that came across one of my online communities as a "job announcement" (I have redacted information about the individual and company):
Job Description: Hi, I Hope you are doing well. This is with reference to your resume posted on job Portal. I came across your profile and want to let you know about an opportunity we have that I think you might be interested in. We have a following contract opening with our client. Please go through the job description that has been attached below, and if available and interested, please send me your Resume in word format ASAP. (Also, do not forget to send the details that have been asked in the end). Note:- Please ignore this email if you are already working with
Title: Business Development Executive
Location: Bellevue, WA
The role of Business Development Executive has the following major
1. Build a network of contacts in the operational (manager & director)
levels of the targeted accounts
2. Identify opportunities within that network for sales of value added
consulting, software development, software testing, systems support (e.g.
DBA, Sys Admin, Design, Business & Systems Analysis) and solution visioning.
3. Develop written definitions of client success and satisfaction and
monitor the relationship to ensure highlights are communicated and issues
are processed to resolution
4. Work as part of the delivery team to capture, communicate, value and
position Ramp as the preferred solution provider
5. Work to extend the solution reach within the client
6. Identify longer term strategic changes in the services and
relationship that will add value to the client and Ramp
The BDE will be expected to come to us with a book of contacts that can be
leveraged to build the relationship network. Also required is the
experience to understand the client business model and communicate it to the
rest of the delivery team.
The successful candidate will also need to be able to discuss their ability
-Identify specific sales opportunities for the different types of
-Understand how and when to focus prospect s in the different
responsibility models (responsibility vs. staff augmentation, fixed
price/scope/price, support models and SLA's)
-Understand how and when to focus prospect s in the different
fulfillment models in consulting (i.e. managerial, general, systems,
The compensation package will be base plus commission. Active accounts
will be provided to allow time for the BDE to develop new accounts to take
their place of in revenue and margin credit for comp plan purposes.
Desirable additional skills and capabilities would be
- Background in consulting delivery, pre-sales support or systems engineer role
- Exposure to or background in project management issues
Please provide a resume with experience and account lists to validate your interview responses to the above criteria. Client references will not be required for interviews but will be requested later in the hiring process.
Referral Program: Referrals are greatly appreciated!. If you know someone that is a fit for this position please have them send me the information requested below along with your name as the referrer. If I can put them to work I will send you a $500-$1000 referral after they complete their 3rd month on contract.
**Need to know the following details to expedite the process*****
-What is your current location? :
-Are you currently on a project, If Yes-Why you are looking for new project?
-Define your job position you are looking for more clearly:
-Are you willing to be flexible to work in technology or areas that you are not familiar with?
-Have you had any current interview experience lately: If yes, please let me know Client name, interview date, Feedback or expected Feedback?
-Are you Willing to Relocate?:
-Availability (earliest date you can start)? :
-Your Work Authorization?:
-Current Salary and Expected Salary?:
-What is the best number you can be reached at? :
Give me your employer details:
Two References Details (Must) with Name of the person, Company name, Phone
package including 401(k) plan.
Thanks & Regards,
| Operation Head |
Direct: (253)-999-9999| Fax: 253 999-9999 |person at
|Address, Bellevue, WA. 98007 |
If you receive something like this, even if you are unemployed your internal alarm system should be going off big time. Let's start with the opening. Notice that they got you off of a "job portal". They don't tell you which "portal" or job board; an ethical recruiter will *always* tell you where they sourced (found) your resume. Monster.com, CareerBuilder, their own internal database. They also ask that you not answer if you are currently engaged with their client, but they don't mention the client by name. This is a ruse
Now while the job description sounds real, please note the area where it asks for all sort of information that you should NEVER give unless you are actually interviewing for a job, certainly *never* in just an email. Most especially the information about reference details. This is just asking for someone you don't even know to hijack your identity.
Even if this is a "legitimate" recruiting agency, this is still a form of phishing. There are tons of off-shored resume "services" that are used by agencies to try and go after business by having resumes "on file" that they have acquired by any number of less than ethical means, the above illustrated example being just one. Below is an offer from one recruiter to others. He is responding to a professional job inquiry for a sourcing recruiter, basically someone that is a headhunting researcher (which is one of my main recruiting talents and titles.) Please note the verbiage of the reply/offer:
"I have used virtual folks equipped with Monster, CB, and DICE licenses who can do this and internet searching for $6.25/hr.
They will provide you with up to 150 resumes/week for 1-15 openings, and offer a free trial... However, some companies may prefer to spend 5-8x as much to get almost as much work done by a person onsite- which is their right."
What he is referring to is exactly the type of operation that sends the type of phishing mail above.
-For those that are desperate or don't know how to work with employment agencies (either contract or direct-placement), there are some things you can do to minimize exposure to this sort of practice.
-If you are using job boards such as Monster or CareerBuilder (CB), take your email off your resume and anonymize the contact info, but put a phone number on there (I highly suggest GoogleVoice for just this sort of thing.) If a recruiter is truly interested in your for your actual skills, they will *call you*.
-Never give the information they are asking for above. Set up a job hunting email address and use it. Reply and ask the "recruiter" who the client is or even what industry. Tell them you are happy to come by their office to meet and discuss opportunities and go through the application process.
-Check LinkedIn to see if the person is who they purport to be, then send them email to validate their inquiry.
-Ask other professionals in your field of they have had experience with
-Throw the proverbial ball back in their court: ask them for references and their client list. Call those companies, ask for the Recruiting Manager and verify that they have, indeed, successfully placed candidates or contractors there in the past, and ask what the corporate recruiter thinks about them.
Remember, your identity includes access to your credit report/history, banks, job history, address, legal records, driving record/history and a host of other things you may not even consider when replying to this seemingly-honest job opportunity.
Getting A Job With a US Work Visa
Comment on WSJ "No More Resumes"
Jeff Altman, The Big Game Hunter: Re: - Resume Phishing
Respectfully, your second complaint is valid. Identity theft is horrible. The first is not.
Many of us use software to scan several job boards (portals) concurrently and then email a note to someone.
The software, like all software, is imperfect. It cannot include the site was located on Because the search can include as many pay and free sites as the recruiter is subscribed to. Hence, the recruiter uses a generic term (in this case, job portal).
Again, in the example you provide, that firm has cast a wide net but it clearly looks like someone is using one of the software search agents to identify talent.
As for responding with, "Tell me your clients," frankly I have refused to do that for more than 30 years. Having found candidates take my information to contact a firm directly and steal $40000 to %75000 from me once to often, I refuse to offer up my client or any of my client names at the time of "a first date."
Again, it is great advice to warn people off giving away Social Security numbers (firms may ask for the last few numbers of it to differentiate between multiple people with the same name), but not the whole number.
SteveG: Re: - Resume Phishing
The first complaint is very valid. If you also using imperfect software to seek talent then I would ask you to stop using it. In most cases the software is doing nothing more than simply searching for keywords in resumes and spamming candidates. You are not seeking talent.
As someone seeking employment I hate getting an email which claims they have found my resume and you are the perfect fit for job X. This goes on to ask me questions in the email and/or to submit an application through a provided web site exactly as Kristen indicates. The web site is normally an awful imperfect example of a basic form with errors any reasonable web designer would not make. Examples include failure to indicate required fields, timing out unless you are a speed typist and blanking all fields after reporting an error. They even ask for another copy of the resume which they claim they have but will not tell you the source. You feel elated after successfully battling through this process only to have a response which says thanks for your application but after reviewing your resume you are not a good fit. So why do recruiters send out the initial email.
Many “recruiters” are just typing in a set of keywords which blindly sent out inappropriate emails saying you found talent. If you had found talent every person who responded should be a great fit.
It appears you do not work with AT&T. See their web site http://connectwithatt.com/ContractorOpportunities where they explain for their security all non-payroll candidates must provide full SSN numbers just to submit an application.
Kristen: Re: - Resume Phishing
Jeff, please see my recruiting blog on lazy recruiting, including the comments at the bottom.
The problem is when you have software send auto-generated form mail rather than actually *looking at the candidates* and contacting them yourself.
I would never advocate giving your client list to anyone. And of course contacting a candidate and getting either an exclusive right-to-represent or signed NDA is appropriate, but to do that *you must contact the candidate and that means sourcing and reading resumes yourself*. There is absolutely no excuse for poor recruiting habits.
This article also appears on