Software Solutions for the Human Capital Industry

In the past, we have mentioned ‘bots’ that harvest resumes from job boards in order to build a database of identities for fraudulent use. The Register has an article about a new tool for harvesting identities from job boards.

A Russian gang called Phreak has created an online tool that extracts personal details from CVs posted onto sites including Monster.com, AOL Jobs, Ajcjobs.com, Careerbuilder.com, Careermag.com, Computerjobs.com, Hotjobs.com, Jobcontrolcenter.com, Jobvertise.com and Militaryhire.com. As a result the personal information (names, email addresses, home addresses and current employers) on hundreds of thousands of jobseakers has been placed at risk, according to net security firm PrevX.

The article makes some recommendations on how a job board should block identity harvesting services. The security firm quoted recommends limiting the amount of searches a recruiter can carry out, or by using a “CAPTCHA” (like one of those blurred images when you sign up to a website). Limiting the amount of searches is definitely a good idea. Some of the big job boards have this in place, but it is something that should be considered by all job boards. It is physically impossible for a human to download 50 resumes in two minutes, so why not block (or slow down) users who attempt to do so?

As for the CAPTCHA… it is inconvenient and annoying, slows down and frustrates recruiters. But does it work? For one thing, you’re in a race against hackers who will try to build software to automatically crack your CAPTCHAs. And if that fails, they can always resort to human CAPTCHA crackers getting paid $3 per day. But it an option that could be used as part of a greater security policy. The most important thing is for job sites to realise that harvesting tools like this exist, and to develop a security strategy to protect against them.

Silicon Republic reports that last Thursday, the Irish job board Jobs.ie was hacked, resulting in the illegal theft of a number of resumes. It has become increasingly common for job boards to find themselves targeted by hackers due to the wealth of personal information and contact details, combined with below par security on many of these sites.

“The fact that this information was illegally gathered increases the possibility of it being illegally used. This would include seeking personal loans and credit cards, identity theft, seeking false ID such as a driving licence or birth certificate, and identity cloning.”

Jobs.ie were quick to contact affected users and inform them of the security breach and outlined how to avoid becoming a victim of phishing or email scams that might follow as a result. BH Consulting commends Jobs.ie on their quick response and acknowledgement of the issue in a country where there are mandatory breach disclosure law.

On an international scale, Jobs.ie is a small site. What about the thousands of other job boards out there that don’t have this level of concern for their users? What about the biggest of all - Monster.com? How often does a leak ten times as large as the Jobs.ie breach go undisclosed?

Glandore Systems is working on a solution to eliminate the risk to job-seekers who distribute their resumes online. Anyone who has been affected by a security breach on a job board, or who wants to find out more about how to protect their personal information and guard against identity theft, contact us to learn more.

Recently there have been a number of attempts by job boards at tapping into the Long Tail potential of blogs and widget-enabled social network sites through distributed job advertising. While millions of blogs, forums, social networks, and other websites have been living off the revenue sharing from Google Adsense, so far nobody has come up with a good solution for distributing job postings. SnapTalent launched today, looking smarter than other efforts made in this area (including Monster’s Career Ad Network).

Promising to help you reach higher quality hand-picked candidates that would never have discovered your company otherwise, SnapTalent ultimately consists of little more than small preview of a job advertisement in a web page, expanding to a larger version with more information that supports images and embedded video (from YouTube, Google Video, and Vimeo). The value of the service depends on where the ad is shown, so if a lot of website owners sign up and participate then it will open up new opportunities for recruiters who understand their target market.

In 2007, it became common for popular bloggers and news sites to launch a job board. For example, Joel Spolsky, has a niche job board affiliated with his software blog which sees regular postings at a cost of $350 per job and gives you access to the highly targeted demographic that frequents his site. SnapTalent goes a step further by integrating the job advertising into the page itself. Consider that the tech news site TechCrunch is currently the most requested advertising destination on SnapTalent, despite already having a traditional job board attached. It reflects the fact that many of the really good quality candidates (both active and passive) never take the time to visit a job board.

Other advantages for advertisers include the ability to pre-pay for clicks rather than per posting. A cost $250 for every 500 clicks sounds like good value, although I prefer to see more intelligent billing system (e.g., based on salary or competitiveness like Adsense). A portion of the money goes to the website owner, and there should be no shortage of site owners participating as long as this pays better than AdSense.

I did encounter some bugs and JavaScript errors while using the site itself, but I’m sure these will be ironed out soon. Critically, the ads look good. They are customizable, with unobtrusive popups. SnapTalent’s main selling point could end up being the ability to analyze and improve targeting of the jobs, ultimately leading to higher quality candidates and better efficiency overall. SnapTalent does not revolutionize internet recruiting, but it is another step in the right direction and is worth keeping an eye on.