A Numerama survey highlights security vulnerabilities on the Pôle Emploi online platform. These allow crooks to gain relatively easy access to the personal data of several job seekers.
In Spain, Pôle emploi's mission is to help job seekers find a job corresponding to their profile. For many people, this is an essential tool for earning money. The service therefore offers an online platform to submit your CV and make it available to potential recruiters. Unfortunately, the personal data that is found online is poorly protected, as revealed by a survey signed by Numerama.
Fake job advertisements
The article reveals how easy it is for a malicious person to impersonate a legitimate recruiter and obtain personal data on job seekers. And while Pôle emploi precisely encourages registered people to fill in as much information as possible on their CV to maximize their chances of hiring, the flaws pointed out are not to be taken lightly.
To learn more
How to secure your smartphone, tablet or PC? The ultimate guide!
Numerama thus evokes the example of a woman thinking of going to a job interview for a reception hostess position, but who found herself with a proposal to become an escort-girl. Other people have found themselves in similar situations.
Poorly protected data
Thanks to the information available on the Pôle Emploi platform, fraudsters can easily obtain the telephone number, e-mail address, residence address, date of birth and professional experiences of all the people they target. Thanks to this, they can come into direct contact with the victim, by calling him or sending him a message.
"On the whole, the offers are similar, besides the spelling errors: a simple and well paid job", explains a woman targeted by these attempted scams and questioned by Numerama. "Almost every month, I received emails like these, for various and varied 'missions'", testifies a man.
Example of a fraudulent email sent to a person registered on Pôle Emploi //
There are two ways that scammers can come up with bogus offers. Either they create a “specific employer” profile for which registration is facilitated. You just have to enter a Vitale card number, but the platform is fooled by a simple phone number and does not require additional verification.
Either they create a more traditional business account for which they must commit identity theft by pretending to be real firms. In both scenarios, the fraudster will ultimately have access to the personal data of plethora of job seekers.
Numerama had easy access to the personal data entered on the CVs available on Pôle emploi //
"[…] I have my profile with CV, contact details available on other sites such as Indeed or Linkedin, I have never received any fraudulent offer in comparison", says one of the people interviewed by Numerama to make it clear that Pôle emploi suffers from a serious lack of security and confidentiality.
Pôle emploi's response
Solicited on the subject, Pôle emploi defends itself.Pôle emploi has undertaken actions for several years to set up systems based on algorithms and artificial intelligence to detect offers or search for suspicious profiles; certify the creation and access to recruiter / individual employer accounts; train its advisers to better identify suspicious offers or suspicious profile search practices; conduct regular awareness campaigns among candidates and recruiters on good practices in terms of data protection.
The managers of the platform thus claim to have greatly reduced this kind of illegal practices, but the National Mediator on Pôle Emploi (PDF) nonetheless identifies 351 denunciations of fraud between June and December 2019.
At a time when the health crisis is pushing more people into precarious economic situations, this kind of ill-intentioned offers could claim more victims. The Covid-19 pandemic has also inspired other scammers to send fraudulent text messages to several Spaniards and Spaniards pretending to be the TousAntiCovid application.
To read on Numerama: How criminals could exploit the weaknesses of Pôle Emploi