I just got called by an employment agent a.k.a. recruiter. He has a job for me, and all I have to do is complete an application form. It's a plain text Word Doc, unencrypted, sent by open email, going into his recruiter's mailbox, containing not just name, address, D.O.B. but also:
- Passport no
- Driver's Licence
- Addresses for the last 5 years
- Medical
- and a few more, but you get the idea.
I've withdrawn the application, but this one is worthy of the ID theft Hall of Shame.
For anyone who does not understand why this is bad, remember this. An unencrypted email can be read by anyone, and is easily intercepted. By British law ISPs keep emails for seven years. An unencrypted email will be kept in an unalterable copy for seven years at your ISP and on the receiving end. You had better hope that you can trust the agent's IT security, anyone who accesses their PCs, anyone along the route the email went through, and so on. If they don't wipe their PCs before they dispose of them, the email can be around even longer and exposed to a whole new audience. Heaven for ID thieves.
And as note, never disclose your bank details, or anything other than name, address, d.o.b to an employment agent. Reputable ones that need your passport or further details will invite you into the office and take them manually from the documents themselves, not on a pre-filled form. This is not just for your protection but also for theirs.
Posts
No comments:
Post a Comment