An investigation by Numerama highlights the security vulnerabilities on the online platform of Pôle Emploi. These allow crooks to easily access the personal data of several job seekers.
In France, Pôle emploi’s mission is to help job seekers find a job corresponding to their profile. For many people, this is an essential tool for earning money. The service therefore offers an online platform to submit your CV and make it available to potential recruiters. Unfortunately, the personal data that ends up online is poorly protected, as revealed a survey signed by Numerama.
Fake job advertisements
The article indeed reveals how easy it is for a malicious person to impersonate a legitimate recruiter and obtain personal data on job seekers. And while Pôle emploi justly encourages registered people to fill in as much information as possible on their CV to maximize their chances of hiring, the flaws pointed out are not to be taken lightly.
Numerama thus evokes the example of a woman thinking of going to a job interview for a position of hostess, but who found herself with a proposal to become escort-girl. Other people have found themselves in similar situations.
Poorly protected data
Thanks to the information available on the Pôle Emploi platform, fraudsters can easily obtain the phone number, e-mail address, residence address, date of birth and professional experiences of all the people they target. Thanks to this, they can come into direct contact with the victim, by calling him or sending him a message.
“On the whole, the offers are similar, apart from the spelling errors: a simple and well paid job», Explains a woman targeted by these attempted scams and questioned by Numerama . « Qualmost every month, I received emails like these, for various and varied ‘missions’», Testifies a man.
There are two ways that scammers can come up with bogus offers. Either they create a “particular employer” profile for which registration is facilitated. You just have to enter a Vitale card number, but the platform is fooled by a simple phone number and does not require additional verification.
Either they create a more traditional business account for which they must commit identity theft by pretending to be real firms. In both scenarios, the fraudster will ultimately have access to the personal data of plethora of job seekers.
« […] I have my profile with CV, contact details available on other sites like Indeed or Linkedin, I have never received any fraudulent offers in comparison», Says one of the people interviewed by Numeramato make it clear that Pôle emploi suffers from a serious lack of security and confidentiality.
Pôle emploi’s response
Asked about the subject, Pôle emploi defends itself.
Pôle emploi has undertaken actions for several years to set up systems based on algorithms and artificial intelligence to detect offers or search for suspicious profiles; certify the creation and access to recruiter / individual employer accounts; train advisors to better identify suspicious offers or suspicious profile search practices; conduct regular awareness campaigns among candidates and recruiters on good practices in terms of data protection.
Those responsible for the platform thus claim to have greatly reduced this type of illicit practice, but the National Mediator on Pôle emploi (PDF) All the same, there are 351 reports of fraud between June and December 2019.
At a time when the health crisis is pushing more people into precarious economic situations, this kind of ill-intentioned offer could claim more victims. The Covid-19 pandemic has also inspired other crooks to send fraudulent text messages to several French people by pretending to be the TousAntiCovid application.