Identity Theft During the Job Search Is a Real Risk — Here's How to Protect Yourself

Woman on laptop


Profile Picture
The best talent deserves the right pay.
July 22, 2024 at 11:10AM UTC
When you’re looking for a new job, you already have enough items on your to-do list. Protect your privacy and make sure coping with identity theft isn’t one of them.
Why are you particularly vulnerable to privacy issues during a job search? In short, it’s because you’re putting a lot of data out there, including sensitive information.
You may also unwittingly provide hackers with information that can be used against you. Common security questions include references to past and present addresses, your mother’s maiden name, even your high school mascot. If someone sees your resume online, they could easily figure out the answers to some of these common questions and hack an email account or other online system you use.
In addition, you might create new accounts for job searching purposes and forget about them when your search is through. These abandoned accounts sit there, unmonitored, just waiting for a data breach. If that happens, you might get the notification in time to do anything about it.

1. Keep track of your old accounts.

What’s the big deal with someone getting into old accounts? Well, even an old email account is a treasure trove of personal information. You could have old bank or hospital statements in there, personal emails between friends and family members (maybe some that include details on where you live, bank or work), or even emails where you told someone codes for your door locks or credit card numbers.
“In addition, once you give an app or website permission to access your calendar, contacts, or even bank accounts, it can continue doing that for years, whether you still use the service or not,” writes Thomas Germain at Consumer Reports. “You may be supplying a steady stream of personal data to online companies you’ve forgotten about.”
To protect your privacy, set aside time on a semi-regular basis to use tools that identify accounts you have online and shut down ones you don’t need. There are some online services that can help you with that, like JustDelete.Me, or you can do some simple searches. Germain suggests Googling your username(s) to find old accounts, searching your emails, or even reviewing browser data (unless you’ve cleared the entire history recently). Not sure if your email has been involved in a data breach? Plug it into HaveIBeenPwned to see if you need to change a password on certain sites.
What you don’t want to do is use a service that will search and delete accounts for you. Why? Germain notes you’re opening up the door for more data breaches and information theft. Best to do the work yourself and cut out the middle man (or bot).

2. Keep your phone number safe from scammers.

Just this past October, both Facebook and Twitter admitted that they let marketers have access to their users’ phone numbers. You probably provided your phone number as a part of your account information (and lots of online accounts require it for two-factor authentication or other new sign-in security measures). And we like getting calls from some people, like recruiters or employers — just not telemarketers.
What to do now? Many apps, like Facebook and Twitter, are using new 2FA (two-factor authentication) apps that are built in to help you confirm your identity without giving away too much.
“Facebook, Twitter, and most major sites allow a second 2FA method that uses a free app to generate short-term codes you can enter into the site to verify your identity, just as you would with a code that is texted to you,” writes Sean Captain at Fast Company. “Google, LastPass, and Microsoft also provide handy free authenticator apps for Android and iOS. And popular paid password managers like 1Password and Dashlane also incorporate a 2FA function.”
Two-factor authentication isn’t automatically safe, however, as just this week it was announced that some Chinese hackers have found a way around it. Fun!
Outside of those few apps, you probably give out your phone number a lot, and you’d like to still get calls from those people. One option is to get a number like Google Voice, which you can have forwarded to your real number. You can use this one to give out for certain circumstances, and be able to avoid giving out your real number when you don’t want to.

3. Keep your wifi safe with a VPN.

Many of us do our job searching outside the house, at a coffee shop or library. But even if you’re on a password-protected public WiFi network, you’re never 100% safe.
Open networks are always a bad idea if you’re doing online shopping, submitting personal information or even sending emails with personal details. But you can protect yourself by getting a personal Virtual Private Network (VPN) to use. Heck, you can even add a VPN layer to your home WiFi if you’re security minded. VPNs come in all shapes and sizes, but recent reviews of consumer options put them around a mere $3-$5/month when you sign up for at least a year.

4. Protect your social security number.

We give out our SSN when we fill out tax forms at a new job or at the bank when opening a new account, but maybe not as much in other places — at least not anymore. Still, data breaches happen, even to the U.S. Government, and social security numbers spread around the dark web.
What can you do to protect yourself? One way is a good option for freelancers or those who own their own business. If you get an Employer Identification Number (EIN), you can send that to employers on tax forms instead of your personal SSN. You can apply for an EIN for free online with the IRS.
You might also give out your SSN is on the I-9 form you fill out for a full-time job. This form is used to establish eligibility to work in the U.S. However, unless your employer participates in E-Verify, you may be able to fill out the I9 without including your social security number. If the employer requires you to share your social, make sure to fill out the forms in person. Lastly, don’t give out your SSN via email or text…or even voicemail.
“Never type your Social Security number into an email or instant message and send it,” writes Jim Probasco at Investopedia. “The majority of email messages can be intercepted and read in transmission. Also, don’t leave a voice mail that includes your SSN. If you need to contact someone and give them your number, it’s best to do it in person. The second best way is to reach them on the phone and do it ‘live.'”
Note: When it comes to tax time, you also will be awaiting your yearly tax statements from your employer(s). It’s not illegal for them to send these via email, but it is a potential for a security breach. Make sure you’re not sending your SSN via email, and if you receive a document with it that way, notify the employer that it could be a potential data breach.

5. Is that online application safe? How to tell.

When you’re applying for jobs online, take the time to make sure that the site is secure before you add all your personal information. Here are quick ways to assess whether a site is safe, according to SiteLock:
  • Look for the little lock beside the important HTTPS (not just http) in the site URL. (Sadly, sometimes this can be faked.)
  • Check the website’s privacy policy (often in the footer) for details on their compliance with laws.
  • Check to see their contact information, and where that sends you. If it seems off, don’t use the site.
  • Look for their trust seal, which means they’re actively monitoring the site for malware.
  • Be wary of sites that have strange popups. Again, if it seems odd, back out of there.

6. Make your resume safer online.

There are a few quick ways you can protect your privacy online, especially when it comes to what you put on your resume.
  • Remove your home address from your personal details.
  • Use a forwarding phone number, like Google Voice.
  • Use a forwarding email address (you can set this up as an alias address with most email providers).
  • Avoid listing details that are common security question answers, like high school names and locations, or your middle name.

7. Passwords Passwords… P4SSW0RD$.

No matter what we do, data breaches happen. A quick way to protect yourself is to avoid using the same password on all sites, and to make our passwords harder to guess.
Use a unique password for every job site. Many secure smartphone apps that can keep track of passwords for you. Here’s a few of PCMag‘s recent picks for password managers you can use on your phone or desktop (or both).
Above all, you should feel safe during the job application process. Follow these tips and keep up with modern security measures moving forward.
— Anne Holub

Browse jobs at companies women love on FGB.

This article originally appeared on PayScale.

Why women love us:

  • Daily articles on career topics
  • Jobs at companies dedicated to hiring more women
  • Advice and support from an authentic community
  • Events that help you level up in your career
  • Free membership, always