UPDATE 31 October 2019 - LinkedIn Status has changed due to it being confirmed after publication of this post from a representative that they do not have a system to verify the legitimacy of a company, rather it is up to the job seeker to 'report' job postings.
At the time of publishing this, 30 October 2019, ZipRecruiter has emailed me on 25 October 2019 requesting the company name and are looking into the issue.
So, let's talk about ZipRecruiter. Last week, I discovered that my data submitted to a job application on their site was given to a third party company. I detailed the sequence of events as it happened via my twitter account in a thread.
So let's summarize the events from last week of data misuse:
On October 15th was the first time I officially started using ZipRecuiter as a means to apply for jobs. I applied to 5 companies on their site that day. On the morning of October 16 I received an email from, let's call this company Company X, asking me to click a link to verify my email address and in the very same second thanking me for verifying and welcoming me to the platform. I never clicked the link to verify, and Company X was not one of the companies I applied to that day.
So I found the support email on Company X website and sent an email requesting the account I never created to be deleted and to know from where my data was retrieved from and how my email and other details were inputed into their system.
Yes, I wanted my account I never created removed but I also wanted to know where they retrieved my data from - your digital footprint is something that should be in your control not in the hands of a company's algorithm to create a fraudulent account from data you never gave consent for them to take.
An hour or so later they replied to my email saying they would remove the account immediately and let me know how my data entered their database. I waited 7 days for Company X to tell me how they got my data, and when they didn't respond I sent a follow up email on October 23 asking how and where my data was retrieved from so that I could act accordingly.
They retrieved my data from a ZipRecruiter application.
It turns out when I applied for a job on ZipRecruiter, Company X has a feature on their site that once someone applies to a job that's also listed on their job board on ZipRecruiter then it creates an account on their website.
So: ZipRecruiter has a job that Company X also has on their job board -> job seeker applies via ZipRecruiter -> Company X creates an account on their website that is never mentioned on ZipRecruiter application.
The only thing listed on the ZipRecruiter application is Company Y, the company that is looking to fill the position not Company X that ALSO has the position listed on their site. So, job seekers may have accounts on company sites like X and not even realize that ZipRecruiter is not regulating enough and companies like Company X take their data to another database.
Company X is now decommissioning this feature after my back and forth email with them requesting how they got my data.
If I wasn't paying attention to my email on the morning of October 16th, I wouldn't have even noticed that an account was created for me without my consent - as I mentioned above Company X didn't even need me to verify my email by clicking, their algorithm verified my email and fraudulent account even though they sent me an email to verify and I never did.
I decided to take a look at ZipRecruiter's Terms and Conditions. I began to wonder what it said relating to third parties taking data submitted through ZipRecruiter. The terms and conditions confirmed the illegality of sharing data with a third party, yet here we are.
Is ZipRecruiter regulating companies that post a job posting? Company X had a feature on their website that when a job seeker applies on ZipRecruiter to Company Y, then the job seeker's data is sent to Company X database to create an account without the job seeker's consent.
How are they keeping track of companies with this feature? Is the only way for companies like Company X to get caught taking data without the job seeker's consent dependent on if the job seeker keeps a close eye on their email? Company X decommissioned the feature the second I requested to know where they retrieved my data from. As ZipRecruiter operates in Europe as well, GDPR, I began to wonder how safe was it to actually use this site as a means to find a job.
I was always told that ZipRecruiter was an external recruiter, so job seeker applies and someone else submits you to the position rather than a direct contact of job seeker applies -> applied to position.
What I found was actually worse.
It turns out ZipRecruiter does not verify or authenticate Users or guarantee that a job advertisement is suitable, legitimate or real. So, quite literally, anyone can say they're a company hiring for XYZ and you as a job seeker can be put in danger if you see an ~official~ looking email from a company that doesn't exist at all setting a time for an interview. Also some people do put their phone number and address on their resume which means they [the person posing as a company looking to hire] have a direct means to access you and know where you live.
So I went through a few job board sites terms and conditions so you don't have to.
Looking for a job means you're constantly on multiple different job boards trying to find opportunities. Most companies use more than one site or just use one particular site to promote their new opportunity. I know going through terms and conditions of a site is something we have to check off on when creating an account, but realistically speaking a lot of us just click check and never read the terms and conditions. So, I decided to go through the terms and conditions or reach out directly where necessary to job board sites and list my findings in alphabetical order to the answer of one question: Does the job board verify the legitimacy of a company and position posted?
❌ AngelList
This took longer to find that I thought it would. AngelList's terms of use has a main section and three sub-sections: Terms of Service, Talent General Terms, Source Terms, Jobs Terms. The section that we job seekers care about in terms of verifying the job offer is in Terms of Service and Talent General Terms.
Terms of Service: According to IV. Limit of the Company's Obligation section B. Verifying Due Diligence, AngelList does not verify materials or information provided by entrepreneurs.
Verifying Due Diligence. We are not responsible for doing diligence on the Entrepreneurs, Investors, Job Seekers or other users you meet through AngelList or verifying any representations, materials or other information provided by Entrepreneurs, Investors, Job Seekers or other users to you.
Talent General Terms: According to V. Release and Indemnity they do not verify the accuracy of any content.
Without limiting the foregoing, you acknowledge that Users are solely responsible for (i) verifying and ensuring the accuracy, completeness and legality of any Content; (ii) determining the suitability of any Candidate for any job or opportunity posted through the Services (including, by way of interviews, vetting, references, background checks and other similar actions);
❌ Dice
Dice is fairly new to me - I discovered them as I was looking for jobs on NY Times Jobs and one of the links led me here. Based on their terms and conditions, your use of the site is entirely at your own risk and they do not verify the accuracy of the job posting.
The Company does not evaluate or censor the resumes, job listings or other information posted to the Site. Moreover, the Company is not involved in the actual transaction, if any, between potential employers and candidates. Consequently, we have no control over the quality, safety or legality of the job listings or resumes posted to the Site, the truth or accuracy of such job listings or resumes, the ability of employers to hire candidates or the ability of candidates to fill job openings.
✅ Elpha
Elpha is a community where women in tech talk candidly online - think Reddit + LinkedIn but better. After reaching out to Elpha via email, the Co-founder and COO Kuan Luo confirmed that they verify the companies by doing their own research and by talking with the founders/team directly.
In terms of submitting an application, the open roles for the company they themselves verify are listed on Lever, GreenHouse or AngelList. Kuan also mentioned that they rely on member feedback to ensure that the Elpha community members have a positive experience connecting with and interviewing at their partner companies.
❌ Glassdoor
According to section D. Applying on Glassdoor, they do not guarantee the identity of an employer and caution job seekers when applying to jobs. You as the job seeker are responsible for verifying the job posting. A snippet of their terms of use is below:
Glassdoor does not guarantee the identity of an employer or any individuals working for any employers, and cautions job seekers when applying to jobs. Glassdoor does not guarantee the validity of a job offer and cautions job seekers to verify the validity of a job offer before taking an adverse action regarding their current employment situations. You are solely responsible for verifying the accuracy of any employer or job offer.
❌ Indeed
According to Indeed General Terms of Service, 1A, they do not guarantee the identity of an employer and caution job seekers when applying to jobs. You as the job seeker are responsible for verifying the job posting. Unless it says 'apply on company site', I would advise not to apply on Indeed.
Indeed does not guarantee the identity of an Employer or any individuals working for any Employers, and cautions Job Seekers when applying to jobs. Indeed does not guarantee the validity of a job offer and cautions Job Seekers to verify the validity of a job offer before taking an adverse action regarding their current employment situations. Job Seekers are solely responsible for verifying the accuracy of any Employer or job offer.
LinkedIn is universally known as the best way to look/search for jobs, here is what I was able to determine from their terms and conditions: They specify that companies are not allowed to intentionally misrepresent a job, hiring company or poster. Companies also do have to pay to post their job posting, and LinkedIn must accept the job posting.
Also included in 2. Job Services:
I reached out via email to clarify their terms and conditions and according to a Member Support Consultant only authorized personnel can post jobs for specific companies. However, they do not have a specific system that verifies all of the job postings on LinkedIn but they do have a well equipped team to handle any report of certain job postings that could be false.
For this reason, after much consideration, I've decided to give them a hazard sign. They do have some sort of criteria, but at the end of the day they do not have a system that verifies all of the job postings on LinkedIn and it is up to the job seeker to report job postings that seem illegitimate.
Also included in 2. Job Services:
Without limiting the prohibitions in the User Agreement or any other applicable agreement, you agree that you will not, and you will not enable or authorize any third party, by virtue of the Postings, Destinations, or use of the Jobs Services, to:
- Create Postings without a reasonable and legitimate intent to hire for a bona fide job opportunity or the specific position listed.
I reached out via email to clarify their terms and conditions and according to a Member Support Consultant only authorized personnel can post jobs for specific companies. However, they do not have a specific system that verifies all of the job postings on LinkedIn but they do have a well equipped team to handle any report of certain job postings that could be false.
For this reason, after much consideration, I've decided to give them a hazard sign. They do have some sort of criteria, but at the end of the day they do not have a system that verifies all of the job postings on LinkedIn and it is up to the job seeker to report job postings that seem illegitimate.
✅ TechLadies
TechLadies is a great community that connects you with the best jobs and opportunities in tech. After reaching out to TechLadies via email, the CEO and Founder Allison Esposito Medina confirmed that they vet each job posting to make sure the company is real to the best of their ability. They look at fundraising sites such as Crunchbase, search for founders online, and view sites, such as Glassdoor, for reviews of the application process etc. to piece together if the company is legitimate. Although Allison mentions that this isn't entirely foolproof, what sets them apart from others is that their site is paid and they charge hiring fees. So, the company aiming to be on their job board must be established enough to have a budget set aside.
By charging hiring fees and requiring payment to be given the privilege of being on their job board, this weeds out fake companies/start-ups with no actual end goal. The job posting is not posted on their job board unless the payment has gone through.
TechLadies is a closed community so in order for applicants to even view the job board, they have to apply to be accepted into the community. Allison confirmed that TechLadies does not share or sell anyone's data and the only time a company will receive an application from a TechLadies member is if the member applies to that job specifically.
⚠️ Way Up
This is a company that was not straightforward in their terms and conditions on whether or not they verify the accuracy and legitimacy of a job posting. They do not verify candidates (job seekers) who apply for jobs but they do not mention if this is the same attitude towards employers. However, they do mention that they may look into job postings at their own discretion but they are not obligated to.
The reason why they have a ⚠️ rather than a ❌is because they do not explicitly say they do not verify the job posting rather they say can look into the job posting if they feel like it.
At the start of their Terms and Agreements:
For avoidance of doubt, WayUp disclaims any responsibility for any employment or contracting opportunities, employment or contracting services, or any other services or products acquired or made available through our Services
In section 2. Verification:
By registering with our Services, you hereby authorize WayUp to verify any representations and warranties you make either pursuant to these Terms or within any materials submitted during the registration process, including conducting background checks, contacting any provided references, and reviewing public records. You acknowledge that while WayUp reserves the right to verify these representations and warranties, WayUp is not obligated to do so, and may choose not to do so, at WayUp’s sole discretion.
In section 3. Listing Employment or Contracting Opportunities:
For avoidance of doubt, each Job Posting must comply with all restrictions hereunder, including those governing the submission of User Content and general use of our Services. WayUp may, but is not obligated to, make an independent investigation of the Job Posting to ensure full compliance with these Terms. If WayUp determines, in its sole discretion, that any representation or warranty made by you pursuant to these Terms is in any way false, incomplete, or inaccurate, WayUp may, at any time, reject, remove, or suspend or delay the posting of your Job Posting, in whole or in part. WayUp may, but is not obligated to, provide you with an explanation for the rejection or removal of any of your Job Postings from our Services.
THis is a bit disturbing - thank you so much for revealing what you found!
ReplyDeleteIt really is so disturbing how many job boards don't verify the legitimacy or companies, the more I researched the more shocked I was. What I really wonder is how many companies have this ~feature~ and how many people have accounts in their name that they've never personally created.
DeleteI remember seeing you post about this on twitter I believe and I was so shocked at the blatant misuse of your data and probably countless other people! I'm so glad you went through the different popular job sites and their position on privacy and employee / employer information. I actually use a few of them and it's made me re-evaluate and I'm going to think harder in the future about the permissions I give on those sites. Thanks for sharing such a thought provoking post as always Sahara xx
ReplyDeleteThanks for following along with me over on twitter with it! The second I noticed where my data came from, I knew I 100% had to warn others from a similar fate and if at all make sure people are aware where it was safe to apply for jobs. I'm so glad that you appreciate me going through the terms and conditions of different job board sites - it took a while but I know that it was worth going through it all to make sure that job seekers are aware where their data is safe. Although we check off on terms and conditions, we tend to never take a really deep dive into it to fully read them, so I wanted to do all that and make it accessible for everyone else to see my findings!
DeleteThank you so much for reading Rumaanah!
Ohhh I've never actually heard of this! This has really opened my eyes. Thank you so much!
ReplyDeleteLove, Amie ❤
The Curvaceous Vegan
Thank you so much for reading Amie, glad I was able to bring this to your attention!
DeleteWow this is disturbing. I've applied using ZipRecruiter before and while I never got the job, I get tons of emails from them daily. I'm impatient with spam emails so I just deleted them. Clearly I should probably start looking at them more...helpful post. Thanks for sharing!
ReplyDeleteYes yes yes, I can definitely relate to the influx of emails from different job board sites - nearly miss actual important ones! Although the one click apply on ZipRecruiter has been great to reach my quota of 25 per day, I don't plan to use them as I continue my job search after this.
DeleteZipRecruiter has a large overhaul to do in terms of identifying if the feature that the third party company used is present at large when someone clicks apply to a position on their platform because at the end of the day it should be up to them to find/discover and terminate that listing not necessarily reliant on us job seekers paying 110% attention to our email - glad to hear my post was helpful! Thank you so much for reading, Casey!
I think the scariest thing about this is the job sites and companies that don't actually know if a job posting is really or legitimate? Imagine the danger they could potentially putting their users in, had they applied for a job that wasn't genuine? The data part is something I really don't think much about - I know I should though. But this was all really eye-opening. I use Indeed a LOT and have in the past but I'll perhaps have a re-think now if my boyfriend or I ever need to look for a new job!
ReplyDeleteJenny
http://www.jennyinneverland.com
RIGHT?! Like I personally have never thought that a job board wouldn't verify if a company/job posting was real or legitimate - I could swear that was the least they could do! And that's one thing I was thinking about the whole time as I finished up my research - people put their exact address and phone number on their resume so by the job board site not verifying they're putting their users in danger.
DeleteI've used Indeed before as well and unless it's an "apply on company website" where I can see the actual company and see if the opportunity is legitimate, then nope!
Omg I have been waiting for this post! I was keeping up with the tweets to the best of my ability and I really wanted to learn all about the situation. You are so amazing and should totally look into investigative journalism because this is so thorough and you contacted so many people for comments, I LOVE it! So sad and surprising that so many of the job recruiter sites aren't safe though. I expected more from LinkedIn in particular, but sad to hear that they're still iffy.
ReplyDeleteJas xx
I remember you saying you sensed a blog post in the works after my thread and TADA here it is! Ever since Sophie mentioned going into Investigative journalism I think I may do something of the sort as a side thing haha! Sending emails to company press/media emails was so stressful like I stared all emails for a good 30 minutes before sending them off! I wanted to be as thorough as possible and make sure I didn't miss anything :)
DeleteThe one I was most surprised in was LinkedIn! I would have thought they had some sort of system to verify the company and job posting - even their terms and conditions weren't clear at all, like they were trying to hide that fact? When I finally reached out for a comment from them, they took their sweet time responding before confirming that they don't have a system in place.
It was an interesting ride researching and learning all about these job board sites terms and conditions, definitely being more careful on where I submit my data for a position and hope I was able to help others from a similar fate that I had with ZipRecruiter!
Thanks so much for reading Jas!
Have none of those people heard of GDPR? I have been contacted by people to whom I never gave my address so it had to come somewhere. It is not tolerable that LInkedin and most of those websites do not vet anything or anyone. Such a good post! I didn't know about tech ladies but will start to use theml!
ReplyDeleteRIGHT!! That was one of the first things in my mind when this all occurred - GDPR. It was just absolutely mind-boggling that the third party company even had a feature to begin with. LinkedIn was one I was really surprised in as it's universally known as the best place to look for new jobs/opportunities.
DeleteGlad to hear you enjoyed reading and found about Tech Ladies - it's a great platform/community to be apart of!
I had no idea companies did that and it's very disturbing! Have they not heard of GDPR? It's everywhere now so they must have known that what they were doing was wrong.
ReplyDeleteIt really is! I really wonder what was even going through the third company party's mind when even creating that "feature" on their website. The first thing in my mind was GDPR and the fact that they immediately said they would be decommissioning the feature on their site the second I asked how they got my data; it's like they knew the feature was wrong/illegal even to do/have but thought they wouldn't get caught.
DeleteThank you so much for reading and for taking the time to makes sure your comment came through Romina!💖
I left a comment on your other post. But there is something else going. The job aggregators themselves: Glassdoor, LinkedIn, Indeed, Monster, Zip recruiter how do they make money? Hmm. It is not just fake companies that are the problem. In fact it has been reported that venture investment firms are pouring billions in to Neuvoo. Neavoo is horrible. I actually contacted a company who had no idea that Neuvoo had scraped their company info and bipassed their site when you clicked "apply" via LinkedIn. A neuvoo pop up would appear with the companies name on it asking for your name, email address and phone number. I never use to get robo calls now I get them on the daily ever since I started job searching. There is a huge scam going on the job search market which back in the day was not a "market". A company paid a fee to place an AD in a newspaper and that was it, the newspaper was no longer involved in the transaction. Now today not only do recruiting companies make money, so do job aggregators. And all of this "data" reported on the news about job creation is flawed from so many inactive jobs showing as "active" when they are not which is throwing off the "new" jobs being created, so again I say #fakenews. The "robust" economy is not as good as they are saying it is.
ReplyDeleteAllie of
www.allienyc.com