2

I was talking with someone about my resume, and on the subject of my posting it online they said,

just be careful with PII ... for your own good :)

My reaction to that is How bad can it be? -- and, What's the worst that could happen?

That's more or less my question here.

A resume contains:

  • Name
  • Email (more precisely, a Gmail address)
  • Phone
  • Other URLs e.g. LinkedIn
  • Employment history
  • But, no home address, no date of birth, no SIN, no bank account details

Is it wrong or stupid to post that online where anyone might read it (or any bot might scrape it)?

Is there any specific precaution, or a mitigation measure (against whatever the risk is) that you'd recommend?

ChrisW
  • 203
  • 1
  • 5

2 Answers2

5

You open yourself up to the possibility of receiving spear-phishing calls, texts, emails, and so on. This information could be used by an attacker to impersonate you as part of a social engineering attack against, for instance, a call center employee at your phone company in order to gain more information about you (date of account registration, address history, etc.)

Joshua Murphy
  • 146
  • 16
Rashad Novruzov
  • 658
  • 2
  • 13
  • "You *will* get spearfishing" seems a bit extreme. I know plenty of people who published their email, phone, address, name, etc on their website (it's required in parts of Europe) and never had any problems. Is there a good reason anyone should target OP specifically? Instead of say trying random phone numbers? I'm all for privacy and disclosing as little PII as possible, but OP should probably consider their specific case and check if the benefits outweigh the potential dangers. – tim Feb 04 '20 at 19:12
  • Hi Tim, I posted my answer based on personal test in Canada. After I did post my resume on such websites as monster, indeed, glassdoor, a month later I started to get spearfished on the number I posted despite that the number was on the no call list for telemarket and the number was freshly bought and installed on a new phone. – Rashad Novruzov Feb 04 '20 at 19:16
0

Nowadays, those big online jobsites are now compliant to data privacy regulations such as GPDR. So the assumption is that you lay trust to these data controllers or data processors. Now in case they violate, they can be sued.

Those PII are provided due to business needs, that's pretty normal.

For case data breaches where you're data was leaked to public; risk factor can be from medium to high depending on what kind of PII was leaked. Consider your passport identity or credit card no., these are considered as sensitive PII where it can cause grave damage to an individual. Mobile or telephone no, or email address, you might received unexpected calls/emails(social engineering) which may or not cause damage to you, at the end this really depends on the motivation of the attacker.

Basically the data breaches will make an attackers life easier on their motive.

Winnnn
  • 41
  • 3