Social Engineering of Universal Job Match
by: anonymous 27.2.13
Well this
paper is on the use of universal job match and its fail against most basic security
for thousands of jobseekers forced to use this service although to date 27.2.13
is not Mandatory and no mandate has been set to make this compulsory.
The JCP
staff are stating this is compulsory. (Lies) as a test I challenged this.
26.2.13 a
guy by the name of Dave (JCP) was my target. After stating that my job search
was not up to standard
(on purpose
of course) I stated that JCP staff are not allowed to state to a jobseeker how
he conducts his/her job search, I was challenged as I'm seen as a scummy dimwit
who can't find a job and told we set the rules. Errr! Within the Law Dave?.
[“The UJ Jobmatch
toolkit chapter 3, paragraph 50, states: “You
cannot issue a Jobseeker’s Direction to either require a claimant to create a
profile and CV in Universal Jobmatch or to mandate a claimant to give us access
to their account – this is their decision not ours.” Paragraph 52 also
states that “We cannot specify to a JSA
claimant how they provide us with records of their jobsearch activity and
Universal Jobmatch will not change this.”
"Oh ok" States Dave... "well it will be compulsory in
March".. Yeah well Dave its fucking Febuary and as of now it's not.
(Lies)
On that note
he wanted rid of me... come on Dave so soon in our relationship, I felt a
bro-mance on the horizon...
I also
stated to Dave that the universal job match was plagued with identity
fraudsters (more on that later on) spamming and fake job postings as well as
cookie privacy issues. Dave said "is
that all I can help you with"... Erm Dave you did fuck all to help me.
With that I set about proving this is a joke and an identity fraudsters heaven.
How? read on....
I set about
proving this by posting a fake job posting as an ID fraudster would and see the
CVs and personal info flying in.
After a few
503 errors (typical for this mob) I managed to post a job using a company not
registered at companies house
with an
address plucked out of thin air but with matching postcode (so it passed the
checks lol) and well at first it told me the address wasn't a valid uk address,
but it was....so I tried another and boom job done. Pictures of the process below.
Note: one of the
security questions that could be obtained from social networking sites, online
searches or indeed my CV.
Account Created as an Employer
Now the job details are input
Job Description Details
Job
Details Cont.
Live Job
Vacancy now online on Universal Job
Match.
Email
Confirmation from UJM
I posted my
CV to apply and the company received it . I proved my point Dave....
This was a job description
purposely detailed to look fake, imagine how legit fraudsters could make the
posting look!
There are
lots more lies, too many for this paper but have been noted and recorded for
next time.
That's it
for part one of this debacle.
Disclaimer: This job posting is/was in
no way used for the purpose of harvesting personal information from any third party and
is not to be used for any other purpose than for proof of concept that the
Universal Job Matching Site is flawed and needs revision.