Are Corporates Set for Phishing?

  •   Mon, Apr 16 2012
  •   By John B Monteiro

April 17, 2012


A fishing rod was a stick with a hook at one end and a fool at the other. – Samuel Johnson, English author (1709-1784).

Fishing and angling have long been with us and also warning about fishing in troubled water from Henry Mathew, eminent English divine (1662-1714). Now we have crooks phishing in troubled cyberspace, cheating gullible cyber netizens. But, we have to start with some basics on the subject.

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a website where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the user’s information.

Now another avatar of phishing seems to be raising its ugly head with potential employers demanding the passwords of social networking sites like Facebook to facilitate background check-up on the job aspirants. This has woken up human rights activists and lawmakers to a new danger of invading privacy of the individuals with the threat of denial of job for non-compliance. Here are some issues and developments under churning on the subject.

According to Associated Press, Facebook and US lawmakers have warned employers against requesting Facebook passwords while screening job applicants, a controversial practice that underscores the blurring distinction between personal and professional lives in the era of social media.

The practice has reportedly grown more commonplace as companies increasingly regard profiles—or embarrassing photos from wild nights out—as windows into a prospective employee's character. On March 23, 2012, Facebook’s Chief Privacy Officer, Erin Egan, posted a note warning that the social networking company could “initiate legal action” against employers that demand Facebook passwords. Egan said in a post on Facebook’s website that the social networking company has seen in recent months “a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles.” A Facebook executive cautioned that if an employer discovers that a job applicant is a member of a protected group, the employer may be vulnerable to claims of discrimination if it doesn't hire that person. Personal information such as gender, race and religion  are often displayed on a Facebook profile — all details that are protected by US federal employment law.

A Facebook statement said: "We don't think employers should be asking prospective employees to provide their passwords because we don't think it's the right thing to do. While we do not have any immediate plans to take legal action against any specific employers, we look forward to engaging with policy makers and other stakeholders to help better safeguard the privacy of our users". Not sharing passwords is a basic tenet of online conduct. Aside from the privacy concerns, Facebook considers the practice a security risk.
 
Also, lawmakers in several US states and in Washington said they would introduce bills to prohibit companies from vetting employees by demanding access to private accounts. Leland Yee, a California state senator, told Reuters on March 23 that he introduced legislation that would prohibit companies in the state from soliciting Facebook passwords from job applicants. The Associated Press reported that lawmakers in Illinois and Maryland were also considering similar moves. “Employers can't ask in the course of an interview your sexual orientation and yet social media accounts may have that information,” Yee said.  “Employers have legitimate questions about a person’s job performance, but they can get that information the regular way, without cutting corners and violating people’s privacy.”

Two US senators are asking Attorney General Eric Holder to investigate whether employers asking for Facebook passwords during job interviews are violating federal law, their offices announced March 25. Troubled by reports of the practice, Democratic Sens. Chuck Schumer of New York and Richard Blumenthal of Connecticut said they are calling on the Department of Justice and the US Equal Employment Opportunity Commission to launch investigations. The senators are sending letters to the heads of the agencies.

"In an age where more and more of our personal information — and our private social interactions — are online, it is vital that all individuals be allowed to determine for themselves what personal information they want to make public and protect personal information from their would-be employers. This is especially important during the job-seeking process, when all the power is on one side of the fence," Schumer said in a statement.

Maryland and Illinois are considering bills that would bar public agencies for asking for this information.
 
India, especialy IT-dominated Bangalore, is not untouched by this emerging problem. According to a special story by Sheetal Sukhija, entitled “Is your Facebook page your mini resume?” published in The New Indian Express (26-3-12),  as privacy debates heat up across the world, Bangaloreans reveal the trend of employers asking job aspirants for their Facebook IDs and passwords has caught on here too. When Adil Pasha, 24, revealed at an advertising job interview that his main strength was creativity, his interviewers asked for his FB password to check his latest updates. They rejected him, as he was going through a break-up and had put up song lyrics as his status message. On the other hand, Sukanya Srinivasan, 19, got an internship chance at a leading IT firm solely based on her FB photo albums.
 
“A company recently rejected my application after looking at the number of people I’d blocked on my chat list. They thought I didn’t have good interpersonal skills. I might be a friendly, harmless flirt, but the company might think I could sexually harass women employees. If they see my photos at a party, they might think I’m an alcoholic,” said one, who has attended over 12 interviews in the last two months, where his social life mattered more.
 
“This is a privacy infringement but there is no provision in the law (IT Act-2008) that prohibits employers from asking for personal information. This is happening with the willingness of potential candidates. If a person finds it unacceptable, he/she shouldn’t share the password. Background checks are common as some companies deal with sensitive information. So it’s not illegal, but intrusive. I think some power relationships can be abused if they cross the social networking barrier — like a boss-employee and teacher-student relationship. Corporate policy should prevent such things,” explained Sunil Abraham, executive director, Centre for Internet and Society.

But employers have a different take on the subject. The Times of India (26-3-12) quoted one Bangalore–based HR Manager as saying: “In the BPO sector, we deal with business data of big companies and we don’t want people who cannot be trusted. We spend almost 2-3 months training our new employees with the best trainers and even share our trade secrets with them.  We would not want to here someone who isn’t trustworthy. This is the reason we ask for their passwords. We look for whether the person is honest, creative, credible and he would be an asset to the company or not.”
 
The Indian ingenuity will come to the fore like double entries in accounting book-keeping and dhoosra in cricket. Some people may enhance their web identity to make it more appealing so the pokey-nosed employer may be misled. People may also start building dual profiles – one with their true self and the other with their politically correct self for the prospective employer.

Corporates have been hiring private detectives to check on their employees and to do background checks on prospective recruits. Now phishing, so far the domain of cyber criminals, may become the daily bread of detectives to snoop for corporates. Laws or no laws, they would expect to make a killing out of this opportunity window. Though in a different context, Herbert V Prochnow, Jr. eggs them on:”Nothing is more powerful than hope. One little nibble will keep a person fishing all day.” What is true of fishing is even more true of phishing.
 

John B Monteiro, author and journalist, is editor of his website www.welcometoreason.com (Interactive Cerebral Challenger) – with format for instant response.

 

 
By John B Monteiro
To submit your article / poem / short story to Daijiworld, please email it to news@daijiworld.com mentioning 'Article/poem submission for daijiworld' in the subject line. Please note the following:

  • The article / poem / short story should be original and previously unpublished in other websites except in the personal blog of the author. We will cross-check the originality of the article, and if found to be copied from another source in whole or in parts without appropriate acknowledgment, the submission will be rejected.
  • The author of the poem / article / short story should include a brief self-introduction limited to 500 characters and his/her recent picture (optional). Pictures relevant to the article may also be sent (optional), provided they are not bound by copyright. Travelogues should be sent along with relevant pictures not sourced from the Internet. Travelogues without relevant pictures will be rejected.
  • In case of a short story / article, the write-up should be at least one-and-a-half pages in word document in Times New Roman font 12 (or, about 700-800 words). Contributors are requested to keep their write-ups limited to a maximum of four pages. Longer write-ups may be sent in parts to publish in installments. Each installment should be sent within a week of the previous installment. A single poem sent for publication should be at least 3/4th of a page in length. Multiple short poems may be submitted for single publication.
  • All submissions should be in Microsoft Word format or text file. Pictures should not be larger than 1000 pixels in width, and of good resolution. Pictures should be attached separately in the mail and may be numbered if the author wants them to be placed in order.
  • Submission of the article / poem / short story does not automatically entail that it would be published. Daijiworld editors will examine each submission and decide on its acceptance/rejection purely based on merit.
  • Daijiworld reserves the right to edit the submission if necessary for grammar and spelling, without compromising on the author's tone and message.
  • Daijiworld reserves the right to reject submissions without prior notice. Mails/calls on the status of the submission will not be entertained. Contributors are requested to be patient.
  • The article / poem / short story should not be targeted directly or indirectly at any individual/group/community. Daijiworld will not assume responsibility for factual errors in the submission.
  • Once accepted, the article / poem / short story will be published as and when we have space. Publication may take up to four weeks from the date of submission of the write-up, depending on the number of submissions we receive. No author will be published twice in succession or twice within a fortnight.
  • Time-bound articles (example, on Mother's Day) should be sent at least a week in advance. Please specify the occasion as well as the date on which you would like it published while sending the write-up.

Comment on this article

  • BrayBarbra31,

    Thu, Jul 12 2012

    Some time before, I really needed to buy a building for my business but I did not earn enough money and couldn't buy something.

  • suhail, muscat

    Wed, Apr 18 2012

    intresting


Leave a Comment

Title: Are Corporates Set for Phishing?



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.