Online Security warning. This time the targets are job seekers.

[Gene J. (GeekTinker)]

This may seem like common sense to most job seekers. However, since this sort of website exists and people are having their identities stolen at an alarming rate, I believe there is a need to post this warning. First of all, I have not been a victim of this attempt to collect sensitive data. I stopped entering my data once I got to the part of the form asking for more sensitive information than I was willing to enter.

The issue is a website posting currently on Craigslist (in various cities) that proposes to accept job applications from those seeking employment. I believe this is done in an attempt to imitate the real J.P. Morgan financial services firm. From my research, there is not an actual division of J.P. Morgan named "J.P. Morgan Properties". If somebody who works for J.P. Morgan could verify this, it may help. J.P. Morgan may be interested in pursuing this information further. 

The sketchy online application form asks for much more information than is needed to apply for a job, such as full date of birth (including the year), full social security number, state ID numbers and issue dates, addresses, etc. 

I believe that any job seekers who are entering their information on this form have the potential to become targets for identity theft.  I have read that tax return theft has increased quite a bit lately, with many tax preparation businesses reporting a sharp increase in the number of returns that error out because a tax return has already been filed for that social security number.

The initial job posting that I found was located on Craigslist.com in St. Louis, Missouri (http://stlouis.craigslist.org/tch/4893301866.html) and lead the job seeker to this website through a link that includes the name of their local city (in my case, St. Louis, Missouri by directing the job applicant through the link at: JPMCAREERSSTLOUIS.COM). However, changing the city name to other large cities, such as Phoenix, results in being linked to the same questionable website, with the same very questionable application form for various positions within the fictitious company. 

Lastly, the phone number listed in the contact information is a government help line phone number (800-333-4636) and no email address is provided on the website, only a contact form.  The IP address of the initial website link is one that hosts 7340 websites. The "whois" lookup information is vastly different than the "whois" lookup information for the real J.P. Morgan website.

The deeper I dug into this, the more I believed that this is likely an intricate scam to trick job seekers into giving up their sensitive identification information. Don't allow your desperation to find a job to override your common sense. Please utilize good online situational awareness when filling out applications through the Internet.  If a company with an actual job offer needs that much detailed information, they can get it from you in a secure manner and usually long after the interview process.

[EschewObfuscation]

Good catch!

This is probably working well; we've been conditioned by "legitimate" corporations to give up a lot more information than they have any good reason to hold. I've routinely asked "am I not allowed to pay the gas bill without a social security number?", and given a pat, nonsense answer, usually along the lines of "it's our policy" or "it's for your protection", both of which are baloney. But nothing we can do about it. So the corps exacerbate the problem, then disclaim any responsibility for direct harm (eg data breaches) or indirect harm (eg acclimating people to giving up too much). Only thing we can do is be as careful as possible and hope for the best. This sort of warning reinforces the point.