Security Center
Welcome to the Tested Talent Security Centre
Tested Talent is dedicated to providing the safest possible environment for you to search for jobs and manage your career. To assist with that goal, we ask that you keep a few simple security precautions in mind when evaluating job postings on Tested Talent and job opportunities that you may receive unsolicited via email.
For example, it's possible that you may encounter fraudulent job opportunities when searching for jobs online or you may receive fraudulent email that has had the sender's email address forged to make it appear as if it came from Tested Talent. Such practices are a violation of Tested Talent's Terms of Use and may be a criminal violation.
Regrettably, all online companies are susceptible to occasional scams. While Tested Talent makes every effort to prevent this abuse, it is not immune to such activity. To help you conduct a safer job search, we've assembled the following security-related articles and resources. Familiarizing yourself with this information will help you better manage your career.
Main Topics
Conducting a Safe Job Search
A few simple steps, and a little bit of information can keep your job search safe and effective!
Avoiding Identity Theft
Identity theft is one of the fastest growing crimes across the globe. Here are some tips to protect yourself.
Maintain Your Privacy
It's time to take control of your personal information - before somebody else does. Whether you blog, visit social networking sites...
Reporting Fraud
If you see a questionable job posting or any potential misuse of the Tested Talent Website or its brand, please click here to report the suspected fraud to Tested Talent. If you think you have been the victim of fraud, immediately report the fraud to your local police and contact Tested Talent.
Resume Security
While fraud is prevalent online, it tends to be focused on companies that derive their business from online purchases. As Tested Talent is primarily a free service, and the contact information found in a resume can just as easily be located elsewhere (e.g. telephone listings), you can be assured that posting your resume on Tested Talent is a safe way to conduct a job search and manage your career. However, you do need to be mindful about the type of information you include on your resume. For example, the following personal information should never be included:
- National Identification Number
- Driver's license number
- Bank account information
- Credit card information
- Passwords
- Date of birth
NOTE: You should also never share the personal information listed above with a prospective employer until you are confident that the employer and employment opportunity is legitimate.
Avoid Work-at-Home Job Scams
Who wouldn't want to work from home on a part-time basis and earn thousands of dollars a month? It's an offer millions of people can't or don't refuse. Unfortunately, some of these folks eventually regret having done business with a so-called work-at-home employer.
"It's hard to distinguish legitimate work-at-home programs from people who are just out to get your money," says Sheila Atkins, associate director of public affairs for the Council of Better Business Bureaus in Arlington, Virginia.
With that caveat in mind, use the following tips to steer around the hazards of finding work-at-home employment.
Likely to Be Legit
Some occupations and industries are much more likely than others to offer real opportunities for at-home work.
A lot of legitimate companies are using home workers to take orders over the phone. Some employers also employ customer service reps who work at home.
Scam-Ridden Occupations
Other lines of at-home employment deserve a higher level of skepticism. It pays to examine the economics of the work you're being asked to do.
Envelope stuffing is a classic example of a business that may not be for real. If you were the employer, why would you pay someone $1 or more to stuff an envelope when you could job out the task to a mailing house for pennies apiece?
At-home assembly work is also highly suspicious. If these companies were legit, why wouldn't they be using offshore labor at a fraction of the cost?
In general, beware of work-at-home employers who ask for your money up front. Keep in mind that a legitimate employer will always pay you, not the other way around.
Questions to Ask
If you think you might have identified a legitimate work-at-home job, it's time to do some detective work.
Legitimate work-at-home employers should be willing and able to answer a variety of questions about their programs. Here are some questions to ask:
- What tasks will I have to perform? (Ask the program sponsor to list every step of the job.)
- Will I be paid a salary, or will my pay be based on commission?
- Who will pay me?
- How will I be paid?
- Do I need to pay something for starters?
- When will I get my first paycheck?
Finally, if the work-at-home employer passes all these tests but you still feel a bit queasy about the offer, trust your gut and run the other way.
Computer Threats
If you do not take measures to keep your computer safe, your computer -- and you -- could become the target of a cybercrime.
Cybercrimes are those instances when criminals, known as hackers or attackers, access your computer for malicious reasons. You can fall victim any time you are on an unprotected computer, receive a deceptive email claiming there is an “urgent matter” regarding your Tested Talent account or just surfing the Web. They might be seeking sensitive, personal identification information stored on your computer, like credit card numbers or private account logins they use for financial gain or to access your online services for criminal purposes. Or they could want your computer’s resources, including your Internet connection, to increase their bandwidth for infecting other computers. This also allows them to hide their true location as they launch attacks. The more computers a criminal hides behind, the harder it becomes for law enforcement to figure out where the criminal is. If the criminal can’t be found, he can’t be stopped and prosecuted.
There are many different threats to your computer’s safety, as well as many different ways a hacker could try to steal your data or infect your computer. Once on a computer, the threat will tend to show little to no symptoms so it can survive for a prolonged period undetected. Your online security and cybercrime prevention can be straightforward. In general, online criminals are trying to make their money as quickly and easily as possible. The more difficult you make their job, the more likely they are to leave you alone and move on to an easier target. We’ve compiled a list of the different types of threats that are out there along with some recommended steps you can take to reduce your susceptibility to these threats, using information from Symantec, a global leader in infrastructure software that helps consumers to protect their infrastructure, information and interactions.
Computer Threat #1: Vulnerabilities
How they attack: Vulnerabilities are flaws in computer software that create weaknesses in your computer or network’s overall security. Vulnerabilities can also be created by improper computer or security configurations. Threats exploit the weaknesses of vulnerabilities, resulting in potential damage to the computer or its data.
How do you know? Companies announce vulnerabilities as they are discovered and quickly work to fix them with software and security "patches."
What to Do
- Keep software and security patches up to date.
- Configure security settings for your operating system, Internet browser and security software.
- Companies should develop personal security policies for online behavior, and individuals should be sure to adopt their own policies to promote online safety.
- Install a proactive security solution like Norton Internet Security to block threats targeting vulnerabilities.
Computer Threat #2: Spyware
How it attacks: Spyware can be downloaded from Web sites, email messages, instant messages and direct file-sharing connections. Additionally, a user may unknowingly receive spyware by accepting an End User License Agreement from a software program.
How do you know? Spyware frequently attempts to remain unnoticed, either by actively hiding or simply not making its presence on a system known to the user.
What to Do
- Use a reputable Internet security program to proactively protect from spyware and other security risks.
- Configure the firewall in the reputable Internet security program to block unsolicited requests for outbound communication.
- Do not accept or open suspicious error dialogs from within the browser.
- Spyware may come as part of a "free deal" offer -- do not accept free deals.
- Always carefully read the End User License agreement at Install time and cancel if other “programs” are being installed as part of the desired program.
- Keep software and security patches up to date.
Computer Threat #3: Spam
How it attacks: Email spam is the electronic version of junk mail. It involves sending unwanted messages, often unsolicited advertising, to a large number of recipients. Spam is a serious security concern, as it can be used to deliver email that could contain Trojan horses, viruses, worms, spyware and targeted attacks aimed at obtaining sensitive, personal identification information.
How do you know? Messages that do not include your email address in the TO or CC fields are common forms of spam. Some spam can contain offensive language or links to Web sites with inappropriate content. Also, some spam may include hidden text that only becomes visible if you highlight the content -- a common trick spammers use to get their email to pass through spam filters without detection.
What to Do
- Install Spam filtering/blocking software.
- If you suspect an email is spam, do not respond -- just delete it.
- If you suspect an email is spam, do not respond -- just delete it.
- Reject all Instant Messages from people who are not on your Buddy list.
- Do not click on URL links within IM unless they are from a known source and expected.
- Keep software and security patches up to date.
Computer Threat #4: Malware
How it attacks: Malware is a category of malicious code that includes viruses, worms and Trojan horses. Destructive malware will use popular communication tools to spread, including worms sent through email and instant messages, Trojan horses dropped from Web sites and virus-infected files downloaded from peer-to-peer connections. Malware will also seek to exploit existing vulnerabilities on systems making their entry quiet and easy.
How do you know? Malware works to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user. You might notice your system is processing at a slower rate than what you are used to.
What to Do
- Only open email or IM attachments that come from trusted sources and are expected.
- Have email attachments scanned by a reputable Internet security program prior to opening.
- Delete all unwanted messages without opening.
- Do not click on Web links sent by someone you do not know.
- If a person on your Buddy list is sending strange messages, files or Web site links, terminate your IM session.
- Scan all files with a reputable Internet security program before transferring them to your system.
- Only transfer files from well-known sources.
- Use a reputable Internet security program to block all unsolicited outbound communication.
- Keep security patches up to date.
Computer Threat #5: Phishing
How it attacks: Phishing is essentially an online con game, and phishers are nothing more than tech-savvy con artists and identity thieves. They use spam, malicious Web sites, email messages and instant messages to trick people into divulging sensitive information, such as bank and credit card information or access to personal accounts.
How do you know? Here are four ways to identify phishing scams:
- Phishers, pretending to be legitimate companies, may use email to request personal information and instruct recipients to respond through malicious Web sites. They may also claim that an urgent action is needed to lure recipients into downloading malicious programs onto their computers.
- Phishers tend to use emotional language like scare tactics or urgent requests to entice recipients to respond.
- Phish sites can look remarkably like legitimate sites, because the criminals tend to use the copyrighted images from genuine sites.
- Requests for confidential information via email or Instant Message tend to not be legitimate.
After you open and run an infected program or attachment, you might not notice the impacts to your computer right away. Here are a few indicators that might indicate your computer has been infected:
- Your computer runs more slowly than normal.
- Your computer stops responding or locks up often.
- Your computer crashes and restarts every few minutes.
- Your computer restarts on its own and then fails to run normally.
- You see unusual error messages.
- You see distorted menus and dialog boxes.
What to Do
If you believe you received a phishing email, were lured to click on the link or download a program and are concerned you may have some type of malicious program installed on your computer, here are some things you may want to check:
- Is your virus scan running?
- Are your virus definitions up to date (less than a week old)?
- Did you perform full disk/memory virus scan?
- Once you run your scans and have positive results or remove programs, ensure your online accounts are secure -- modify your account passwords.
- Make sure that you have enabled your Phishing Filter, a feature of Windows Internet Explorer.
- Contact your anti-spyware/virus vendor to find out other steps you can take.
HOW TO BE A SAFE INTERNET USER
Every Internet site in the world is facing the growing issue of fraudulent usage of information, and we want to work with users around the world to stop this practice. Please keep reading to learn more about the warning signs and what you can do.
Spam email is such common occurrences today that you may think you know what to look for. But there are two types of email scams – what's known as 'phishing' and 'spoofing' – that can be more difficult to identify. Both practices concern fraudulent email where the 'from address' has been forged to make it appear as if it came from somewhere, or someone, other than the actual source. Below are the warning signs to look for:
What's 'phishing' all about - and how do I spot it?
Phishing emails are used to fraudulently obtain personal identification and account information. They can also be used to lure the recipient into downloading malicious software. The message will often suggest there are issues with the recipient's account that requires immediate attention. A link will also be provided to a spoof website where the recipient will be asked to provide personal/account information or download malicious software. Tested Talent will never ask you to download software in order to access your account or use our services.
How is it different than 'spoofing'?
Spoof emails often include a fraudulent offer of employment and/or the invitation to serve as a go-between for payment processing or money transfers. This scam is primarily directed at a general audience, but it can also reach Tested Talent members who have included contact information on their resume. Like with phishing emails, the sender's address is often disguised.
What’s 'vishing' all about – and how do I spot it?
While phishing is typically carried out via email, scam artists may also attempt to facilitate a variety of scams using the telephone. Commonly referred to as voice mail and SMS (short message service) phishing (vishing/smishing), these scams are commonly carried out through automated systems that will leave you a voice or text message requesting personally identifiable or account information. Often times, the call will come from an unidentifiable number or one issued by a Voice Over IP (VoIP) company.
Consumer Advice: How to Avoid Phishing Scams
The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. The Anti-Phishing Working Group has compiled a list of recommendations that you can use to avoid becoming a victim of these scams.
- Be suspicious of any email with urgent requests for personal financial information
- Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
- They typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
- Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic
- Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser
- You should only communicate information such as credit card numbers or account information via a secure website or the telephone
- Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
Your Guide to ID Theft Awareness and Avoidance
Millions of people have their identities stolen each year. Perhaps you or someone you know has fallen victim to what has become one world’s fastest-growing crimes. But with this expert advice, you will know the specific steps you can and should take -- before and after the fact -- to greatly reduce your potential risk.
Here are few tips from Tested Talent:
1. Beware of the Word ‘Prevent’
No person and no product can 100 percent prevent identity theft. As long as criminals can benefit from stealing, there will be theft. Sensitive personal information (SPI), such as banking or credit card account information is everywhere, housed and archived in a mind-boggling variety of ways. Individuals and companies can reduce access to SPI and improve safeguards around it by working to change how we share, collect, store and dispose of information. As a general rule, Tested Talent does not collect SPI. When it comes to protecting SPI, exercising vigilance is always your best bet. And be sure to research any product or service that guarantees identity theft prevention.
2. Watch for ‘Shoulder Surfers’ and ‘Skimmers’
Shield the entry of personal identification numbers (PINs) and be aware of people standing entirely too close by when using your credit or debit card in public. Especially with the advent of cell phone cameras, a sneaky, shoulder-surfing thief can get your private information pretty easily if you’re not careful. It’s also advisable to use teller machines that are familiar to you, so you are in a better position to identify when the equipment looks different or doesn’t feel right. Your increased awareness may reveal a skimmer’s attempt to steal PINs and banking details at that site.
3. Keep Your Social Security Card Safe at Home
There are very few reasons to carry around this crown jewel of SPI. Something as small as a Social Security card can be easily lost by simply opening your wallet. Remember, ID theft and fraud are not exclusively credit-related -- thieves can use a clean Social Security number to construct a whole new life.
4. Erase Before You Dump That Old Computer
Erasing data just enables the computer to write over that space again; it doesn’t actually eliminate the original bits and bytes. Physically remove the hard-drive to ensure you’re not tossing out or passing along your personal details.
5. Choose ‘Forget Me’ Instead of ‘Remember Me’
How many Web sites do you frequent that invite you to enable an automatic log on the next time you visit? Don’t check that box! When convenience trumps confidentiality, you’re asking for trouble. The harder you make it for hackers to follow your trail into an online store or bank account, the better.
6. Practice Prudent Posting
Online social networking sites enable individuals around the world to chat, share photos, recruit employees, date, post resumes, auction property and more. Because the Web makes it possible for any posted document to link with another, any information you put online has the potential to stay there for what amounts to electronic eternity.
7. Keep the Key
When you check out of a hotel where you were issued a card-key to unlock the door to your room, don’t leave the card-key behind. Hold on to it until you’re safely home and can shred or otherwise discard it safely. Some say it’s an urban myth that card-keys hold vital details like credit card numbers, while others report having tested and confirmed the presence of private data coded into the magnetic strip. Even if there’s no definitive answer, why risk it?
8. What’s in Your Wallet?
Make photocopies of the personal material in your wallet: driver’s license, credit cards, insurance cards, all of it -- front and back. Should your wallet be lost or stolen, you won’t be left wondering what was actually taken, and you’ll be able to quickly notify the appropriate agencies about what has happened.
9. Identify and Avoid Phishing Email
Phishing emails are used to fraudulently obtain personal identification and account information. They can also be used to lure you into downloading malicious software. The message will often suggest the recipient’s account has an issue that requires immediate attention. A link will also be provided to a spoof Web site, asking the recipient to provide personal/account information or download malicious software.
Tested Talent Team reminds you that we will never ask you to download software to access your account or use our services.
10. Conduct a Safe Job Search
Be mindful about the type of information you include on your resume, especially if it will be posted online. For example, you should never include the following:
- Social Security number
- Driver’s license number
- Bank account information
- Credit card information
- Passwords
- Date of birth
You should also never share the personal information listed above with a prospective employer until you are confident the employer and employment opportunity are legitimate. While it's reasonable in the early stages of the hiring process for employers to ask you for information about your education, training and qualifications related to a prospective job, don't provide proprietary information until you're farther down the road and have conducted due diligence to review the company's background.
Network Safety Online
In case you haven't noticed, the old-boy network for finding jobs isn't old anymore, isn't all boys and now prefers high-end coffee shops to exclusive clubs.
When not sipping lattes, many networkers in the professional world now meet around electronic water coolers, sharing career buzz via Internet media ranging from email and message boards to Web sites, chat and blogs.
This cyberspace of job hunting abounds with useful information and helpful people; it's also full of misinformation, dead ends and the occasional economic or social predator who's looking to take advantage of people. Follow these tips for getting the most from online networking while protecting yourself.
Five Ways to Stay Safe While Networking
- Don't Give Yourself Away: Keep personal data, especially identifying information, to yourself until you have reason to trust your correspondent. Name or address or phone number -- lets your genie out of the bottle. Also be careful about disseminating documents, like your resume, where your identity is embedded.
- Set-up a Safe Email Address: Consider establishing a separate email account for professional networking. Choose an email alias entirely unrelated to your real identity, and be sure the email service doesn't allow anyone to retrieve information you may have provided, like what you entered in a registration form.
- Watch What You Say: What you write in an online forum may be retrievable by search engines for years. You can imperil your good name and even lose your shirt by recklessly trashing an associate, boss or employer. Get a voodoo doll instead.
- Safety in Numbers: Be wary of face-to-face encounters with people you've only known online. "If you meet people in a group, a public place is pretty low-risk," says Johnston.
- Infect Others with Good Ideas, Not Viruses: The only thing more destructive to your reputation than spamming the world with your resume is allowing a PC virus or worm to send itself to everyone in your address book. Install antivirus software and keep your subscription current.
Managing Your Tested Talent Profile and Other Online Account Credentials
When it comes to your Tested Talent Profile, employer account and other online accounts, your password is the key to your site experience and personal information. While Tested Talent takes proactive security measures to protect your account information, you should actively protect your account information as well by keeping your password secure from unauthorized access.
In addition to having access to the products and services associated with your account, users who gain access by unauthorized means may attempt to use the data they’ve stolen to target phishing emails to you. In most cases, you would not notice your account has been compromised until it is too late.
With this in mind, here are some simple ways you can protect your account information:
- Use a complex password. By choosing a complex password, you can increase the security of your account and prevent malicious use of Tested Talent's products and services. To create a complex password, follow these tips:
- Avoid using a simple password that is easy to guess (e.g., Tested Talent, Tested Talent1, 1234).
- Use a password of at least eight characters or more. Each additional character helps.
- Avoid using a password similar to your name, company name, password or email address.
- Include characters other than letters, such as numbers and symbols.
- Use a phrase or sentence you can remember.
- Change your password regularly.
- Never use the same password for multiple accounts -- this will increase your security.
- Never email anyone your password, and most importantly, never respond to an email asking for your password. Tested Talent will never email you asking you to supply us with or confirm your password, nor will Tested Talent ask you to download any software, “tool,” “online form” or “access agreement” in order to use your Tested Talent Profile account.
Tested Talent will also never call you asking for your username and/or password. You're the only person who needs to know your password. Don't share it with anyone. If you receive a phone call from someone claiming to be from Tested Talent and they ask you for your account credentials, do not respond to the caller. Instead, email Tested Talent at [email protected]. - Never share your password. If you're concerned someone else might know your Tested Talent password, change it immediately or contact Tested Talent.
- Avoid writing down your passwords, if at all possible. If you must write down any password, store it securely away from your computer.
- We also encourage you to make sure that the antivirus programs on your computer are updated regularly.
Tested Talent is committed to protecting the data provided to us by our job seekers and increasing the security of our customer accounts. Not only will these efforts protect your account information, but they will prevent unauthorized users from accessing Tested Talent products and services associated with your account.