Resumes on web get wrong kind of offers

After he posted his resume online in 2004, Ed Pilarski got more responses than he bargained for.

More than a dozen companies called or e-mailed the retired Verizon Communications Inc. project manager with job offers he did not want or mortgage refinancing deals he did not need.

One caller stood out: A Morgan Stanley financial adviser who allegedly viewed the resume of Pilarski and hundreds of others posted on job-hunting Web site CareerBuilder. com.

The adviser suggested Pilarski “must have done pretty well financially” at Verizon. Outraged that information in his resume was being used for sales leads, Pilarski complained about Morgan Stanley’s “backroom tactics” to Massachusetts Secretary of State William F. Galvin, who recently charged the firm and several employees with violations of privacy rules.

Some job recruiters say Pilarski’s case is all too common. The misuse of resume data has become a big issue for the fastgrowing sites that are now a main source of talent for some industries, as well as a growing risk to individuals as hackers target the vast databases of personal information.

Just last month, the online recruiting site Monster.com disclosed that hackers had compromised as many as 1.3 million records.

“It’s been a big problem for years,” said Susan Joyce in Marlborough, editor of job-hunt.org, a compilation of employment links and leads.

“People are so trusting of something that calls itself a job board because they’re looking for a job and their shields are down. They’ll share information they wouldn’t normally share.”

Tom McAuliffe, an executive vice president at Sovereign Bank who oversees human resources, said he expects to see more security efforts from the job-hunting sites to block abuses. “If applicants don’t trust the sites they’ll stop using them,” he said.

The popularity of recruitment Web sites such as CareerBuilder, Monster.com and Yahoo Inc.’s HotJobs.com have become critical recruiting tools for companies. With 12,000 employees and a high turnover common in the banking industry, Sovereign hires about 2,000 people a year. Purchasing a license to access resumes on job-hunting Web sites, and posting openings there, is “the cheapest way to get the message out quickly,” said McAuliffe.

The newspaper industry has joined forces. Monster.com’s parent company, Monster Worldwide Inc., has partnerships with The Gazette as well as The New York Times Co., including the Boston Globe.

The sites allow job seekers to browse their databases of millions of job openings and sort them by parameters such as location or industry sector. Job seekers can create and post online resumes for prospective employers to see, which can include personal data such as telephone numbers, e-mail addresses — even Social Security numbers.

Companies that buy access to Career-Builder.com to find employees must provide their phone numbers, domain names and tax identification information to guard against fraudulent use of the data. But Liz Ryan, a career adviser in Boulder, said it is easy to purchase a password by posing as a small business. Password borrowing also is common.

And as they have grown, the sites have become attractive targets for thieves and scam artists. Some Monster.com users have received so-called phishing e-mails that contained victims’ personal information and asked that they download a file to assist in their job search. Instead, the file was a Trojan horse virus.

Both Monster.com and CareerBuilder. com have posted prominent warnings about scams to users urging them to beware of e-mail asking for information such as bank account numbers or Social Security numbers, which can be used for illegal activities such as identity theft. Other abuses can be more annoying than illegal, such as exposing users to junk e-mail or product offers.

Neither Monster.com nor CareerBuilder.com made executives available to be interviewed. A Monster.com spokesman did not respond to questions. Via e-mail a spokesman for CareerBuilder wrote that the site “takes the issue of fraudulent activity very seriously” and has taken steps such as hiding information such as Social Security numbers on resumes.

As for Morgan Stanley, a spokesman described the case as an isolated incident. The company is still reviewing the allegations by the secretary of state’s office.