Job hunting is stressful enough without having to worry about your personal information falling into the wrong hands. But the moment you start uploading your CV to online job boards, tweaking your LinkedIn profile, and firing off applications, you become a much more visible target.
Scammers, data brokers, and opportunistic fraudsters know that jobseekers are in a vulnerable position. You're motivated, you're moving fast, and you're sharing sensitive details about yourself with near-strangers on a daily basis. That's a perfect storm.
The good news is that a few smart habits can dramatically reduce your exposure. Here's what you need to know.
TABLE OF CONTENTS
Why jobseekers are such easy targets
Before we get into the how, it's worth understanding the whys.
When you're actively looking for work, you're doing things you'd never normally do — sending your home address to companies you've never heard of, handing over your phone number to recruiters who cold-messaged you on LinkedIn, and sometimes even sharing your date of birth on application forms. Each of these data points has value, and not just to legitimate employers.
Fraud reports related to fake job postings have increased sharply in recent years, with at least a third of jobseekers reporting suspicious posts, making employment scams one of the fastest-growing categories of identity fraud. The rise of remote work has only made things worse because it's now entirely plausible that you'd interview for a job, get hired, and never meet anyone in person. Scammers have exploited this shift aggressively.
Lock down your LinkedIn privacy settings
LinkedIn is the first place most people think of when they start a job search, and rightly so. But the default privacy settings on LinkedIn are not set up with your protection in mind — they're set up to maximize your visibility to everyone, including people you definitely don't want poking around your profile.
Here are the settings worth reviewing before you do anything else:
- Profile visibility. Go to Settings > Visibility > Profile viewing options. You can choose whether your full name and headline appear when you view other profiles. If you're doing competitive research — looking at people at companies you're targeting, for instance — it might be worth switching to anonymous browsing temporarily.
- Who can see your connections. By default, your full list of connections is visible to your network. That means recruiters, competitors, and anyone else can see who you know. Go to Settings > Visibility > Who can see your connections and set this to "Only you".
- "Open to Work" visibility. The green "Open to Work" banner is useful for showing your availability, but it also tells the world, including your current employer, that you may be actively looking. LinkedIn does offer a setting that limits this visibility to recruiters only. Use it.
- Email and phone number visibility. Check what contact details are showing on your profile under Settings > Visibility > Who can see or download your email address. There's usually no reason to have your phone number publicly visible.
- Synced data and third-party apps. Under Settings > Data Privacy, review which apps and services have access to your LinkedIn data. Revoke access to anything you don't actively use.
One more thing: be careful about publicly announcing career milestones like "I'm excited to share that I'm exploring new opportunities!" These posts are well-intentioned, but they're also a signal to scammers that you're actively searching and emotionally invested in finding something.
Be careful about what goes on your CV
Your CV is a professional document, but it's also a data goldmine. Most jobseekers don't think twice about including their full home address, personal email, and mobile number, and in the right context, that's fine. But when you're scattering your CV across dozens of job boards and company portals, you're essentially broadcasting that information widely.
A few practical adjustments to make on any CV you share publicly:
Drop your phone number and full home address. Listing your city and country (or just your city) is enough for most purposes. Full street addresses on a publicly accessible CV are unnecessary and increase your identity theft risk.
Create a dedicated job search email address. Use something professional and separate from your main personal email. This limits the fallout if that address ends up on a spam list, and it makes it easier to spot phishing attempts -- because anything coming to that address should be job-related. It's also worth keeping your CV and cover letter variants in a secure cloud storage like Proton, instead of scattering them across random devices or email threads.
Recognize the signs of recruiter scams
Legitimate recruiters exist and do genuinely useful work. But the recruitment industry is also one of the easiest to impersonate, and fake recruiter outreach is incredibly common.
Here's what a suspicious approach typically looks like:
They reached out completely out of the blue with an unusually good offer. This doesn't automatically mean it's a scam since real recruiters do approach people speculatively. However, an unsolicited message promising a high salary, remote flexibility, and fast-tracking through the process — anything too good to be true — deserves extra scrutiny.
They're vague about the company. Legitimate recruiters will usually name the employer or at least explain why they're keeping it confidential and what they can tell you. If someone refuses to say anything concrete about who they're placing you with, that's a problem.
They want personal information too early. A recruiter asking for your bank account details, National Insurance number, passport scan, or Social Security number before you've even had a proper interview is a red flag. Real employers ask for this information during the onboarding process, not during a speculative first call.
They're using a personal email address. Recruiters from legitimate firms use company email addresses. Someone reaching out from a Gmail or Hotmail account claiming to represent a major agency should raise your suspicions.
They want money from you. No legitimate employer or recruiter will ever ask you to pay for training materials, background checks, or equipment as a condition of starting work. Full stop.
Watch out for fake job postings
Fake job postings have become genuinely sophisticated. Gone are the days when you could spot them easily by the typos and broken English, modern fraudulent listings are often polished, plausible, and hosted on what look like legitimate company careers pages.
Some things to watch for:
The job description is generic to the point of being meaningless. Phrases like "looking for a motivated self-starter to join our dynamic team" with no specifics about the role, the team structure, or the day-to-day responsibilities are a warning sign. Real job descriptions tend to be specific because real hiring managers know exactly what they need.
The company's online presence doesn't match the listing. Before applying anywhere, spend five minutes on a quick research of the company's actual website. Does it look professional and recently updated? Do their social media accounts have real activity? Does the "Careers" section on their site reflect the job you found on the board? If you found the listing on a third-party site, search for the role directly on the company's own website to verify it exists.
The URL is slightly off. Scammers routinely set up fake versions of well-known company websites with barely noticeable URL differences, like using "company-careers.com" instead of "company.com/careers". Always double-check the domain you're submitting your details to.
The salary is implausibly high for the role. This is a classic bait tactic. If a junior administrative role is advertising twice the market rate with minimal requirements, ask yourself why no legitimate employer has snapped up that candidate yet.
They ask for extensive personal information on the initial application. Legitimate applications at the early stage typically just ask for your CV and maybe a cover letter. Anything asking for your passport number, date of birth, bank details, or other sensitive information before you've even had an interview should be treated with extreme caution.
Manage what job boards can see
Most major job boards like Indeed, Reed, Totaljobs, Monster, and others have privacy settings that are worth customizing. The default is usually to make your CV as visible as possible to maximize your chances of being found by employers. That's fine in principle, but it also means your details are accessible to anyone with a recruiter account, including people running data harvesting operations.
A few sensible steps:
- Instead of going fully public, set your CV to "searchable by selected companies" where the option exists.
- Regularly review and delete your submitted applications and saved data on platforms you're no longer actively using.
- Read the privacy policy (yes, really, or at least skim it) before uploading your details to a lesser-known job board. Some smaller platforms are quite liberal about what they do with candidate data.
- Use different passwords for each job board account, and enable two-factor authentication wherever it's available. If your account on a compromised job site gets breached, you don't want that to cascade into unauthorized access to your email or banking accounts.
Be thoughtful on social media beyond LinkedIn
LinkedIn is the obvious one, but recruiters and background check services now also look at your wider social media presence. More relevantly, scammers do too.
Your Facebook, Instagram, or X profile might contain more useful personal information than you realize — your general location, your workplace history, family members' names, places you frequent. None of that is dangerous on its own, but in combination with a CV, it's the kind of detail that makes social engineering much easier.
During an active job search, it's worth doing a quick audit:
- Set personal social media accounts to private or friends only.
- Review what's publicly visible on your profiles before a recruiter or background check company does the same.
- Be mindful about posting your job search status publicly. It's useful information for people who might want to target you.
If you're offered a job too quickly, slow down
This one is hard to follow when you're desperately wanting things to work out, but it's important.
A common scam pattern involves a very quick, enthusiastic job offer, sometimes after just one brief conversation, followed by a request for your personal details to "get you onboarded." The urgency is deliberate. Scammers want you to act before you have time to think.
If you get a job offer much faster than you'd expect, take a beat. Verify the company's existence independently. Look up the recruiter on LinkedIn and confirm they actually work for the company they claim to represent. Call the company's main switchboard number (found on their official website, not the one in the email) and ask whether the role and the recruiter are genuine. A real company will not be offended by this.
Report it if something happens
If you do fall victim to a recruitment scam or suspect your data has been misused, change all your passwords on the platforms you use and make sure to report it. There’s the FTC in the US and Action Fraud in the UK. Many job boards also have a "report this listing" button or link; use it when you spot something suspicious, even if it didn't affect you directly.
Reporting matters because it helps platforms and authorities identify patterns and take down fraudulent listings faster.
The bottom line
Protecting your personal data during a job search doesn't require paranoia; it only requires a bit of deliberate thinking at each stage. Use a separate email for job applications, review your LinkedIn privacy settings before you start, verify companies independently before handing over sensitive information, and trust your instincts when something feels off.
The job market is competitive enough without also having to recover from identity theft. A few minutes of caution upfront is worth far more than the headache of dealing with the aftermath.