20 Dec 2012

Security holes remain in government jobseekers site

The government is pressing ahead with plans to force jobseekers to sign up to its new Universal Jobmatch website that has been exposed as a ‘scammer’s paradise’ by a Channel 4 News investigation.

The new Universal Jobmatch system will allow government job inspectors to remotely monitor jobseekers to see how many jobs they search for each day, but bogus employers have been using the site to harvest people’s personal details.

The government promised to secure the site after we exposed serious security flaws but we can reveal that it is still possible for anyone to register as an employer on the site without any checks.

The Department of Work and Pensions has claimed that they have introduced extra security checks but will not reveal specific details, a spokesman said they are “constantly improving systems” and confirmed 27 fake employers have been removed from the site.

The website will be fully launched in the New Year after a trial period and the government boasts that 370,000 companies are already using it to advertise jobs. Jobseekers could lose their benefits if they fail to sign up for the new website.

However, jobs have been posted in recent weeks looking for MI6 agents, drug traffickers and ‘internet chat babes’, raising concerns over the site’s suitability.

As an employer you can post jobs and then potentially browse the CVs and private details of applicants.

Hackers exploited the site earlier this month, revealing to Channel 4 News they were able to harvest passport details and passwords from users. In response the Department of Work and Pensions promised that the site’s security would be improved.

However, following today’s announcement we were again able to register an employer account on the site again in minutes unvetted, despite DWP claims that employers would be checked manually.

Universal Jobmatch

The Government has claimed the site will “revolutionise” the search for jobs, with Work and Pensions Secretary Iain Duncan Smith describing the initiative as “spectacular”.

Mr Duncan Smith praised the system: “It will be accessible in internet cafes, libraries and on personal computers.”

“It is a real revolution in the way we match future employers with would-be employees. Your CV will do the work for you, even when you are sleeping, and notify you that a suitable job has become available.”

The minister explained that jobseekers would no longer have to use touch-screens in jobcentres, or wait for a print-out of jobs that were already taken.

Mr Duncan Smith also claimed it would be the biggest website in the UK, and arguably the most advanced. He also claimed bogus employers who had tried to access the system to gain information were now blocked.

A DWP spokesman confirmed that 6,000 fake jobs have been stopped and 27 fake employers removed from the site in recent weeks, warning that abusing the website could be illegal.

“The reality is a small number of false jobs were posted,” the spokesman stated.

“We are constantly trying to improve security and will take action against anyone abusing the site. Any jobs site will battle against problems like this.”

But this is not any jobs website. This is a website accessed via the government portal gov.uk, and from January job seekers will be obliged to use it.

Potential users have raised concerns over the new mandatory website, fearing that their personal details could be available to identity thieves if the security of the site is not improved.

Read: Universal Jobmatch - hackers steal your data

Jobseeker fears

Nic Lane is a claimant with fears about the new system, which he thinks stigmatises jobseekers and without addressing the problems of unemployment.

“Universal Jobmatch is an extension of the idea that Jobseekers must be seen to be earning their subsistence payments to give value for money to the taxpayers,” Mr Lane explained.

“Most jobseekers have already paid contributions into the NI system for many years prior to becoming unemployed.

“It has been decided that every claimant must provide evidence that they have looked for work for 35 hours each week. Assuming that there are enough jobs available to allow this process, the notion of remote monitoring is yet another way of stigmatising of the job seeker as irresponsible and feckless.

“This is about reassuring the taxpayer rather than addressing the problem of structural unemployment, or helping people back into employment.”

“It was revealed last week that there were 6,000 fake jobs on UJ already and the site had been data-mined by hackers. What employer would post a job on a site like that?”