Are your messages to candidates being ignored? If email is your primary outreach tool (and it probably is) – there may be a good reason. New reports of email phishing scams targeting cleared professionals are increasing the cautiousness around any unsolicited messages.
The risks aren’t just being discussed by security officers in PowerPoint presentations, either. They’re making national news headlines. These are just a few of the stories we’ve highlighted here at ClearanceJobs in the past month:
- Malware Targets U.S. Defense Contractors
- What the Equifax and OPM Data Breaches Mean for Clearance Holders
- How Foreign Intelligence Services Use Social Media to Target Clearance Holders
A malware attack believed to be linked to a foreign intelligence service (think Russia or China) recently targeted defense contractors through a malicious email attachment. Christopher Burgess, ClearanceJobs contributor and cybersecurity consultant, frequently notes the foolishness of opening any email attachment that’s been unverified – even if it looks like it’s coming from your wife or your grandma. Many cautious security professionals naturally extend that advice – avoiding even opening any email they haven’t solicited.
With spear phishing attacks via email on the rise and once again making headlines, what do you do if you job requires you to reach out and make contact with individuals who hold an active federal security clearance? Below are several points to consider.
1. Make yourself a trusted source.
If a career-minded candidate is even going to consider opening your email (let alone reading it), they’re likely going to double-check to make sure you’re who you say you are. If they can’t find your profile online, or they find a faceless, incomplete profile on ClearanceJobs.com, it doesn’t make a very good first impression. You probably have a complete profile on LinkedIn – which is great. But keep in mind, security clearance holders are regularly warned that LinkedIn is the number one tool used to target them online. The Defense Security Service recently issues a warning saying just that. And ‘Invitation to Connect on LinkedIn’ continually tops the list of subject lines used in spear phishing attacks.
If you’re putting all of your eggs in the LinkedIn basket, that’s a basket most security clearance holders have been trained not to trust.
Make sure they can also connect with you on your company career page and ClearanceJobs.com – and make your recruiter profile complete, including your company logo on your company page and a profile photo on your recruiter page.
2. Pick up the phone.
I haven’t answered my phone in three years. (Just joking. Sort of). BUT sometimes I get a sketchy sales or recruiting email that is instantly less sketchy when followed up by a personal phone call. It’s not a guarantee the solicitation is legitimate, but it’s a start.
If you’re only outreach mechanism is email, and you’re never picking up that phone, it’s time to start – at least for your security-conscious cleared candidates. Remember, within ClearanceJobs.com, you can also VOIP candidates. When the timing is right and you find a great resume for a candidate who’s online (happy hour is a great time to try this out), VOIP to reach out and show your interest.
3. Don’t send attachments.
It should go without saying, but your initial email to an unsuspecting candidate should be brief, direct – and not include any email attachments. If you have a position description or program information, make it available online. If you have information you can’t share in an email, it doesn’t need to be said in an introductory email. Trust me, you won’t lure a high-level cleared candidate by being extra secretive in your emails.
Email phishing scams may seem like a problem from years past. But they remain a serious problem, and one cleared candidates are aware of. Make sure your emails aren’t headed directly to the delete folder. One of the best ways to do that is through establishing a complete brand, via a secure, trusted site. Cut corners, and you’re cutting talent from your pipeline.