1. Home
  2. Student Support
  3. Professional Development
  4. Graduate Exhibition
  5. Graduate Exhibition Listings
  6. Fake Resume Attacks: Data Poisoning on Online Job Platforms

Fake Resume Attacks: Data Poisoning on Online Job Platforms

Research Poster Engineering 2025 Graduate Exhibition

Presentation by Michiharu Yamashita

Exhibition Number 87

Abstract

While recent studies have exposed various vulnerabilities incurred from data poisoning attacks in many web services, little is known about the vulnerability on online professional job platforms (e.g., LinkedIn and Indeed). In this work, first time, we demonstrate the critical vulnerabilities found in the common Human Resources (HR) task of matching job seekers and companies on online job platforms. Capitalizing on the unrestricted format and contents of job seekers' resumes and easy creation of accounts on job platforms, we demonstrate three attack scenarios: (1) company promotion attack to increase the likelihood of target companies being recommended, (2) company demotion attack to decrease the likelihood of target companies being recommended, and (3) user promotion attack to increase the likelihood of certain users being matched to certain companies. To this end, we develop an end-to-end "fake resume" generation framework, titled FRANCIS, that induces systematic prediction errors via data poisoning. Our empirical evaluation on real-world datasets reveals that data poisoning attacks can markedly skew the results of matchmaking between job seekers and companies, regardless of underlying models, with vulnerability amplified in proportion to poisoning intensity. These findings suggest that the outputs of various services from job platforms can be potentially hacked by malicious users.

Importance

Online job platforms like LinkedIn and Indeed play a crucial role in connecting job seekers with employers. However, these platforms rely heavily on automated systems to match candidates with job opportunities, making them vulnerable to manipulation. In this study, we developed FRANCIS, a fake resume generation framework that systematically alters job matching outcomes by injecting fabricated resumes. Our research reveals how fake resumes can be strategically used to disrupt job matching, either by artificially boosting certain companies and candidates or by suppressing others. By demonstrating these risks, our work highlights the need for stronger safeguards in online hiring processes. Protecting job platforms from such attacks is essential to ensuring fair hiring practices and maintaining trust in digital recruitment systems.

Comments