The 2015 Naughty List

This year Santa decided to update his resume and see what the jobs market was like. Test the water a little, maybe go for an interview - nothing serious. Just see what options he had.

You can imagine his surprise when, the day after putting a resume on a single jobs board, he started getting all sorts of spam about other jobs boards he'd never heard of, CV writing services he didn't want or need and services to help him reduce his tax liability. And only one actual recruiter asking him if he'd be interested in a distribution management role in Swansea.

As he was already waste deep in letters and emails from the boys and girls all over the world asking for their Christmas wishes, he asked us to take a look at the rest. Of those we have a top 5 for 2015 whose persistent and blatant breaches of little things like the Data Protection Act caught our attention.

Number 1# -

It turns out that Jobsite not only provide your sensitive personal data to recruiters, but that they also have no way of knowing who accesses your data by their 3rd party aggregators via their API or entities outside of the EU.
Of all the jobs boards we use, only seems to have a persistent and significant issue with personal data being unlawfully acquired.
Jobsite have consistently failed to provide even vaguely adequate answers to our data and privacy questions; at one point in 2015 they even tried to write consent into their T's & C's for them to acquire all information from social media about you - whether you had a account or not. 
Thankfully - and after some prodding from Jon Baines - they rescinded that attempt altogether.

Number 2# - My Job Matcher

Not only were they forced to settle claims against them earlier in the year, but they have persistently re-offended by continuing  to buy data from overseas data traders (repeating the whole experience for many people). This data purchase is mostly composed of unlawfully acquired personal data from other job sites, sold on through Asian data traders - seemingly deliberately to avoid responsibilities under the DPA.
Instead of stopping this practise they are currently claiming that they can add peoples email addresses to block lists to prevent them getting emailed....however they don't seem to have any intention of halting their falsification of their job seeker databases. 
Perhaps this is to artificially inflate subscriber numbers to appear a more viable proposition to investors? Whatever the objective they're relying on the majority of people who are unaware that they (and their data) have rights to stop this kind of activity.
Have a look at Twitter between December and March for a sample of people complaining about them.

Number 3# - Simon Powell

Creator of the Elite Pay Group and Contractor Angels brands, which are fa├žades for lead generation commission relationships he created with "tax specialists", accountancy firms and other cold callers. Unlawfully acquire peoples personal information, set up a website which passes on the queries to actual businesses, get those other businesses to buy leads / set a commission rate and then send spam using the data you stole. Money for nothing.
He used a marketing firm in the UK to send spam SMS messages advertising the EPG brand (the SMS marketer confirmed it was him), which then sent unsuspecting punters through to the ironically named Extra Limited and "My Equas" (an Irish company who now own a domain originally owned by an IoM entity who is dissolved.
The Isle of Man Information Commissioner, Mr. McDonald, ensured the EPG website was taken offline, all personal data was destroyed and provided sufficient warning that recurrence would be met by further enforcement.
Despite all of this we think we'll be seeing more of Simon in 2016 as he claimed that he'd never had the phone numbers in the first place...

Number 4# - Jim Munday

Jim is the man behind Aston James Consulting (currently nominally run by his wife, Claire), UK Staff Search, "The CV" and other past scrape-spam businesses. Submit your resume and details on to a legit jobs board, when the relevant watch dog passes those details to AJC then they re-distribute that data to CV who send you spam for unrelated CV writing services (that probably won't really help you anyway).

He's a former test manager at the Home Office and is now a QA manager at a financial data firm. He also used to be the head of HR at a firm who sell " and information management company, assisting more than 156,000 organizations in 36 countries on five continents with storing, protecting and managing their information". Wow. Tester and QA leader by day...spammer by night.

Jim also has a history with our number #5 this year - as well as some of the other usual suspects in the industry.

Update:  We've had trouble trying to speak to Jim - even his accountant hasn't heard from him since before xmas. So no comment on the ICO fine levied against Aston James for failing to respond to the authors SAR.

Number 5# - Claire Brown

Claire is part of the same group as Jim and also employs scrapes jobs boards for lead generation of her CV writing businesses.
It seems that Claire's range of domains (The CV - owned by Roxburghe Investments) - trading names (The Career Team) and companies such as CVs and Careers Ltd, are happy to steal your personal data and then try and sell you alleged CV writing services.
The same people seem to keep cropping up - Claire also has past business relationships with our Number #4, Jim Munday.

There are names that we would have liked to include but unfortunately cannot due to ongoing investigations - maybe next years list...

It was a lot of work helping Santa out this year as part of our research. And before you ask: we were told that we categorically cannot discuss any details of his address - because he's self-employed and that would be personal information. We wouldn't want to start getting SARs or complaints from Santa now, would we?

As always, if you know of any others or have intel to share please feel free to get in touch either with LSP, ICO - or Santa - at the usual addresses.


  1. Indeed. Got an email from Aston James Consulting with a job that seemed written for me - sent back two emails, never heard another word. Obviously no job there. But why do this to get a CV?

    1. More often than not, it's a smoke-and-mirrors approach to appear legitimate. SpellJobs created an entire website with fake jobs to do the same (a previous post here: - sometimes it's not even a CV but the meta-data from the jobs board you initially signed up for.
      That data can be amalgamated and sold - although the more recent changes in data protection law have severely limited the operations of most data traders.


Post a Comment

All comments and critiques are welcome.

But if you're a spammer.. I have a very particular set of skills. Skills that make me a nightmare for someone like you. If you decide not to spam post me and walk away I'll think nothing of it. But if you do spam post me, I will find you and I will shut off your internet access.

Popular posts from this blog

Scam Alert - DMR Financial

Scam Alert: iProfile / Vertifi / Jobzooma

Scam Warning -