Skip to content

Protect yourself online

It’s important as an employer on SEEK that you make a conscious effort to protect your account and the information stored within it.
Fortunately, there are simple measures you can take to protect your SEEK account.

Why does this matter?

Protecting your business online is about more than avoiding financial losses, it’s about ensuring your information and valuable candidate data is protected against cyber-criminal activity such as hacking, phishing and other online scams.
As phishing and password hacking activity is on the rise, we want to make sure our customers are protected against these more sophisticated attempts.

Noticed something suspicious?

Have you seen suspicious activity on your account, or accidentally performed any of the following:
  • Received and/or replied to a suspicious email
  • Clicked on a suspicious link
  • Received and opened an attachment that you weren’t expecting
  • Visited a suspicious website
  • Received an email to verify your account, but haven’t tried to sign in.
If the answer is ‘Yes’, then here are some steps you can take to help protect yourself:
  • Run a virus scan on your computer
  • Change the password of your SEEK account
  • If you’ve used this password on another website, please change this password too, (don’t reuse the same password when doing so)
  • Change the password for the email address you use to sign in to your SEEK account.
As an additional precaution, we recommend changing the password for every account where you have used the same email address that you use to sign in to your SEEK account. For instructions on creating a strong password, see How to create strong passwords
Please contact Customer Service on 0508 733 569 if you believe your account has been compromised, so we can investigate further.

Log4j Security Issue

11 December 2021
(Updated 20 December 2021)
It was recently announced that log4j, a popular logging library used by many Java applications, is vulnerable to remote code execution (CVE - 2021 - 4428) and recognise that you are tracking this rapidly evolving issue across your vendors. This is a summary of SEEK’s response to date, but as this is an active investigation, our ability to respond to custom questionnaires at this time is limited.
Immediately following the disclosure of the log4j vulnerability, SEEK’s Cyber Security team began investigating the impact to our internal systems and our customers, candidates, and hirers. We take these vulnerabilities very seriously and this was made a top priority at a company level by SEEK’s CEO.
We had identified a number of services leveraging the impacted version of log4j and these were quickly remediated by our engineering teams. After extensive and continued examination, we have found no indication of compromise to any customer, candidate, or hirer data as at the time of publishing this statement. We already had multiple levels of mitigation across our environments in place when this vulnerability was announced, and have implemented additional controls to directly address this risk. A detailed summary of those controls is outlined below:
  • Applied the updates to our systems and source code repositories, initially deploying version 2.15 and later moving to version 2.16 and most recently version 2.17 after updated guidance.
  • Deployment of web application firewall rules including any modification or obfuscations to block any probing for ${jndi: string that would attempt a WAF bypass.
  • Scanning for the log4j functionality is present outside of an easily found log4j .jar file.
  • Implementing outbound egress filtering on the network firewalls along with updating the signatures for blocking log4j related threat scanning traffic.
  • Leveraging an attack surface management (ASM) platform that monitors our attack surface ongoing to discover, inventory and assess our digital assets that are exposed to external attack.
  • Running a public bug bounty program across SEEK -
  • Continuously running penetration testing and red team simulations through hands-on analysis completed by SEEK’s Offensive Security team and by our breach and attack simulation platform.
  • Engaged with our external 24/7 managed security operations centre (MSOC) provider to gain insights into how they are integrating additional detection strategies for this risk.
  • Updating all security solutions such as EDR, vulnerability management platforms, dependency vulnerability platform, NDR, to make sure that they have the necessary signatures or details to detect threat and vulnerability related activity.
  • Our security incident response and threat intelligence teams continue to actively monitor the situation, incorporating new advisories into our strategy as is appropriate.
  • We continue to work with our peers across the information security community by sharing indicators of compromise, mitigation guidance and intelligence on how the vulnerability is being abused. As new information emerges, we will adjust our approach accordingly.
  • Tracking the public statements of each vulnerable vendor and where practical, services have been patched. In cases where updates have not been made available, we have deployed other countermeasures and will follow up with patches as they are released.
Liam Connolly
Chief Information Security Officer

Keep your passwords secure

Strong passwords are imperative to protecting your account. Your password is the key to your online identity, which is why creating a strong, unique password is so important. Here are some best practice tips to help you create a secure password.
Avoid using the same password for each online account. Using different passwords means that if one of your accounts is breached, cyber criminals won’t have access to other accounts that use the same password.
Use a strong password and store it securely. There are programs that provide ‘password safes’ that will store your passwords in a secure vault. Do some research online for the best programs to use.
Never share your SEEK account password with anyone. If you want other staff to have access to your account, add them as individual users, so they can create their own passwords to access the account. Please contact our Customer Service team if you need support to add users to your account.
Do not allow web browsers to store your SEEK password, especially on shared or public computers or devices.

Add additional users

If you have additional staff accessing your SEEK account, to help manage applications or create ads, make sure you add them as individual users. Also, ask them to create their own strong password for your SEEK account.
You can create additional users as a standard user, or as an administrator, which gives them greater access to functions such as the ability to manage user permissions. You can also create a user and assign them to a specific task so that they can only view and access information for that task.
It’s important to keep your account up to date. If someone leaves your organisation, ensure that you remove them as a user, so they no longer have access to your account.

What to look out for

If you notice a user on your account that should not be there, please contact SEEK immediately on 0508 733 569.
If you notice a job ad on your account that was not placed by your business, please expire the job ad immediately. Next, notify SEEK by calling us on 0508 733 569 so we can secure your account and advise affected candidates.
Cyber criminals often infect computers or devices by exploiting vulnerabilities in your software. The more current your software is, the fewer vulnerabilities your systems will have and the harder it will be for cyber criminals to infect them. Make sure your operating systems, applications, browser and browser plugins and devices are always updated and current. The easiest way to ensure this is to turn on automatic updates whenever possible and to install anti-virus software.

Install and update your anti-virus software

It’s important to have anti-virus software installed on your devices to help protect against malicious programs.
Update your anti-virus software regularly. Turn on automatic updates to simplify the process. Also make sure you update your phone, laptop and software on other devices when prompted.
Providers release updates to fix bugs and vulnerabilities in their systems. It’s recommended to update your software as a top priority – this includes software updates for your devices, anti-virus software, internet browsers and plugins.

Be cautious with your email

Cyber criminals will send you legitimate looking emails to gain access to your account – this is known as phishing. Cyber criminals can easily make emails look official by using the same logo and design from a legitimate company.
SEEK will never send you an email requesting your credentials, such as usernames, passwords or other personal information. If you ever receive an email from SEEK or any other business requesting your username and password, bank or billing details, DO NOT click any link in the email or provide any information requested. If you receive an email like this, you should always be cautious.
SEEK may send you an email with a Two Factor Authentication request if your SEEK employer account sign in displays unusual activity. You can read more about this in the Use Two Factor Authentication section below.
Common signs of a phishing email include:
  • Asking for sensitive information or requesting you to confirm the security of your account
  • Not addressing you by your name
  • Using poor spelling, grammar and punctuation, and inconsistent graphics/images
  • Creating a sense of urgency - scammers may try to test you by stating that something needs your immediate attention
  • Using a sender address that may look unfamiliar or peculiar
  • Having unfamiliar or unexpected attachments - don’t open them as they may contain malicious software
  • Including instructions to click on a link to sign into SEEK or open an attachment
  • Do NOT respond to the email or click on any links
  • Enter the web address into your browser from an independent search, don’t use the contact details provided in the message sent to you
  • Call the company from the number listed on their website to confirm the details of the email
  • Report the email to the company as suspicious. We also encourage you to report scams to the Commerce Commision via the make a complaint page
  • Subscribe to SCAMWATCH to keep on top of scams circulating in New Zealand

Use Two Factor Authentication

Two Factor Authentication generally requires an account holder to use more than one form of verification to access their account. Two-step verification is a very important tool in reducing malicious access to secure accounts.
When signing in to a SEEK employer account, customers may be prompted by SEEK with a request for an authentication code to be entered. The email account or mobile phone number paired with the SEEK employer account will be sent instructions on how to complete the authentication. Once that authentication code has been provided, customers will be granted access to their SEEK employer account.
Please visit our Help centre for information about signing in to your account, including account verification emails .

Helpful links

Information about jobs and employment scams.
Learn more about your online safety and report fraud and phishing crimes.
Report SMS or email spam.
Practical tips and advice on securing your computer and transacting online.