With the growth of remote jobs, a LinkedIn scam has also taken root. The intention of the scammers appears to be data collection from innocent job seekers.
Essentially, it is a phishing attack. In cybersecurity, Phishing is a cyber scam where attackers deceive people into revealing sensitive information or installing malware such as ransomware.
How the LinkedIn scam works
Cybercriminals create fake job posts and get people to apply. One particular trend is to pose as recruiting for positions that are easy to do remotely. This means the scammers favour posting jobs on writing roles, digital marketing, and virtual assistant among others. Additionally, they use the Easy Apply LinkedIn feature reducing the hurdles a would-be victim has to go through.
For example, accounts bearing the name International Association of Professional Writers and Editors (IAPWE), have been running this LinkedIn scam for a while. One gentleman reported the scammers had used his daughter’s details to charge her PayPal account fraudulently.
Shortlist LinkedIn Scam
Another method the LinkedIn scam is run is via direct message. Cybercriminals message users on LinkedIn and tell them they have been shortlisted for a position. They claim this is based off reviewing their LinkedIn profile. With that, they will request the user to send their most updated resume.Ordinally, a resume contains a person’s data. The cybercriminals can use this information maliciously.
In other instances, the scammers will ask you to take a look at project files before setting up a Zoom meeting. The project files contain a . EXE file that unsuspecting users may install.
More advanced scammers will find publicly shared emails on LinkedIn and email you a job offer. The email will direct you to a link to visit an insecure website.
In both instances, the hackers can install various types of malicious materials on a computer or mobile device after tricking a person into installing an app. These materials are typically designed to compromise the security and privacy of the device and its user.
Here are some common types of malicious materials that hackers may install: Malware, Spyware, Keyloggers, Remote Access Trojans (RATs), Adware, and Botnets. Additionally, visiting a compromised webpage may install Crypto-jacking scripts or Phishing Pages.
LinkedIn’s Response
Unfortunately, reporting the accounts to LinkedIn bears little fruit. In reality, the accounts do not violate any of LinkedIn’s policies. As such, it is hard for a user suspecting malice to prove it. Perhaps LinkedIn could borrow a leaf from indeed.com and mask people’s emails.
How to Spot LinkedIn Scam
The easiest way to spot a scam is to look at the age of the account posting. The More button on a person’s profile shows you information about the profile. Relatively new accounts and not frequently updated are red flags.
However, this is not a concrete method. Another method is to check the Job Poster’s details. Quite often, their current company is not similar to the hiring company.
Furthermore, another concrete way is to check the number of times the vacancy has been posted. It is highly unlikely a company will hire for a single position repeatedly. Most of the time, you will find that scammers have posted a single position multiple times.
For the email LinkedIn scam, search for the website domain that sends the email. Do not click the provided link. You will often discover there exists no actual website. The link sent will direct you to a shady webpage.
In addition, you can look out for verified profiles. LinkedIn has a verification feature where employees can verify they work for a said company. This helps foster a trusted community so you can make more informed decisions around connecting with other professionals. While it is not yet a common feature, its a good sign the job posted is more authentic.
Finally, one of the biggest tell signs is the Remote job.
The LinkedIn scam is real, hence, take care of your personal data when looking for a job.
The private data shared by people often compromises their mobile phones, bank accounts, digital payment platforms, or credit/debit cards. Additionally, hackers tend to sell personal data. The sale of people’s data is usually to the highest bidder. This exposes your data to even more bad actors that may use it maliciously Recently, we looked at how criminals steal from you via text messages. We have also discussed how we are exposed to the Wangiri Scam.
Needless to say, in this digital world always take precautions on every platform you are active on.