The rise in remote jobs has brought about a surge in LinkedIn scams, with cybercriminals using various tactics to collect data from unsuspecting job seekers. These scams often take the form of phishing attacks, where attackers deceive individuals into revealing sensitive information or downloading malware onto their devices.
One common method that scammers employ is creating fake job posts that appear to be legitimate remote positions. They often target roles such as writing, digital marketing, and virtual assistance, taking advantage of the Easy Apply feature on LinkedIn to simplify the application process for potential victims.
For example, there have been reports of scammers using fake accounts like the International Association of Professional Writers and Editors (IAPWE) to run this LinkedIn scam. In some cases, scammers have even fraudulently charged PayPal accounts using stolen personal information.
Another tactic used these cybercriminals is sending direct messages to LinkedIn users, claiming that they have been shortlisted for a particular job based on an evaluation of their LinkedIn profile. They then ask for an updated resume, which could potentially be used for malicious purposes.
In more advanced cases, scammers may ask users to review project files before setting up a Zoom meeting. These files often contain executable (.exe) files that, if installed, can compromise a person’s device and privacy.
Hackers may also find publicly shared emails on LinkedIn and send job offers via email, directing recipients to visit insecure websites. Clicking on these links or downloading apps from these sites can lead to the installation of a variety of malicious materials, including malware, spyware, keyloggers, remote access Trojans (RATs), adware, botnets, crypto-jacking scripts, or phishing pages.
Unfortunately, reporting these accounts to LinkedIn often yields limited results since the accounts themselves do not typically violate the platform’s policies. LinkedIn could consider implementing measures, such as masking users’ email addresses, to help combat these scams.
To identify a potential scam on LinkedIn, pay attention to the age and activity of the account posting the job. New or infrequently updated accounts should raise suspicions. Additionally, check the details of the job poster, as scammers often use different companies than the actual hiring company. Multiple postings of the same position can also be a red flag.
In the case of email scams, avoid clicking on any links provided and instead search for the domain of the sending website. Often, these websites do not exist or lead to suspicious pages. Finally, be cautious of remote job opportunities, as they are a common lure for scammers.
Protecting personal data is crucial when searching for a job, as it can put mobile phones, bank accounts, digital payment platforms, credit/debit cards, and other sensitive information at risk. Hackers often sell personal data to the highest bidder, exposing individuals to further malicious activities. In this digital age, it is essential to exercise caution on all platforms and take necessary precautions to safeguard personal information.
Sources:
– Phishing Definition: Cybersecurity: Phishing
– LinkedIn Scam: Techpla.net – LinkedIn Scammers Threatening Remote Workers
– Indeed.com Masked Emails: Indeed Blog – Indeed Email Relay
– Types of Malicious Materials: Prey – Types Of Malware: Common Examples & Definitions