Blog

3 Common LinkedIn Scams

LinkedIn is known as a professional networking site that can be used to build connections and connect with potential employers. However, LinkedIn also offers scammers a broad attack surface, making it one of the most popular social networking sites abused by phishing attackers.

Here are three of the most common LinkedIn scams to be aware of.

LinkedIn Scam #1: Phishing Scams

The purpose of phishing is to fraudulently get access to people's banking passwords, credit card details, email accounts or other sensitive information. Having access to this type of information gives the scammers the perfect launchpad for operating more complex scams, such as corporate email compromise fraud.

LinkedIn phishing scams are typically delivered to your private inbox by a hiring manager (often a scammer masquerading as a genuine recruiter) from whom you just accepted a connection request.

The phishing scammers tempt you by offering employment and inducing you to click a link. Instead of taking you to a legitimate corporate website, the link takes you to a bogus site that requests your personal information. The attackers use different templates to pass themselves as legitimate recruiters, such as copying a brand's LinkedIn logo, symbol, or colours.

It is important to watch for fake links or websites that ask for more information that should be required.

LinkedIn Scam #2: Fake Accounts

Your data is your most valuable asset in the digital space. It is susceptible to theft and commoditized; it is often gathered and analyzed for deeper insight. Over time, data accrues immense value, which attracts scammers with their array of tools to social media sites, including LinkedIn.

Researchers have identified several fake LinkedIn profiles that connect with unsuspecting people to acquire their personal and professional information. These fraudulent accounts are part of well-planned social engineering campaigns to collect information about professionals or businesses in order to launch more elaborate scams. 

After getting your email address, scammers usually begin piecing together additional information about you, such as your name, workplace, and location. They may then use your information to establish a bogus profile. Such fake profiles become the launchpad to perpetrate various frauds, from bogus job applications to confidence tricks. During a phony employment scam, job aspirants may receive a message instructing them to pay service fees to process their applications. Genuine employers never seek payment for processing applications - this is a big red flag.

LinkedIn Scam #3: Fake Job Offers

This scam targets job seekers who are actively looking for employment. The attacker reaches out to the victim through LinkedIn, pretending to be a recruiter or hiring manager. They establish a rapport by asking questions about the victim's qualifications and then make a job offer.

The job offer is usually for a well-paid position with little experience required - too good to be true. Once the victim accepts the offer, they are instructed to click on a link that downloads malware onto their computer. The malware allows the attacker to remotely access and take control of the victim's device.

The attacker can then use the victim's device to access sensitive information, such as banking passwords and login credentials. They may also use the victim's device to launch attacks on the victim's company or to commit other crimes.

If you are approached with a job offer that seems too good to be true, be sure to do your research. Check the company website and make sure the job listing is legitimate. You can also contact the company directly to inquire about the job opening

Suspicious Things to Watch Out For On Social Media Platforms

Whether you are on LinkedIn or another social platform, it is important to always be aware of the information that you provide and what you click on. Here are a few practices you can adopt to maintain a high degree of social media or digital hygiene:

  • Avoid clicking links to other websites claiming you can win a prize or a gift card.

  • Avoid posts and advertisements that offer discounted prices.

  • Avoid posts and direct messages requesting money upfront in cryptocurrencies or other modes.

Final thoughts

Social networking sites are a great way to build professional networks or keep in touch with family and friends. However, like with any website, fraudsters prowl these networks looking for naïve or unwitting individuals. Remember to watch out for anything that looks suspicious, and never give out personal information or click on links from someone you don't know.

Featured Posts

See All

December 10 - Blog

Hardware Token Protocols

Hardware token protocols: what are they, and what role do they play in your organization's cybersecurity? In today's article, our ethical hackers outline the most common hardware token protocols.

October 24 - Blog

Packetlabs at SecTor 2024

Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.

September 27 - Blog

What is InfoStealer Malware and How Does It Work?

InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.

Packetlabs Company Logo
    • Toronto | HQ
    • 401 Bay Street, Suite 1600
    • Toronto, Ontario, Canada
    • M5H 2Y4
    • San Francisco | HQ
    • 580 California Street, 12th floor
    • San Francisco, CA, USA
    • 94104