LinkedIn scammers attack when we may be at our most vulnerable – here’s what to look out for and how to avoid falling victim to fraud when using the platform.
Job hunting is hard work, a kind of full-time job in itself. It requires focus and patience to go from one job posting to another and fill out endless forms, perhaps to the point of causing emotional distress – and still with no actual job offer in sight.
Social networking platforms like LinkedIn seek to alleviate the most onerous tasks, making it easy for job seekers to stay on top of their job search and possibly even helping some of them get their foot in the door at their dream company. Recruiters, meanwhile, have an easier time finding the best candidates, among other benefits.
But partly because this is such an immersive process, especially for the jobless, many people may also be more susceptible to scams. To be sure, all social media platforms are breeding ground for fraud. One thing makes LinkedIn somewhat special, however, is its public perception as a safe place, a professional environment where we can drop our guards.
Unfortunately, the reality is not that favorable, much less so in times of the Great Resignation. Online fraud impersonating LinkedIn continues to thrive and indeed, has soared in recent months. While some scammers can be very successful with very simple and old tricks, such as asking for your banking details or upfront payments in return for a seemingly legitimate job interview, others can be very sophisticated.
Let’s go through a few examples of common scams exploiting LinkedIn.
Email notifications have become a common presence in our mailboxes, making their way to a folder where they usually stay forever, or at least until they are deleted. Social media companies are well aware of this and come up with ever more appealing lines, such as “You appeared in 30 searches this week” and “Congratulate John on his new job”, all to make us curious enough to log into our accounts and spend more time on the platform.
Cybercriminals have also taken notice and use such curiosity-inducing wording on lookalike phishing emails that land in our inboxes and that are ultimately designed to steal our login credentials or download malware onto our devices.
Once we click a link in such a fake email, we’re sent to a fake LinkedIn landing page that asks for our login credentials. Seconds later, we unwittingly hand over only our LinkedIn username and password, but often also access to all other services where we use the same authentication.
Bogus job offers
Other ways of stealing logins involve offers for well-paying “job offers” that are within reach upon replying to a direct message. Caught off guard, we may click the supplied link or ask for more information, to which the fake headhunter will reply with a not-so-convincing message that you have what it takes to get the job and asks you to pay an advance fee, possibly for training, or to fill in your personal information through, for example, a Google Form. Although sounding a little odd, you may think there’s nothing to lose. Except that there is.
These offers often request additional personal information on the first contact even if what you’ve already provided in your LinkedIn profile and résumé, such as your name, residence age and contact details, is more than enough to get you a job interview. You’re well advised to always confirm that the company you’re applying to really exists and run a fast Google search to check it. And just like you put a lot of effort into sending a proper résumé, employers tend to be pay attention to their job ads, so keep your eyes peeled for grammar mistakes or any contradictory information.
On top of this, remember that no company is going to offer you money nor request your banking details on the first contact.
The crypto El Dorado
While obviously not specific to LinkedIn, forex and crypto scams also target the site’s users. A seemingly well-educated and legit financial advisor reaches out, offering a “great investment”. We are taken into the El Dorado of easy money, an appealing prospect for anyone in economic distress or for those confident they’ll strike it rich in the cryptocurrency arena.
It will certainly sound “too good to be true”, but the message comes with a sleek website that supports the claim, lots of reviews and new millionaires to tell their story. To join the club, it only takes a few clicks and an initial investment, scammers explain. And to make it seem safe and reliable, all transactions take place inside that pretty website.
But once the transfer is done, the money is lost. Our smart financial advisor, on the other hand, will be congratulating us on a “smart” investment. Just a few days after, a message notifying us that we’ve just made massive profits may pop in and that thought on the back of our mind that maybe all this was a scam just flies away.
Turns out, however, there are some unexpected high taxes to be paid in order to get the money in our account. And even if we pay, scammers will keep draining our wallets as much as they can. Their profit is already guaranteed.
So what can you to do stay safe on LinkedIn?
Any of us can fall victim to a scam, regardless of how much information we have access to. Being aware of this is, in fact, the first step towards staying safe from scammers, be it on LinkedIn or anywhere else.
There are a few other golden rules to follow:
- Be cautious on LinkedIn as you would be on any other social media platform.
- If you receive an email that appears to be from LinkedIn, but you’re not sure if it is legit, don’t click on any link. Instead, open LinkedIn directly and check your notifications.
- Treat with caution requests for connection from people you don’t recognize. If they contact you, do not click on any link. Instead, run a Google search about the employer and how reliable that connection is. Ask yourself “how did this person find me? Why are they contacting me?”.
- Make sure your privacy settings for people outside your contacts only show the necessary information. For example, you might want others to see your work experience and education, but not necessarily your phone number.
- Use a strong and unique password or passphrase.
- Enable two-step verification (also known as two-factor authentication). In case your login gets compromised, it will be much harder for hackers to use it.
- Never give personal information like your identification numbers or credit cards. Prospective employers will not ask for your banking details or to deposit your salary using the login credentials.
- Be aware that real job offers observe country and tax laws. Easy money tends to be a scam.
- Be wary of unsolicited offers for financial services or investments through connections you don’t know. Nowadays, each of us can set up a website that looks pretty and trustworthy.
- Always a report a scam to LinkedIn.
Bottom line, if something is too good to be true, it most likely is (a scam).
by André Lameiras, ESET
One thought on “Common LinkedIn scams: Beware of phishing attacks and fake job offers”