How to Avoid LinkedIn Job Scams
Be Aware of these 3 Signs of Suspicious Job Posts
Now that modern day life has essentially been augmented into the cyber world, we should be vigilant and approach the use of all internet facing devices and platforms with caution and slight skepticism. Our acquiescence to the virtual and online way of life has brought with it a new standard of obligations, ethics, and implicit agreements between users of the internet and social media. For example, blasting out spam email with pornographic images and links is considered unethical to most people and even illegal according to CAN-SPAM act that was passed by Congress in 2003. We also live in a time where cyber warfare is becoming the preferred method of attack by nation state actors in order to disrupt nuclear plants, medical facility operations, and communications and supply chain logistics. But we do not have to look far to see where we are vulnerable in our own personal lives; just check your LinkedIn inbox.
Job postings on LinkedIn are a medium used by hackers and spammers to get unknowing users to click and respond to malicious links for bogus job opportunities. Of course, this may seem obvious and redundant to the informed user, however, as an underwriter in the field of cyber security insurance, the most common phrase I’ve heard from CISOs (Chief Information Security Officers) is that the weakest link in a cyber security framework are the people. This isn’t intended to be a slight, or diss, towards employees but statistically speaking, the main reason for a cyber breach within an organization is the element of human error by clicking spam links, downloading unauthorized software or material, and leaving sensitive accounts logged in and unsupervised.
So what can we do as participants in the LinkedIn community to avoid being a victim of a job posting scam?
Look out for these 3 signs:
1. Spam/fake notifications to your email
You probably have received the excessive emails in your inbox that come from LinkedIn notifications letting you know the amount of views your profile gained that day or someone from LinkedIn premium sent you a seemingly cordial introductory email. What you should be aware of is the sender or email from which the notification was sent and the small details of spelling, grammar, use of a jumbled email template or any wording that just seems off. What cyber criminals have been able to take advantage of is embedding phishing links into the email notification and rousing victims into using the link provided to login to their LinkedIn account to respond to the notification. By doing so, victims unknowingly provide their login credentials to the cyber criminal who can then manipulate and basically hijack your account as if it were any other form of social media.
This can lead to devastating consequences if the phisher decides to black mail you or spew out content you never would have yourself. Check out the image below as an example of a spammed LinkedIn email:
Notice the misspelled, jumble email sender address and the lack of a profile picture. Also, the salutation just addresses this person as “Dear”. The threat of having the account blocked also prompts the reader to take action before they are penalized. The last thing to note is the wording of the closing line, as the words are inconsistently capitalized and the message is trying to offer a false sense of security.
2. Phony Job Offers
The saying, “if it’s too good to be true, then it is” could be a good mantra to have in mind when sifting through your inbox of job descriptions sent by recruiters. What cyber criminals will do is put together a descriptive and appealing job offer that provides specific details on salary and potential growth all within reach by just clicking on the link provided. What typically happens next, if you have not already exposed your computer to ransom or malware, is that the link will direct you to a site where you will be asked to provide more personal detail such as your contact information, address, and current role. What often times happens as well is you’ll be invited to engage in a training or assessment for the role but are prompted to provide access to your computer software to take one of these assessments, such as through a remote desktop or even Microsoft Exchange and O365.
Sometimes you’ll even be asked to pay a small fee to continue with the assessment and job training by providing credit card or bank account information! Huge red flag! As much as I hope people are sensible enough to avoid this trap, some people still do and it is never a pleasant experience.
Below is an example of a job offer scam:
Notice the blank LinkedIn profile icon and the “Greetings” salutation as this is a bit uncommon as an introduction depending on where the sender is from (country/culture wise). There are a few grammatical errors and there is a call to action to click the link for the full details on the opportunity. The link itself is messy and convoluted which can be a sign for a phishing site. The closing line asks the recipient to reply with the “necessary information” which most likely will be sensitive personal information.
3. Investment and Crypto Scammers
I’m not one to turn away from a lucrative investment opportunity, but something tells me to put my financial prowess on the back burner when I come across sketchy ‘financial advisors’ who reach out with exclusive Forex (foreign exchange) or cryptocurrency investment deal schemes. You might receive similar invitations on platforms like Instagram where a scammer may create a group of potential investors and provide details on a investment scheme. You’ll notice that their profile pages are labeled with titles such as “Forex Trader” or “Options Divestiture Advisor”.
For us surveying the LinkedIn environment, you will see invitations addressed directly to you with a link to a website where they have polished up the presentation of the details and may even provide a means of transferring money so you can get access to all of the content and trade secrets. Testimonials are also common on these websites to create a sense of community success and potential of reaping massive financial gains. Especially in a time where many are enduring some form of financial stress, unknowing people will fall prey to these scams.
Check out this CNBC link below related to investment fraud scammers using LinkedIn (no, this is not a phishing test but great to see you are being careful and alert!)
At the end of the day, it is us, the responsible users of social media and technology that need to be aware and armed with the knowledge to prevent, detect, and alert others and authorities of the cyber community in regards to malicious cyber criminal activity. Regardless of the suite of information technology and cyber security prevention software out there, we as people are the front lines of the cyber world. So keep in mind next time you are perusing through LinkedIn mail and notice something suspicious, do not click or follow any instructions given by the sender, whoever they are posing to be. Either delete the mail or report it to LinkedIn junk and spam depository because you can potentially be saving someone else from being a victim.
Like, comment, share any thoughts or stories you may have regarding LinkedIn or any other type of social media scams. The more tips, advice, and perspective the better for everyone!
