![]() Verify requests and message content in multiple places (like an email or Slack) before responding and remember if your boss wanted to communicate something urgent and work-related, they probably wouldn’t choose an outside social media platform to do it. To protect your account credentials against scammers, make sure that you treat emails and in-platform messages from people you don’t know – and even the ones you do - with caution. If one of those attacks succeeds and the scammer obtains an employee’s credentials, they could leverage those to gain access to sensitive corporate information, putting the entire organization at risk while operating beyond the security scope of the CISO, as Bleeping Computer notes. Indeed, scammers often take the information which LinkedIn users have posted on their profiles, data which includes details regarding where they work, the causes that they support and the skills that they possess, to launch spear-phishing-or in the case of executives, “ whaling”-attacks against companies. These statistics reflect the wealth of information which LinkedIn offers to potential phishers. According to CheckPoint, 45% of all email phishing attempts impersonated LinkedIn, with the goal of driving users to a spoofed page and stealing their credentials. These types of campaigns are more common than one might think. When clicked, the URL redirected the recipient to a phishing page designed to steal their Google credentials. Bad actors used compromised accounts of other LinkedIn members, including trusted users, to send out in-platform messages urging recipients to click on a link in order to view a Google Doc. Not all scammers leverage fake job offers to steal LinkedIn users’ information. ![]() Reputable job-search sites such as FlexJobs and are a better avenue for finding real, paying work. Given the variety of fake jobs targeting LinkedIn members, it’s important that users exercise caution if they are offered a job over an in-platform message. While the ruse was caught in time, she did end up completing the entire application process as “she figured it was just how things worked in a pandemic-transformed world.” As cited in the LA Times, employment-related scams reported to the Federal Trade Commission nearly tripled between 20. This was almost the case with Sandi Pounder, a IT professional with several years of experience who was “ hired” within 48 hours of an unsolicited LinkedIn recruiting reach-out. The victim thus decides to reach out to the “supervisor,” but in many cases, both the supervisor and payless job have already disappeared, which leaves the victim with no recourse. When payday comes around, there’s no paycheck to be found. To assuage their target’s skepticism, the fraudster commonly says that the offer is 100% legitimate. ![]() This type of offer comes off sounding too good to be true for many users. The spammer outlines the details of a high-paying job and tells the user that they can perform its duties from anywhere with an Internet connection. In this type of scheme, users receive a LinkedIn message from someone claiming to be a job recruiter. If they receive an e-mail invitation to connect with another LinkedIn member, they should log into their accounts and review their connection requests there. Users should always be careful when clicking on suspicious links in their emails. This problem is all too common there were over 21 million fake accounts detected in the first half of 2022 per the company’s community report. As told to NPR, once trust was established, the woman continued the conversation on WhatsApp where she was ultimately led to transfer her money to cryptocurrency, and “after a while, she realized that those cryptocurrencies are completely lost, and she could never withdraw them back.” In his article, "The 1,000 Chinese SpaceX Engineers Who Never Existed,” Zeyi Yang chronicled one unfortunate instance in which a California professional was groomed by a fake LinkedIn user who leveraged their “shared” field of accounting. In others, they’ll play the long game by creating a fake persona that can execute a well thought-out, custom-built attack. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |