Scams on social media are not uncommon, but when it comes to LinkedIn, people tend to be more willing to share personal information in the hopes of acquiring a new job or business lead. This is why you need to be even more vigilant about protecting your personal information when using LinkedIn.
Just last week, our blog discussed the impact Job Seeker scams has had on people trying to find work. One of the things LinkedIn does well is it puts job seekers in touch with recruiters and hiring managers. But it’s not just people looking for work who use LinkedIn. Many individuals use the social tool to help make sales or promote their businesses. No matter what your purpose for being on LinkedIn, these scams are something that you need to watch out for.
One of the scams you need to watch out for are a variety of phishing emails that are supposedly from LinkedIn, but really are not and lead the user to fake login pages. Once a user inputs their information on the fake login pages, the scammers now have that user’s credentials. The same ways that you can usually spot a phishing email can be used to tell that the LinkedIn emails are not legitimate. In many cases, you can see in the message headers that the messages are sent from a different domain, and not linkedin.com. Checking for spelling and grammatical errors is another dead giveaway.
Another scam that is also making the rounds comes in the form of fake LinkedIn profiles. On the hatless1dr blog, the writer talks about the flurry of connection requests coming their way. Being suspicious in nature, hatless1dr realizes that the images are GAN images (Generated Adversarial Network), which are fake faces generated by AI. They also notice that all the profiles contain “a smiling face, a tagline with consultant/hiring/sourcing, a generic stock art cover photo of some cityscape, a hometown anyone would recognize, 3 prior employers with unmistakable brands and a college I’d be lucky to afford cafeteria food from, let alone an education.”
So, what is an organizations motivation for using these fake profiles? The Tech Republic writes of “real cyber-espionage threat actors abusing LinkedIn to get in touch with employees of companies they want to compromise.” In some cases, they will use social engineering to get employees of the businesses they are targeting to install malware. There is also the potential that the fake profile is trying to acquire information, by possibly offering a fake job. When it comes to profiles on LinkedIn, here are some clues that the profile my be fake:
- Check the entire profile. Are there inconsistencies or weird information?
- Check the profile’s contacts or the number of contacts. If the number is very low, it might be a newly created profile set up for fraud.
- Does it make sense that this person would contact you?
- Does the person want to share files with you?
- Is there a sense of urgency in their messaging to you?
Phishing and social engineering scams are a big part of our internet connected world, but phishing and social engineering do not have to be the downfall of your business. If you worry that you or your staff could fall for these types of scams, then contact QuickProtect to book your phishing awareness session with us.