Security Alert: Job Seekers, Beware of this LinkedIn Scam

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

There’s a new LinkedIn scam doing the rounds, involving phishing emails and a fake website designed to harvest the information you have in your CV.

How the scam starts: the phishing email

In the first stage of the scam, you receive a phishing email disguised as a LinkedIn email.

Here are just a few of the giveaways that this is a phishing email:

  • Wrong sender name. Instead of it being “LinkedIn”, it’s “linkedin”.
  • The email sender address doesn’t make any sense. For the most part, emails from LinkedIn should end in “@linkedin.com” such as “jobs-listings@linkedin.com” or “invitations@linkedin.com”
  • The urgent tone of the email. Phishing emails want to stop you from critically analyzing their contents by making it seem like the offer could expire at any moment, so you should act as soon as possible.
  • The design of the email. LinkedIn offers as a lot of information about the job listing within its newsletter, alongside mentions of connections and such.

  • It doesn’t have a correct LinkedIn footer. Normally, a legitimate footer from a big company contains an Unsubscribe / Help button, corporate branding, copyright protection and address.

Harvesting information from your CV

Clicking either of the two links in the spam email will send you to https://linkedinjobs (dot ) jimdo (dot) com.

We scanned the link with VirusTotal, and most of the security solutions found it to be clean, with the exception of a less well known scanner, AutoShun.

Clicking on the website itself will take you to a simple page, where the main focus falls on a form for uploading your CV.

Why would a cybercriminal want your CV?

Your CV contains a wealth of personal data which a cybercriminal uses to make a profit at your expense.

Phone numbers can be sold for companies doing promotional cold calling. Or, the cybercriminal might call you himself in a vishing attack.

In other cases, he might use the information for identity theft, using the companies you worked at or attached references as a cover for fraudulent activities.

Another frequently seen scam is one in which you do actual work, but only as part of a trial period. In these situations, the “employer” will fire you a few days before your first paycheck is due, which is exactly what happened to Beverly, who ended up working for a company she thought was legitimate, only to find in the final week that it wasn’t, and no salary would arrive.

Sometimes however, the attacker targets a company you worked at (or a future company you want to work for). Using the information found within your CV, the attacker might impersonate you in order to launch spear phishing emails against people in those companies, such as the CEO or the accounting department, in order to illegally obtain funds or money transfers.

In 2016 for instance, the CEO of an Austrian airplane component manufacturer was fired after he got tricked by a spear phishing attack that led him to transfer around 40 million euros to the scammer’s account.

Report these scams and phishing emails

This isn’t the first time LinkedIn has been used a cover for a phishing campaign. Another similar situation was encountered in 2016, which we also covered.

It’s difficult (if not impossible) for companies alone to prevent these scams from taking place. In these cases, users too should contribute to keeping the Internet safe.

In cases involving LinkedIn, the best course of action is to report these to the company:

  • phishing@linkedin.com is for phishing messages you receive directly in your LinkedIn account.
  • safety@linkedin.com is for phishing emails you receive in your email inbox, from someone pretending to be LinkedIn.

LinkedIn itself also offers a thorough set of tips and advice on how to recognize various scams over the network, such as inheritance or dating scams.

To summarize

When you’re actively searching for a job, being offered one in such a compelling tone might seem appealing. Because you expect to receive such messages (indeed, you welcome them) you’re tempted to let your guard down, and that’s exactly when a scammer strikes.

If you want to know more about phishing, and how to prevent it, we recommend you check out our dedicated article on the subject and also our guide on improving LinkedIn security.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
138 Followers
About Heimdal Security
We protect users and companies from cyber-criminal actions, by keeping confidential information and intellectual property safe. We build products focused on proactive cyber security and we dedicate a big part of our efforts to cyber security education for everyone.
Promoted Content
Expert Roundup: Is Internet Security a Losing Battle?
A while ago, one of our readers asked us to answer the following questions: Is Internet security a losing battle? How come companies are always 1-2 steps behind the fight? How can the bad guys respond so fast?That reader is certainly not the only one with this issue on his mind. Many Internet users feel discouraged by the current state of cyber crime and its consequences, and the rest don’t yet understand why they should care about it. We wanted to do something to change this.Naturally, users like you and me are not the only ones who wrestle this dilemma. Within the industry, cyber security experts are deeply involved in studying the causes and changes which have brought us to this point so they can create better solutions. Each of these experts brings a different perspective to the discussion, because no single person can ever claim to have the full picture.That is why we reached out to some of the most experienced cyber security specialists in the field to gather their thoughts on the topic. We believe that the questions we received are justified and they deserve an honest answer. And you will find plenty of them in the article!

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel