The fact that scammers haunt Facebook and Twitter is not surprising. Even so, digital criminals don’t stop with just those two platforms. They’re also known to stalk users on LinkedIn where connections carry greater professional gravity.
Fortunately, users can stay alert of such activity by familiarizing themselves with the most common types of LinkedIn scams. Here are five ruses, in particular, that should be on their radar. (These ploys are not ranked but simply listed in random order.)
Scam #1: Illegitimate Contact Requests
Like on any social media platform, the act of connecting with another LinkedIn user creates ample room for malicious activity.
Indeed, one of the most common ruses on LinkedIn is when a user receives a fake connection invite email from another member. These types of requests may take on one of several different forms. In some, fraudsters may claim that they’re romantically interested in the recipient.
In others, they’ll send more generic LinkedIn invitations to distribute malware. That’s exactly what happened in a scam campaign detected by KnowBe4. In their attack emails, bad actors used spam messages targeting LinkedIn to redirect recipients to a malicious website. This location ultimately redirected a user to Google’s home page after a few seconds, but in the background, it installed a sample of the ZeuS information stealer family.
Users should always be careful when clicking on suspicious links in their emails. If they receive an e-mail invitation to connect with another LinkedIn member, they should log into their accounts and review their connection requests there.
Scam #2: Fake Job Offers
In this type of scheme, users receive a LinkedIn message from someone claiming to be a job recruiter. The spammer outlines the details of a high-paying job and tells the user that they can perform its duties from anywhere with an Internet connection. This type of offer comes off sounding too good to be true for many users. To assuage their target’s skepticism, the fraudster commonly says that the offer is 100% legitimate.
Those are empty assurances. When payday comes around, there’s no paycheck to be found. The victim thus decides to reach out to the “supervisor,” but in many cases, both the supervisor and payless job have already disappeared, which leaves the victim with no recourse.
Other fake jobs offered via LinkedIn never even get to that point. As noted by Forbes, some scams use LinkedIn messages to offer jobs to unsuspecting users. These messages contain links that redirect users to websites that ask them to fill out an application, upload their resume, provide some sensitive personal information such as their Social Security Number and/or pay upfront for a training program. When the user completes these steps, however, the job never materializes, and the scammers make off with the user’s data and/or payment.
Given the variety of fake jobs targeting LinkedIn members, it’s important that users exercise caution if they are offered a job over an in-platform message. Reputable job-search sites such as FlexJobs and Indeed.com are a better avenue for finding real, paying work.
Scam #3: Phishing and Whaling Ploys
Not all scammers leverage fake job offers to steal LinkedIn users’ information. In one phishing attack detected by Malwarebytes, for instance, bad actors used compromised accounts of other LinkedIn members, including trusted users, to send out in-platform messages urging recipients to click on a link in order to view a Google Doc. When clicked, the URL redirected the recipient to a phishing page designed to steal their Google credentials.
These types of campaigns are more common than one might think. Each quarter, KnowBe4 reviews its data to determine the top-clicked phishing emails by subject lines pertaining to social media, general subjects and “In the Wild.” This process revealed that more than half of all social media-related phishing emails sent out in Q2 2019 masqueraded as LinkedIn messages, thereby furthering a trend that’s been growing quarter over quarter for some time now.
These statistics reflect the wealth of information which LinkedIn offers to potential phishers. Indeed, scammers often take the information which LinkedIn users have posted on their profiles, data which includes details regarding where they work, the causes that they support and the skills that they possess, to launch spear-phishing—or in the case of executives, “whaling”—attacks against companies. If one of those attacks succeeds and the scammer obtains access to an employee’s credentials, they could then leverage that initial compromise to access sensitive corporate information and/or compromise workers’ PII.
To protect your account credentials against scammers, make sure that you treat emails from people you don’t know with caution. In particular, do not click on any suspicious links or open any unknown email attachments.
Scam #4: Tech Support Ruses
Of course, phishers don’t always need to impersonate a trusted user or fellow employee in order to prey on LinkedIn users. Sometimes, all they need is the guise of the social media network’s technical support department. That’s exactly what happened back in 2017 when a staffer at Tom’s Guide received an email message entitled “Important User Alert” from “linkedIn[dot]customerservices[dot]us1@fsr[dot]net.” This email informed recipients that someone had accessed their account from a different IP address on record and said that the recipient might lose privileges on the site unless they clicked on a suspicious link. Doing so redirected them to a user-created address on LinkedIn that was blank at the time of analysis.
While likely still in development, this attack attempt highlights digital attackers’ proclivity to disguise themselves as support technicians and contact users that way. The team at LinkedIn had something to say about this tactic:
We don’t offer a phone number for customer support. Some websites will advertise phone support for LinkedIn for a fee. These websites aren’t affiliated with LinkedIn in any way and we’re proactively working on taking action on them. Keep in mind that we don’t charge for customer support and we’ll never ask you for your password or access to your computer.
As such, users should follow best security practices when confronted with a suspicious message.
Scam #5: Advanced Fee/Inheritance Schemes
We have seen these 419 scams flood our Spam folders for years, so it is only fitting that we would come across them on LinkedIn from time to time.
Jennifer Jones explained back in 2015 how she came across one such scam when she was contacted by “Jonathan Salisbury,” an individual who claimed to work for the Royal Bank of Scotland as a Senior Relationship Manager in Corporate Banking.
The scam message informed Jennifer that she had inherited millions of dollars from a deceased relative and requested that she contact Jonathan to claim the money.
Had they connected outside of LinkedIn, Jonathan would no doubt have pressed for Jennifer’s financial information under the guise of a necessary money transfer processing fee. Had Jennifer complied with Jonathan’s request, she might have lost thousands of dollars in the process.
Fortunately, Jennifer was wise to the scam from the beginning. She never replied to Jonathan and instead reported the message to LinkedIn. If you ever receive an advanced fee scam message on LinkedIn, please make sure you do the same.
Social networking sites are a useful tool for connecting with friends and colleagues. But we must remember that like on any website, scammers prowl these platforms for unsuspecting users. As you build your connections on LinkedIn, remember to keep an eye out for the scams explained above. You can also learn about additional best security practices for social networking here.