Scam of the day – June 20, 2016 – LinkedIn phishing email

Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.   They are a staple of identity thieves and scammers and with good reason because they work.  Here is a copy of a new phishing email that appears to come from LinkedIn that is presently circulating.  DO NOT CLICK ON THE LINK.  Like so many phishing emails, this one attempts to lure you into responding by making you think there is an emergency to which you must respond.  Because LinkedIn has been in the news regarding a massive data breach, many people might be more likely to trust this email.  Don’t trust it.

“Dear Linkedin User

Due to the recent upgrade in linkedin you have to upgrade your account to keep using linkedin  or your account will be terminated.
In order to login click the link below
http://www.marcospomar.eliti.com.br/li/j/sign.htm
to login and wait for responds from linkedin.
We apologies for any inconvenience and appreciate your understanding.
Regards
LINKEDIN.”

TIPS

There are a number of indications that this is not a legitimate email from LinkedIn, but instead is a phishing email.  The email address from which it was sent has nothing to do with LinkedIn, but most likely was from a hacked email account that is a part of a botnet of computers controlled remotely by the scammer.  In addition, they also would not use the generic greeting “Dear LinkedIn User,” but would rather specifically direct the email to you by your name. Another indication that this is a scam is the poor grammar where the email reads, “We apologies for any inconvenience.”  English is often not the primary language of many scammers based around the world and it shows in their grammar.

As with all phishing emails, two things can happen if you click on the links provided.  Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft.  If you receive an email like this and think it may possibly be legitimate, merely call the company at a telephone number you know is accurate where you can confirm that it is a scam and make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for companies to trap you if you make a mistake in dialing the real number.

 

Scam of the day – September 26, 2015 – Employment recruiter scams

Searching for a job is much easier today with all of the resources of the Internet, however, unfortunately, it is also easier for scammers to search for victims posing as employment recruiters using the resources of the Internet.  The phony recruiters often reach out to people on social media such as LinkedIn, Twitter and Facebook.  Many people provide personal information to these scammers who then use that information to make the job seeker a victim of identity theft.  Often the scammers will copy the logo of legitimate companies so that their emails may look legitimate.

TIPS

As I always say, “trust me, you can’t trust anyone.”  You can never be sure when you receive an email, text message or communication by way of social media who is really contacting you.  For this reason, you should never provide personal information to a recruiter unless you have absolutely confirmed they are legitimate.  You can do this by contacting the HR department of the real company they may only be pretending to represent.   Real job postings can also be found on the websites of legitimate companies so if someone claims to be recruiting for a company that does not list such a job as being offered by the company on its website, you can expect that the recruiter is a scammer or identity thief.

Scam of the day – September 15, 2015 – Google Docs phishing scam

Scammers are sending phishing emails that appear to come from a company recruiting you for a position at their company.  The email looks legitimate, is written with good grammar and contains a legitimate looking company logo.  The email indicates that the recruiter found your resume on on LinkedIn.  Attached to the email is a link to Google Doc purportedly with a description of the job for which you are being recruited.  Clicking on the link will take you to a legitimate looking, but phony log-in page that looks like Google’s login page.  The scammers actually open a Google Drive account and mark it as public.  They then load their phishing program on to the file.  If you enter your user name and password, you will have turned over this information to an identity thief.

TIPS

As I often warn you, “trust me, you can’t trust anyone.”  This scam is particularly insidious because it looks so legitimate.  However, you should never click on a link in an email or text message unless you have absolutely confirmed that it is legitimate.  In this case, you should check out the company on Google or some other search engine to find out if it is a real company.  But even that is not sufficient to confirm that the email is legitimate because a scammer can use the name of a legitimate company to send out what appears to be legitimate emails that are, in fact, scams.  If a job is being offered by a real company, you can get information about the job posting on the website of the legitimate company or by calling the company’s HR department.

Scam of the day – September 23, 2014 – How LinkedIn can be used to hack companies

LinkedIn is a very popular social networking service site for business people where 300 million people share knowledge and opportunities.  Unfortunately, however the information provided on LinkedIn can be manipulated in the hands of a hacker to provide information that can be used to hack a business’ computers and data.  If you look up a company on LinkedIn you will find a number of profiles for individual employees of the company.  Many of these will include the employee’s email address.  After viewing a few employee profiles a hacker can determine the protocol used for emails within the company, such as initial of first name, last name@companyname.com.   Using this information, the hacker can send a legitimate appearing email to a company employee that looks like it comes from within the company luring the real employee to either click on a tainted link or enter a username and password.  This can be used to either directly install malware on to the company’s computers through the tainted link or get access through the user name and password of the employee victimized by the scam.  From there it is an easy thing to install malware to steal information from the company.

TIPS

Never click on links in emails, text messages or social media or download attachments until you have absolutely confirmed that they are legitimate.  Also, when it comes to network security, most companies will never ask for an employee’s user name or password.  Again, never provide this information on any website or anywhere else until you have first confirmed that the website is legitimate.  It might be a phony, tainted website merely phishing for your information.  Trust me, you can’t trust anyone.

Scam of the day – November 23, 2013 – Phony LinkedIn job postings

LinkedIn is a popular social media website used by business professionals to network with other professionals.  More than 225 million people around the world are members of LinkedIn.  LinkedIn is used by these people to get ideas, explore opportunities and even to list job postings.  Anything with 200 million members is attractive to scam artists so it is not surprising that scammers are constantly trying and often successful in posting phony job offers despite the best efforts of LinkedIn to recognize and take down these phony ads.  Bitdefender, which is a maker of anti-malware software recently exposed a phony job advertisement placed by a recruiter who used the name Annabella Erica.  Scammers had managed to infiltrate and put her profile into the legitimate LinkedIn group Global Jobs Network, which has 167,000 members.   Scammers put these phony ads on LinkedIn and other social media in order to gather personal information which is then exploited for purposes of identity theft.  Other times the phony ads will contain links that if clicked upon will automatically download keystroke logging malware which can steal all of the information from your computer and lead to your becoming a victim of identity theft.

TIPS

The best place to look for a helping hand is at the end of your own arm.  Although LinkedIn and other websites that carry job postings try to identify and either prevent or remove phony ads from appearing on their websites, you cannot depend on these companies to fully protect you.  Certainly a little skepticism helps when you see a job posting for a job that sounds too good to be true.  In that case you should fully investigate the company before providing any information and should never click on any links or download any attachments until you have done sufficient research to make sure that the job offering is legitimate.  In addition, you should make sure that you not only have a good Firewall, anti-virus and anti malware software installed on your electronic devices, but that you keep this security software up to date with the latest patches and updates to help insure your protection.