LinkedIn is a popular social media website used by business professionals to network with other professionals. According to LinkedIn, it has more than 645 million users. LinkedIn is used by these people to get ideas, explore opportunities and even to list job postings. Anything with 645 million members is attractive to scam artists so it is not surprising that scammers attempt to use LinkedIn as a basis for many scams and identity theft schemes. A recent report from KnowBe4 a security training company found that 56% of the most common phishing and spear phishing emails purport to come from LinkedIn. Using phony phishing and spear phishing emails that appear to come from popular social media companies have increased 75% already this year. These phishing and spear phishing emails lure you into trusting them and into either supplying them with personal information that is used to make you a victim of identity theft or entice you into clicking on a malware infected link that may infect your computer, phone or other device with various strains of malware such as ransomware or keystroke logging malware that can lead to identity theft. The most common themes in LinkedIn phishing emails involve password reset emails and phony log-in alerts. Other scams connected to LinkedIn involve phony job listings. Security software company Symantec issued a warning about an increase of LinkedIn job scams. Symantec identified a common pattern found in many of these phony job listings on LinkedIn. The pattern includes fake accounts set up by the scammers posing as recruiters for nonexistent businesses. They also often use photographs of women that they obtain from websites that provide images or copied from other online sources. To make the ads seem more legitimate, they will copy the exact wording of real advertisements appearing elsewhere. What makes this scam particularly dangerous is that real recruiters use LinkedIn to contact prospective job recruits. While some of the older job scams would ask for money from their victims to pay for credit checks or other administrative costs, the newer scams seem primarily to be done with a goal of gaining information, such as email addresses and other information about the people targeted and the companies where they work in order to facilitate directed spear phishing used to lure employees to unwittingly download malware into their companies’ computers.
There are a number of indications that phishing emails that purport to be from LinkedIn are bogus. Often the email address from which it is sent has nothing to do with LinkedIn, but most likely was from a hacked email account that is a part of a botnet of computers controlled remotely by the scammer. In addition, they also often use the generic greeting “Dear LinkedIn User,” unlike the real LInkedIn which would specifically direct the email to you by your name. Another indication of phishing emails is often poor grammar. English is often not the primary language of many scammers based around the world and it shows in their grammar.
As with all phishing emails, two things can happen if you click on the links provided. Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you will download keystroke logging malware that will steal all of your personal information from your computer and use it to make you a victim of identity theft. If you receive an email that asks for personal information or instructs you to click on a link and you think it may possibly be legitimate, merely call the company at a telephone number you know is accurate where you can confirm that it is a scam and make sure that you dial the telephone number correctly because scammers have been known to buy phone numbers that are just a digit off of the legitimate numbers for companies to trap you if you make a mistake in dialing the real number.
Although LinkedIn and other websites that carry job postings try to identify and either prevent or remove phony ads from appearing on their websites, you cannot depend on these companies to fully protect you. Certainly a little skepticism helps when you see a job posting for a job that sounds too good to be true. Ads that ask for you to pay upfront costs for any reason should be considered to be a scam.
To check on the legitimacy of photographs in these ads you can do a reverse image search using Google or websites such as tineye.com. You can also check to see if the wording of the advertisement has been used elsewhere by merely copying a substantial amount of the text into your search engine and see what comes up. Finally, research the company itself to determine if it is a legitimate company. You can’t be too careful before providing someone with personal information.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”