With more than a billion members, and around 30 million users in France, LinkedIn is an extremely popular professional social network. This strong audience logically attracts malicious actors who use the platform to carry out large-scale scams. The cybersecurity company Malwarebytes has just sounded the alarm on this subject.
Pretty well-crafted scams
Experts alert us in particular to the presence of bots configured to identify #opentowork or keywords “I was fired” before taking action. It can therefore happen that, a few minutes after these types of publications, a job seeker directly receives links or requests to add from these fraudulent accounts.
Within minutes of a post, dozens of accounts start responding with links or requests to add as a connection. The idea is always the same: try to recover their personal data and/or steal money from them.
Malwarebytes also reports much more subtle scams where the scammer makes contact with their target by message. They sometimes use Premium accounts to impersonate someone from human resources.
In one example, we can see a message from someone informing the user of a job opportunity at Amazon Web Services. Her name “Kay Poppe” however makes you wonder (it makes you think of K-pop) as does her profile photo which seems to have been generated by AI. His message links to a page that imitates the LinkedIn site. The idea here again is to recover the victim’s information.
Where these scams are pernicious is that they target people who have just lost a job and are therefore very motivated to restart their career. They therefore risk jumping at the first opportunity and being fooled.
Researchers therefore advise treating these requests with suspicion and taking your time before acting. If you’ve fallen for this trick, don’t panic, Malwarebytes suggests:
- Be on the lookout for unusual account changes.
- Proactively perform a comprehensive password sweep.
- Contact your bank and credit card company.
- Inform your contacts who may receive fraudulent messages from you.
LinkedIn does not remain inactive
As a reminder, LinkedIn is well aware of the scams present on its platform. The company recently explained:
Fraudulent activity, including financial scams, is not allowed on LinkedIn. We work every day to keep our members safe, and that includes investing in automated and manual defenses to detect and address fake accounts, false information, and suspected fraud.
She also specified that she wanted to increase user awareness in order to better understand the risks they face.
