The professional social network LinkedIn is a worrying victim of fraudsters posing as recruiters in order to obtain personal and banking information.
” There is definitely an increase in attack sophistication and intelligence “, recognizes one of the leaders of LinkedIn with our American colleagues from FinancialTimes. The social network dedicated to professionals is indeed affected by an increase in recruitment scams, following in particular the democratization of teleworking and the mass layoffs affecting the new technologies sector. These scams harm the image of the platform, even if the latter, owned by Microsoft, does not give up to stem the sad phenomenon.
Increasingly Sophisticated Scams Targeting LinkedIn Job Seekers
Many job seekers go through LinkedIn, the world’s leading professional social network, and get scammed. Most often, the victims had participated in a fake recruitment process, set up by malicious individuals who shine by posing as recruiters, employers, and who end up obtaining valuable data (sometimes banking) belonging to the unfortunate candidates.
Although Microsoft has blocked tens of millions of fake accounts in recent months worldwide, the recruitment scam is becoming ever more sophisticated, which makes, for the moment, the attempt to put an end to it completely futile. ” We see websites being created, we see phone numbers with a person picking up the phone and answering on behalf of the business. We are witnessing a move towards more sophisticated deception said Oscar Rodriguez, vice president of product management at LinkedIn.
Cybersecurity company Zscaler warned last month of a scam targeting job seekers and a dozen US companies, with a scheme in which fraudsters contacted their targets using the messaging feature. (InMail) from LinkedIn. For this, they had created websites, lookalikes of companies like Zscaler, Intellectsoft or Zuora containing job offers similar to those actually put online by these companies. Once contact was established, the hackers invited the victims to fill in their personal data on the look-alike website, before conducting remote interviews on Skype.
The scheme was very well put together, since the scammers had simply created Skype profiles by copying the photo of the real recruiter from the companies in which the job seekers were applying. The scam allowed hackers to recover high-value data, but also money, for so-called computer equipment or training that a candidate would have to follow before being – falsely always – reimbursed.
Various threats, and AI development that can help hackers
Scams are getting more and more sophisticated, and the mad emergence of artificial intelligence isn’t going to help matters. ” Scammers are now using artificial intelligence to create profile pictures that can fool human eyes very easily “, explains Oscar Rodriguez, who nevertheless specifies that LinkedIn uses its own AI to detect these false profile photos.
In the United States alone, scams number in the tens of thousands, 92,000 to be exact in 2022, on jobs alone. In total, they would have cost the victims $367 million, or nearly $4,000 per scam. ” LinkedIn scams are increasingly common, unfortunately victims do not associate phishing attacks with the platform. With the recent waves of layoffs in the new technology sector, scammers have naturally seized the opportunity to find new targets », Analyzes Benoît Grunemwald, cyber expert at ESET France.
The all-digital era in which we have been plunged, with COVID-19 and the development of remote working, makes the trap set by web scammers even greater, aware that their victims have become accustomed to carrying out such approaches in a face-to-face at a distance, rather than in “physical”.
The other threat, as we said, is that of dismissal, Tech not being spared these days. What has become a hot topic is a new gateway for scammers to try to trick platform users. Morality therefore: remain vigilant when you are contacted on LinkedIn (and elsewhere), and try to make sure of the identity of your interlocutor. The social network has recently implemented certain features (alert message, dated indication on the exploitation of a profile, etc.), in order to fight even more against these fishnets.
Source : FinancialTimes
2