12 tips to avoid LinkedIn fraudsters: Internet Scambusters #1,020
With more than 800 million members, LinkedIn is by far the biggest social media site for business professionals, making the Microsoft-owned network a mouthwatering target for scammers.
No surprise then that with more people than ever trying to switch jobs, researchers report a surge of more than 200 percent in LinkedIn scams so far this year.
In this week's issue, we'll explain how the fraudsters operate and what you can do to spot and avoid their evil tricks.
Let's get started…
On Guard! LinkedIn Scams Are Soaring
Scams on LinkedIn, the social media site for professionals, with more than 800 million members, have unexpectedly rocketed by more than 200 percent during the first half of this year.
Researchers can't pinpoint the cause beyond noting that the surge is due to cunning phishing attempts offering fake job opportunities in order to steal login credentials. But it's enough to set alarm bells ringing among the network and Internet security firms.
Furthermore, there's often more at risk than just the compromise of a victim's LinkedIn account. Gaining control of an account gives the hijacker access to everything that goes with it, such as names and other details of all the victim's contacts and perhaps even confidential business information.
No wonder that, right now, researchers say LinkedIn scams are growing faster than fraud on any other social media site.
"In most cases, it's due to the trust associated with users being professionals," says privacy expert Ali Qamar. "That's to say, users assume all users are like them; professionals. This false sense of security plus the potential for credible connections from strangers makes it a scammer's dream!"
In fact, according to the 2020 US Digital Trust Report, LinkedIn is rated as the most trustworthy site on the web.
Many of the attacks come via well-crafted emails that look like they're either from LinkedIn or from well-known business names. And according to a report from Malwarebytes, some of them are managing to slip past security software.
1. Phony Emails
The most common LinkedIn phishing attempts include phony emails.
For example, LinkedIn often sends out messages to members telling them how many times their name has appeared in searches or inviting them to congratulate one of their contacts for a work anniversary or promotion.
Similar scam emails look like they came from LinkedIn and naturally arouse the curiosity of the recipient. But clicking on a link will take the victim to a fake sign-on page and steal their credentials.
Similarly, as with many other phishing scams, a fake message might tell the recipient they're overdue on a fee payment or that their account has been compromised. Again, a malicious link will take them to the false sign-on page.
Sometimes, clicking these links will upload malware onto the victim's PC, which can then be used to steal sensitive information or to install ransomware.
Another way of luring victims to their fate is a bogus job offer. The scammers may then ask for information such as bank account details or demand payment for supposed security checks or training materials.
This scam is one of the factors behind the latest surge in LinkedIn fraud because of what's become known as "the great resignation" - thousands of people quit their jobs in the wake of the COVID pandemic.
In the same way, crooks may use a hijacked account or a fake profile to offer the victim's contacts fraudulent investment opportunities, especially cybercurrency-related schemes -- another factor driving the LinkedIn scam surge.
2. How to Avoid LinkedIn Scams
As with other social media scams and phishing activity, the golden rule is never to click on a link in emails, social media posts, or other messages. Instead, go straight to LinkedIn.com and do your research there.
Second, make sure too that you key in that correct website address. Fraudulent websites use very similar names, with perhaps just a couple of characters transposed, or the substitution of a letter such as "l" with a number "1."
10 More Tips
Here are 10 more tips to keep you on the straight and narrow:
- Don't assume a message you received from an established contact is genuine. Their account may have been compromised.
- Beware of unsolicited messages offering you work opportunities that you didn't apply for.
- Don't disclose any personal or company confidential information until you're 100 percent sure you're dealing with a genuine individual.
- Use hard-to-guess passwords and keep your Internet security software up to date. Using a password manager will usually avoid inserting your details on a fake sign-on page.
- Don't pay to take up an apparent job offer. Legitimate companies don't work this way. And an instant job offer without an interview or one that doesn't align with your skills is always bogus.
- Don't accept connection requests from people you don't know until you have thoroughly checked them out.
- Set the privacy settings on your LinkedIn account to avoid giving away too much information about yourself to crooked searchers.
- Use two-factor authentication on your account - requiring an additional real-time generated password or code. Someone who steals your log-in information still won't be able to sign in without this.
- Don't invest purely on the basis of something you were told on LinkedIn, especially if you didn't ask for it. Speak to your financial advisor.
- Check out LinkedIn's own help page dealing with phishing attempts.
If you think you've been scammed on LinkedIn, report it to the company by completing their "possible scam" form. You'll also find links on this page for other security steps to protect your account.
In addition, tell your contacts, change your password, and report it to the Internet Crime Complaint Center.
This Week's Scam Alerts
Wrong Number: Watch out for messages that ask you to call a phone number beginning with **67* followed by 10 more digits. This trick, which has been seen on WhatsApp recently, forwards all your calls to that 10-digit number. Scammers use it to set up new accounts in your name and pick up the second factor authentication number that WhatsApp sends out.
Wordplay: Researchers have discovered that certain words and phrases used in the subject line of business or holiday-related emails are often a sign that the message is a scam. These include phrases like "Password Check Required Immediately." Security awareness training outfit KnowBe4 has produced a list of the most common subject lines in spoof messages.
That's it for today -- we hope you enjoy your week!