On Wednesday we took a look at Facebook scams. But what about LinkedIn? Because of LinkedIn’s professional focus, the scams are a little different, but use many of the same tactics. LinkedIn scams are more likely to draw on information from your professional profile, and tend to be employment or income related. Here they are:
- Whaling attacks – What?! We have talked about phishing and spearphishing, but what the heck is “whaling?” Because of the detailed professional information about your employers, experience, technical credentials, and the like, cyber-criminals can use LinkedIn to develop a deep company profile by collecting the information about all the employees that work there. From the research done on LinkedIn, an attacker has the kind of detailed information needed to launch a spearphishing attack against the CEO (a whale,) or a company specific phishing attack against all the employees.
- Fake job offers – Because so much legitimate recruiting happens on LinkedIn, one of the more successful scams is the lure of a job offer. Many of these are “work from home” jobs. Many of these are for “financial managers” who will be transferring funds for a “major corporation.” These jobs tend to be illegal money mule or money laundering operations, or other operations in support of criminal activities. Or you might find yourself engaged in a telemarketing operation, work for several weeks, get laid off, and then never get paid.
- Fake connections – You may get an email connection request, but the button or link will take you to a fake replica site and get you to download malware or login again, and steal your password.
- 419 scams – 419 refers to a section of the Nigerian legal code that deals with computer fraud, and we have all received the “Nigerian email” scam. This type of advance fee fraud, phony inheritance schemes, and bogus lottery winnings also show up on LinkedIn. These sorts of scams always require you to spend a little money now to get a lot more money later. And there is no money later, of course. But they did just get your bank routing information, and can clean out your remaining balance.
- Romance – LinkedIn is most definitely NOT a dating site, but there are some clever scammers looking for love – and loot – in all the wrong places. Here again your profile information may give a scammer an idea about your financial condition and gives them a way to target bigger game. This may be a long con in which the victim eventually buys their new “lover” a car or airline tickets or other high value items. Or it just may be another way to get an email address for spamming.
For prevention and avoidance tips, see our Facebook article from Wednesday. While we are at it, I am not writing this article again for Twitter, Pinterest, Vine, or Instagram scams. The same techniques and prevention applies to them as well. Social network scams and emails scams all rely on a certain amount of good, old social engineering or the art of the con. Con artists play on our emotions as part of the game, so if you are engaged in an on-line transaction and your emotion state changes from normal to something of a higher intensity such as fear, greed, anxiety, worry, or even lust, well it might just be a scam. Just use your head, and keep out of trouble.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com