In a classic example of an offer sounding too good to be true, and just that little bit too easy – a spate of LinkedIn scams reinforces that users can’t afford to let their guard down.
Antivirus software provider Bitdefender has detected a new virulent campaign that baits victims with exciting job offers from the fake profile of an attractive female recruiter.
The bogus profiles connect with users, gather the personal details of users, and lead them to dangerous websites using shortened URLs, which don’t display the full domain.
Common wording of the scam reads:
“There are hundreds of companies right now searching for people that can speak two languages, it doesn’t matter what language you speak, as long as you speak English, and at least one other language, there are plenty of jobs available for you.”
Senior E-threat Analyst at Bitdefender, Bogdan Botezatu, commented that Australia is a key target as many users speak English as well as a native language.
“The fake Australian profile of ‘Annabella Erica’ has already been injected into authentic LinkedIn groups such as Global Jobs Network, which includes 167,000 users worldwide. Members of the social network are now sharing insights on more than 2.1 million groups, so the number of victims exposed to the scam could be a lot higher,” Botezatu said.
“The fake employment website is registered on a reputable ‘.com’ domain to avoid raising doubts as to its authenticity. Scammers gather e-mail addresses and passwords they may later use for identity theft. Fraudsters usually register websites for longer periods and sometimes make their pages look even better than legitimate websites,” he added.
It is critical to note that employment scams are sometimes backed by other fraudulent websites, such as fake hotels, which often include a career section.
As a result, fraudsters are able to obtain names, addresses, banking information and other personal details throughout the bogus “recruitment” processes, with the ultimate purpose of identity theft.
“In the end, victims may even get a new job as a money mule transferring illegal payments from one account to another,” Botezatu warned.
Key security tips for Australia’s LinkedIn users:
- Always check the new profiles that add you on LinkedIn. No matter how hard you’re looking for a job or to expand your professional network, it’s crucial to do a bit of research before accepting new connections;
- Check if you share trusted connections with the people who add you on LinkedIn;
- When you share insights on LinkedIn groups, be careful with the information you post. Social engineers seek details that help them reach you or your company through spear phishing and social media attacks.
- Employment scammers require victims to pay in advance for attractive jobs, usually work-at-home scams. When you’re recruited for a new job, make sure you are the one who gets paid, not otherwise.
- Use a search engine to check if the picture of your new recruiter isn’t spreading on other web sites as well. Bitdefender discovered that “Annabella Erica” also wrote a testimonial as “Sara”, for a research and writing services company. Her picture is used on the websites of an eye care center, a student registration system and a Florida bank.