Beware of LinkedIn Phishing Scams

Let’s start by defining a LinkedIn phishing attack. A phishing attack is a cyber trap set by scammers that disguises itself as engagement from a trusted party, aiming to steal the unsuspecting person’s personal or financial information, such as login credentials, bank account information, credit card details, and more, which are often exploited in common LinkedIn scams. Phishing attacks typically arrive in the form of emails, texts, instant messages, or LinkedIn interactions, containing links or attachments. When the recipient clicks on these smart links, phishing links or attachments, they get redirected to either a clone landing page of a trusted platform or a suspicious third-party landing page. In either case, the phishing link becomes active, leading to data theft or the download of malware onto the recipient’s device.

Popular LinkedIn Phishing Scams

Fake LinkedIn Invites

Cybercriminals exploit people’s tendency to click LinkedIn invites from their email apps by sending fake profiles that resemble genuine LinkedIn profiles and LinkedIn invitation emails. They hope that some people will click these invites from their emails. Clicking on a fake invite may load a fake LinkedIn page or, more commonly, a third-party website on Chrome or the default browser of the recipient’s mobile device.

The real concern is that a fake LinkedIn invite phishing attack may not require the recipient to log in or perform any action, but it automatically downloads lurking malware like ZeuS or malicious smart links like ZeuS. This malware can compromise the recipient’s bank account information and personal information, leading to significant risks. leading to identity theft that proves difficult to detect./p>

Fake LinkedIn Notifications

LinkedIn sends regular emails to its users, including notifications like “people are noticing you” and “Alex posted recently.” These LinkedIn email notifications often contain clickable elements that redirect users to LinkedIn, such as a blue box element saying “see all views.” Cybercriminals have started designing phishing emails that mimic LinkedIn notifications and linkedin message to pique the curiosity of recipients. They employ LinkedIn’s Smart Link and linkedin smart links to bypass secure email gateways (SEGs) that should filter out suspicious links and emails to prevent them from reaching the recipients.

When unsuspecting people open these fake LinkedIn notifications and click on the elements as a user, they get redirected to a counterfeit LinkedIn page that typically contains fake job offers prompting them to log in. Unbeknownst to them, cybercriminals steal their data or download malware onto their devices, allowing for covert data theft. Recognizing these warning signs can help users avoid falling victim to such scams.

Crypto Investment Schemes

LinkedIn phishing scams often masquerade as crypto investment schemes, capitalizing on the increasing popularity of cryptocurrencies over the past five years, which are among the most common scams related to LinkedIn. Cybercriminals create fake LinkedIn accounts and send connection requests to numerous people, establishing friendly relationships with them over time, often leading to fake job offer scams. Afterward, they send mass messages to their connections, containing a phishing link disguised as a crypto investment website promising overnight profits.

These LinkedIn phishing attacks lure users by preying on people’s desire to invest in the next big cryptocurrency. However, not all that glitters is gold; some turn out to be fraudulent schemes orchestrated by threat actors, making it essential to report scams.

Job Offers

LinkedIn is a social media platform primarily used by professionals to network and find job opportunities. Cybercriminals exploit the desperation of job seekers by creating LinkedIn phishing attacks disguised as enticing employment scams targeting LinkedIn business accounts. They send direct messages to random LinkedIn users, presenting them with bogus job opportunities. While the job benefits may appear too good to be true, they grab the attention of job seekers. These messages often contain poor grammar or awkward phrasing — a subtle but common red flag that something’s off. If the recipients inquire further about the job, the so-called headhunters typically respond vaguely and request the unsuspecting LinkedIn users to provide their personal or intimate questions through a Google Form. In some cases, these forms may ask for highly sensitive information such as a Social Security number, which no legitimate recruiter would request so early in the process. Some scammers may even claim to represent a well-known company or public figure to gain trust — or ask for “other favors” like sharing private documents, credentials, or referrals under the guise of vetting.

How to Avoid Falling Victim to LinkedIn Phishing Attacks

When evaluating suspicious LinkedIn profiles, use tools like reverse image search to check if the profile photo appears elsewhere online — a red flag if it’s tied to multiple names or sketchy accounts. Maintain a security-conscious mindset to prevent falling victim to phishing attacks in general. Use strong passwords and avoid reusing them across different accounts. Keep your antivirus software, devices, and apps updated with the latest releases. Be cautious of the websites you visit, as they may lead to tech support scams . Continually educate yourself about digital security, including the latest viruses and verify your sourc , antiviruses, and cybercrime tactics. Refrain from sharing personal details, including identification numbers, that cybercriminals can exploit for theft. For example, avoid responding to tweets that casually ask for sensitive information like the last three digits of your phone number or your mother’s maiden name.

Always enable two-factor authentication (2FA) for all your digital accounts. When 2FA is activated on your LinkedIn account, it alerts you when someone attempts to log in from a new device using your account credentials or when you need to enter a verification code .

Avoid clicking on links and opening attachments from untrusted sources, particularly unsolicited ones. Phishing links or attachments may not cause immediate damage but can lurk in the background, stealing your data, including credit card numbers, and potentially engaging in online scams . Remember, just because someone contacts you on LinkedIn and engages in regular casual chats does not guarantee their trustworthiness; you can always notify the internet crime complaint center if you suspect foul play . They could be cybercriminals waiting for an opportunity to steal your data.

Install a strong and up-to-date antivirus software on all your devices to mitigate the damage caused by to mitigate the damage caused by compromised cybercrime. While it may not prevent all phishing attacks, checking the official website of legitimate companies can enhance your overall security for business reasons.

Bottom line for LinkedIn Phishing Scams

Exercise caution and refrain from risking your LinkedIn credentials, devices, or bank account information to avoid getting scammed by phishing messages. Some victims of phishing attacks were not necessarily fooled by the cybercriminals behind the attempts; instead, they fell victim due to curiosity or overconfidence. Remember that no attachment or link is worth compromising your security. Before clicking on a link or opening an attachment that could be phishing messages, consider the possibility of it being a phishing scam equipped with a fake job alert or even romance scams and powerful malware that could bypass your anti-malware software.