Beware of LinkedIn Phishing Scams

Let’s start by defining a LinkedIn phishing attack. A phishing attack is a cyber trap that disguises itself as engagement from a trusted party, aiming to steal the unsuspecting person’s data, such as login credentials, bank account information, credit card details, and more. Phishing attacks typically arrive in the form of emails, texts, instant messages, or LinkedIn interactions, containing links or attachments. When the recipient clicks on these phishing links or attachments, they get redirected to either a clone landing page of a trusted platform or a suspicious third-party landing page. In either case, the phishing link becomes active, leading to data theft or the download of malware onto the recipient’s device.

Popular LinkedIn Phishing Scams

Fake LinkedIn Invites

Cybercriminals exploit people’s tendency to click LinkedIn invites from their email apps by sending fake LinkedIn invitation emails that closely resemble genuine ones. They hope that some people will click these invites from their emails. Clicking on a fake invite may load a fake LinkedIn page or, more commonly, a third-party website on Chrome or the default browser of the recipient’s mobile device.

The real concern is that a fake LinkedIn invite phishing attack may not require the recipient to log in or perform any action, but it automatically downloads lurking malware like ZeuS. This malware can compromise the recipient’s bank account information and prove difficult to detect.

Fake LinkedIn Notifications

LinkedIn sends regular emails to its users, including notifications like “people are noticing you” and “Alex posted recently.” These LinkedIn email notifications often contain clickable elements that redirect users to LinkedIn, such as a blue box element saying “see all views.” Cybercriminals have started designing phishing emails that mimic LinkedIn notifications to pique the curiosity of recipients. They employ LinkedIn’s Smart Link to bypass secure email gateways (SEGs) that should filter out suspicious emails and prevent them from reaching the recipients.

When unsuspecting people open these fake LinkedIn notifications and click on the elements, they get redirected to a counterfeit LinkedIn page that prompts them to log in. Unbeknownst to them, cybercriminals steal their data or download malware onto their devices, allowing for covert data theft.

Crypto Investment Schemes

LinkedIn phishing scams often masquerade as crypto investment schemes, capitalizing on the increasing popularity of cryptocurrencies over the past five years. Cybercriminals create fake LinkedIn accounts and send connection requests to numerous people, establishing friendly relationships with them over time. Afterward, they send mass messages to their connections, containing a phishing link disguised as a crypto investment website.

These LinkedIn phishing attacks prey on people’s desire to invest in the next big cryptocurrency. However, not all that glitters is gold; some turn out to be fraudulent schemes.

Job Offers

LinkedIn is a social media platform primarily used by professionals to network and find job opportunities. Cybercriminals exploit the desperation of job seekers by creating LinkedIn phishing attacks disguised as enticing job offers. They send direct messages to random LinkedIn users, presenting them with bogus job opportunities. While the job benefits may appear too good to be true, they grab the attention of job seekers. If the recipients inquire further about the job, the so-called headhunters typically respond vaguely and request the unsuspecting LinkedIn users to provide their personal information through a Google Form.

How to Avoid Falling Victim to LinkedIn Phishing Attacks

Maintain a security-conscious mindset to prevent falling victim to phishing attacks in general. Use strong passwords and avoid reusing them across different accounts. Keep your antivirus software, devices, and apps updated with the latest releases. Be cautious of the websites you visit. Continually educate yourself about digital security, including the latest viruses, antiviruses, and cybercrime tactics. Refrain from sharing personal details that cybercriminals can exploit for theft. For example, avoid responding to tweets that casually ask for sensitive information like the last three digits of your phone number or your mother’s maiden name.

Always enable two-factor authentication (2FA) for all your digital accounts. When 2FA is activated on your LinkedIn account, it alerts you when someone attempts to log in from a new device using your credentials.

Avoid clicking on links and opening attachments from untrusted sources, particularly unsolicited ones. Phishing links or attachments may not cause immediate damage but can lurk in the background, stealing your data. Remember, just because someone contacts you on LinkedIn and engages in regular casual chats does not guarantee their trustworthiness. They could be cybercriminals waiting for an opportunity to steal your data.

Install a strong and up-to-date antivirus software on all your devices to mitigate the damage caused by cybercrime. While it may not prevent all phishing attacks, it enhances your overall security.

Bottom line for LinkedIn Phishing Scams

Exercise caution and refrain from risking your LinkedIn credentials, devices, or bank account information due to curiosity. Some victims of phishing attacks were not necessarily fooled by the cybercriminals behind the attempts; instead, they fell victim due to curiosity or overconfidence. Remember that no attachment or link is worth compromising your security. Before clicking on a link or opening an attachment, consider the possibility of it being a phishing scam equipped with powerful malware that could bypass your anti-malware software.