Linkedin Fake Jobs Scam
One of the useful features of LinkedIn is that recruiters and companies can reach out to LinkedIn users to make job offers. You can even set your profile as “open to finding a new job” which places you into a pool of users actively seeking work. And this system works; 122 million users received a job interview via LinkedIn. This is all great, but it also means that you can become a target for scammers.
The fake job offer scam on LinkedIn typically involves the scammer creating a fake profile used to represent themselves as a recruitment agent or a senior person in a company. Once an account is created the scammer can then attempt to ‘recruit’ people to fake jobs and other scams.
Fake accounts can be set up on LinkedIn easily. All you need is an email address. Scammers will usually attempt to populate a fake account with connections to give it legitimacy. If they can even trick a single user into linking to them, this can create a snowball effect with connections of connections then linking in. With each new connection, the fake account looks more real and increases the level of trust. Once trust is established, the scammer has a greater chance of successfully tricking a target LinkedIn user into believing a job offer is real.
Scammers may attempt to build up a rapport with the target by sending friendly LinkedIn messages. This helps establish a relationship and build the all-important trust to ensure the next steps work. Once a LinkedIn user takes the fraudster’s fake job bait, typically the scammer’s next step is to use phishing methods to steal data. In many LinkedIn job offer scams, the victim will receive a PDF document with the job description. This document will either be infected with malware that will execute on opening, but more typically the PDF will contain a link. This latter technique is often used to evade antivirus software. If the recipient clicks on the link, they are likely to be taken to a website set up by the fraudster to collect bank account details for payroll functions.
Security awareness is not just for phishing emails. Understanding the tricks of the LinkedIn scam can help avoid becoming a victim. Here are some of the tell-tale signs to help spot a fake LinkedIn user:
The connections: Check out the account holder’s connections and shared connections. Scammers generally have few connections. If they say they represent a certain company, do they have connections in that company?
The company: Sometimes scammers go as far as to create a fake company. Do some digging and see if the company exists.
Names: Often scammers use common names, like John or Jane to try and avoid any alarm bells. This, along with other warning signs, might be enough to ring the scammer bells.
Profile photo: Also, the profile picture might be a giveaway. Scammers are known to do online searches to find photos of real people to use in their profile picture. If you do a Google reverse image search you can see if the photo matches the name. You can do this using Chrome, by right clicking on the profile picture and choosing “search Google for image”.
Endorsements: Even scammers can be endorsed, but usually the endorser is also a scammer. If you are suspicious, check out the details of those who have endorsed the suspicious account holder in the same way you check out the scammer.
Profile information: Check out various aspects of the profile. Does the profile contain a lot of spelling mistakes, does their work history and education fits their persona?
LinkedIn is used for many types of scams. If the fraudster can use LinkedIn to create an account that looks legitimate, they can create trusted relationships with LinkedIn users. Once trust is established, the next steps involve phishing and other methods to extract data and money from targets.
If you believe you may have been involved in an attempted scam you can report the scam details to LinkedIn.