Amid research into the growing scams on LinkedIn, Bitdefender has detected a new virulent campaign that lures victims with exciting job offers from the fake profile of an attractive female recruiter.
The antivirus software provider says fake profiles gather the personal details of users and leads them to dangerous websites using URL shortening techniques.
The scam reads as follows:
“There are hundreds of companies right now searching for people that can speak two languages, it doesn't matter what language you speak, as long as you speak English, and at least one other language, there are plenty of jobs available for you.”
According to Senior E-threat Analyst at Bitdefender, Bogdan Botezatu, as many users speak English and a native language, Australia is a key target, especially considering more than five million Australians are active on LinkedIn.
“The fake Australian profile of ‘Annabella Erica’ has already been injected into authentic LinkedIn groups such as Global Jobs Network, which includes 167,000 users worldwide," Botezatu says.
"Members of the social network are now sharing insights on more than 2.1 million groups, so the number of victims exposed to the scam could be a lot higher.
“The fake employment website is registered on a reputable ‘.com’ domain to avoid raising doubts as to its authenticity.
"Scammers gather e-mail addresses and passwords they may later use for identity theft. Fraudsters usually register websites for longer periods and sometimes make their pages look even better than legitimate websites.”
Recent fake documents leaked by former NSA employee Edward Snowden showed that fake LinkedIn profiles are also used for spying at higher levels. The UK Government Communications headquarters allegedly set up fake pages on LinkedIn and other websites to spy on communications companies across Europe.
“Employment scams are sometimes backed by other fraudulent websites, such as fake hotels, which often include a Career section," Botezatu adds.
"Names, addresses, banking information and other personal details obtained throughout the “recruitment” process may also be used for identity theft.
"In the end, victims may even get a new job as a money mule transferring illegal payments from one account to another."
As a result, Botezatu offers the following advice for LinkedIn users:
· Always check the new profiles that add you on LinkedIn. No matter how hard you’re looking for a job or to expand your professional network, it’s crucial to do a bit of research before accepting new connections;
· Check if you share trusted connections with the people who add you on LinkedIn;
· When you share insights on LinkedIn groups, be careful with the information you post. Social engineers seek details that help them reach you or your company through spear phishing and social media attacks.
· Employment scammers require victims to pay in advance for attractive jobs, usually work-at-home scams. When you’re recruited for a new job, make sure you are the one who gets paid, not otherwise.
· Use a search engine to check if the picture of your new recruiter isn’t spreading on other web sites as well. Bitdefender discovered that “Annabella Erica” also wrote a testimonial as “Sara”, for a research and writing services company. Her picture is used on the websites of an eye care center, a student registration system and a Florida bank.
Have you been lured by the LinkedIn scam? Tell us your experiences in the comments below