Have you received an enticing job offer on LinkedIn from a very attractive woman lately? Think twice before hitting the apply button, warns antivirus software maker BitDefender LLC. The ad may just be one of the many bogus job vacancies that have surfaced on the business networking site in recent months.
“Employment scans are sometimes backed by other fraudulent Web sites, such as fake hotels, which often include a career section,” warned BitDefender’s security specialist Bianca Stanescu. Names, addresses, banking information and other personal details obtained throughout the ‘recruitment’ process may also be used for identity theft. In the end, victims may even get a new job – as money mules transferring illegal payments from one account to another.”
The ad associated with the image above this article uses the bogus profile of a certain Annabella Erica attempts to hook LinkedIn users with the offer a $3600 plus per month salary and the line: “It doesn’t matter what language you speak, as long as you speak English, and at least one other language, there are plenty of jobs for you available.”
The ad has a shortened URL that links to a Web site registered on a .com domain to avoid suspicion.
Cyber criminals are using LinkedIn’s massive 84 million user base as their fishing pond, the security expert wrote in her recent blog.
Annabella’s bogus profile, Stanescu said, was injected into authentic LinkedIn groups such as Global Jobs Network which has more than 167,000 users worldwide.
“Members of the social network are now sharing insights on more than 2.1 million groups, so the number of victims exposed to the scam could be a lot higher,” she said.
This type of scam has been used on other social sites such as Facebook and Twitter and for some time LinkedIn had not been targeted.
Stanescu said LinkedIn is even being used for cyber espionage purposes.
“Recent documents leaked by former NSA employee Edward Snowden showed that fake LinkedIn profiles are also used for spying at a higher level,” she said. “The UK Government Communication Headquarters allegedly set up fake pages on LinkedIn and other Web sites to spy on communications companies across Europe.”
Stanescu came up with these security tips for avoiding being a victim on LinkedIn:
• Always check the new profiles that add you on LinkedIn. No matter how hard you’re looking for a job or to expand your professional network, it’s crucial to do a bit of research before accepting new connections;
• Check if you share trusted connections with the people who add you on LinkedIn;
• When you share insights on LinkedIn groups, be careful with the information you post. Social engineers seek details that help them reach you or your company through spear phishing and social media attacks.
• Employment scammers require victims to pay in advance for attractive jobs, usually work-at-home scams. When you’re recruited for a new job, make sure you are the one who gets paid, not otherwise.
• Use a search engine to check if the picture of your new recruiter isn’t spreading on other web sites as well. Bitdefender discovered that “Annabella Erica” apparently also wrote a testimonial as “Sara”, for a research and writing services company. Her picture is used on the websites of an eye care center, a student registration system and a Florida bank.