With more than 645 million users in 200+ countries, LinkedIn has a reputation for being THE social platform for professionals. However, the level of trust that this status creates is a double-edged sword – since most users naturally expect fellow profiles to be as legitimate as they are, they leave themselves open to being scammed.
While you continue to use LinkedIn to network with other professionals, there are three particularly dangerous types of scam profile to be on the lookout for. Once you see an account matching these behaviours, report the profile on LinkedIn and notify your IT department to prevent an attack on someone else.
In the meantime, remember: always be cautious of link redirects and attachments; whether they come through LinkedIn, emails, or otherwise.
Of course, even the simple act of connecting with a LinkedIn profile can be a potential threat to you. Accepting a connect request with a fake profile automatically gives them access to information you have listed on your profile – leaving them free to copy that information and set it up as a clone account. Armed with this account that looks identical to yours, there’s nothing stopping the scammer from fooling your other connections – leaving you to pick up the blame; with your reputation tarnished.
Another tactic could be to offer an exciting opportunity in exchange for personal details such as your email address, phone number, and even bank details – and because the offer is so enticing, people often don’t think twice.
Always look through any connection requests thoroughly before allowing them access to your information. Look out for key signs like a low number of connections, or bad spelling – but to be safe, simply do not connect with anyone you don’t recognise.
Thanks to the amount of information that is available on your LinkedIn profile – organisation, location, job function, certifications, position - phishers have everything they require to craft their attacks to be more personal to their targets; thus, making them more likely to be believable at a first glance. This is known as spear phishing,
One of the most common spear phishing tactics is the use of a fake profile, set up to look like an employee of your organisation - and from there, they will seek to connect with you and as many of your colleagues as possible in order to increase their legitimacy. They will then seek to build trust through LinkedIn interactions, with the eventual aim being to send you a malicious link or attachment when your guard is down.
Phishing has been covered in more detail here.
Now, LinkedIn spear phishers can usually be revealed by simply asking around your organisation - a HR colleague would be a good first port of call. However, another quick way to check is to use the Address Book feature on email systems such as Microsoft Outlook; which allows you to find legitimate accounts within your business. If your new prospective connection isn’t there, there’s a good chance they aren’t who they say they are.
Phony LinkedIn Support
Another common scammer method is to set up a proxy address – which will look very similar to a LinkedIn tech support email. This email will usually claim that your LinkedIn account has issues; such as unusual activity, a failed payment, or it being hacked – and because these things usually invite a quick response, a lot of people don’t stop and think before clicking the link.
Once clicked, the link - which looks as though it will redirect you to your LinkedIn account – allows scammers to input software into your computer’s flash memory. This can range from a Trojan, which is able to monitor your keystrokes in order to record passwords – or, even worse, ransomware; which can encrypt parts of your computer system to stop you from accessing them until a ransom is paid.
If you are to ever receive one of these emails, do not click the link – instead, forward it to firstname.lastname@example.org, and open LinkedIn through your browser normally. Invariably, there was nothing wrong with your account at all, and you have nothing to worry about.
Now, use of any social media platform comes with risk – and while LinkedIn is no exception, the aim of this article is simply to raise awareness of possible dangers. Armed with this knowledge, you will now be able to spot and sidestep scams more easily, whilst still continuing to use LinkedIn to network with other professionals as before.
For more news and insights from Apogee, follow us on LinkedIn.