LinkedIn, the social network for professionals, job seekers and employers, has more than 830 million users in more than 200 countries. 49 million people use it to look for jobs every week. It has an easy-to-use interface and a seamless messaging system and it does an admirable job of connecting employers with job candidates. But, as we know, internet fraudsters prey on legitimate networks to try to the network’s credibility for underhanded reasons. LinkedIn is experiencing such an infiltration now.
According to a report, LinkedIn phishing scams are up 232% since February of 2022. Scammers use the platform’s messaging service to try and trick users into giving up personal or financial information. Or, cybercriminals will use webmail addresses with LinkedIn display names to send fake emails purporting to be from the social network. Both are insidious but there are ways to protect yourself.
For example, a common attack at the moment are messages either on LinkedIn itself or through email that claim to be about job opportunities. Taking advantage of growing interest in cryptocurrency, cybercriminals will send out fake job openings at cryptocurrency organizations. The user receives a recruitment message about a made-up job at a real company like Crypto.com or Coinbase. The message will urge the user to download an attached application but the attachment is malware designed to steal sensitive information.
In another common scam, fraudsters will send users an email that looks like it is coming from LinkedIn, complete with a web address that appears to be legitimate and an email that looks branded to LinkedIn’s specifications. The links in these emails, if clicked, expose users to bad actors and malicious software.
To prevent LinkedIn phishing attacks, look for the following in any email purporting to be from LinkedIn:
- A linkedin.com email address. If you receive an email from an address that ends in linkedin.com, it doesn’t necessarily mean that it’s legit but if you get one from a clearly suspicious address like l1nked1n.com or lenkedin.com, you know you’ve got a scam email
- Typos and misspellings in the subject line and email copy
- Suspicious links. Hover over all links and see if they direct to linkedin.com, if the link they connect to looks suspicious or has nothing to do with LinkedIn, report the email as spam
- An attached file. LinkedIn never sends files to its users so if there’s something for you to download, avoid it
To protect yourself from scams in the messaging service on LinkedIn itself, do the following:
- When receiving a message from a user you do not know, always check their profiles. Does something seem remiss, like they joined the network yesterday or have strange or inconsistent work histories?
- Ask yourself if it makes sense for this person to reach out to you.
- Check for files they may be sharing, especially if they claim it is urgent.
It is important to note that cybercriminals using LinkedIn for their purposes is not unique to LinkedIn. Just like all other forms of digital communication, from Facebook to email, scammers will try to find a way to take a good thing and ruin it. LinkedIn is not less safe than any other network. In fact, LinkedIn has a helpful page that includes information on what to look for in common scams on their site and how to identify them when you are targeted.
LinkedIn is a useful tool for finding work and learning more about your professional industry but it can also be a useful tool for criminals to defraud you. Don’t fall for it.