More than half of businesses (56%) surveyed in the United States, United Kingdom, and Canada have experienced at least one LinkedIn scam this year, according to the newest research by NordLayer, a network security solution for businesses.
The most affected tend to be big companies (65%), requests to connect from an unknown person with a suspicious link in the message is the most popular scam they encounter (47%), and damaged reputation (48%) was the leading outcome of LinkedIn scams.
At the same time, cybersecurity provider Kaspersky has warned against a new wave of phishing scams on LinkedIn targeting people in the Middle East, Turkiye, and Africa (META) region with the promise of a dream job. Specifically, cybercriminals focus on users from the UAE, Turkiye and Nigeria.
Cybercriminals posing as HR managers from high end fashion brands are luring victims to download fraudulent files with the intent to steal credentials for Facebook Business accounts and run ads for monetary gain.
“Like in every social media platform, attackers and scammers seek information and money or ruin reputations,” says Carlos Salas, a cybersecurity expert at NordLayer. “We know that employees are considered to be the weakest link in the cybersecurity chain, and LinkedIn has millions of professional accounts, making it an even more appealing target for scammers. So, no one should let their guard down, no matter how professional a message might look.”
According to the research, 65% of big companies have been contacted by a scam/fake account on LinkedIn at least once. 58% of medium and 31% of small companies have experienced it at least once.
“Cyberattacks are a major threat to businesses of all sizes,” says Salas. “However, big companies are often the most targeted due to their data and value. They also have larger networks and databases, making them vulnerable to attack if their security measures are not up to par. Hackers will often focus their efforts on these targets to maximize their rewards.”
Most common types of LinkedIn scams
Confirming the Kaspersky warning, NordLayer data revealed that a fake job offer (47%) is the most prevailing LinkedIn scam among businesses. Moreover, they also receive phishing attempts (47%), requests to connect from an unknown person with a suspicious link in the message (41%), and fake tech support (38%).
Almost half of companies (45%) are also aware of a scam on LinkedIn using their organisation’s brand name. This type of scam was the most prevalent among big companies (53%), but it’s also common among medium ones: 53% of these businesses indicated that this type of scam also happened to them. Only small companies noted that they almost never experience such scams (13%).
Research also shows that the most popular employee action against these scams was to contact LinkedIn administration (71%), publish a post on social media about the scammers (71%), and report it to the police (51%).
Damaged reputation is the leading outcome of LinkedIn scams for big organisations
As the leading outcome of LinkedIn scams, big companies named damaged reputation (48%) as well as stolen/damaged data and high financial loss (40% each). Medium enterprises were hurt the most by damaged reputation (47%) and stolen/damaged client contacts (45%). Lastly, small companies that experienced any kind of scam indicated that financial loss (67%) as well as interruption to operations and stolen intellectual property (58% each) were the most common damage.
Says Salas: “One of the best ways to protect your business from LinkedIn scams is to educate your employees about the types of scams that exist and how to recognise them. Also, encourage your employees to use two-factor authentication (2FA) on their LinkedIn accounts as well as verify requests for information.
“Finally, regularly monitor the activity on your business’s LinkedIn account. Look for any suspicious activity, such as unauthorised logins or changes to account information. If you notice signs that your business has been targeted by a LinkedIn scam, report the activity to LinkedIn immediately and take steps to secure your accounts and data.”
How that job offer is faked
According to Kaspersky, people working in the field of digital marketing and sales are prime targets for fake job offers.
As a first step, the scammers proactively contact victims on LinkedIn highlighting a lucrative salary package for a job role. After gauging the victim’s interest, the scammers share a malicious link and persuade candidates to download documents related to the job from a cloud storage platform to successfully meet their objective.
Upon investigating the malicious files, Kaspersky experts found that scammers were using a malware named Ducktail to infiltrate devices. Ducktail is designed to steal user logins and passwords for Facebook Business accounts and uses stealthy techniques to remain undetected. The scam is targeted at the META region, with detections in the UAE, Turkey, Iraq, Nigeria and Lebanon.
Sharing her experience to warn people of this ongoing scam, Hiba Safadi, a marketing manager from the UAE, said: “When the recruiter contacted me, I was intrigued. To know if he was genuine, I checked his LinkedIn profile which seemed authentic because it had a picture, testimonies, etc.
“As we continued our conversation, he repeatedly insisted that I download some files related to the job, and this is when I felt something was off. Since I did not comply, he deliberately started mentioning the salary package to convince me into downloading the files, and this was the second red flag.”
Amin Hasbini, head of the global research and analysis team (GReAT) for META at Kaspersky, said; “This is not the first time Ducktail malware has made a comeback. Enticing people with a dream job that includes a hefty remuneration is a classic example of a social engineering tactic commonly used by scammers.
“Scammers are capable of communicating from accounts that look like corporate addresses, but in reality are compromised or from free email services or phishing domains. We understand it is very difficult to constantly be on alert, but it is necessary to remain cautious and take basic measures into consideration. For example, understand how the recruiter found you, research the employer, make sure you have a security solution installed, and most importantly, avoid clicking on links or downloading attachments from unknown or suspicious senders.”
To protect employees and organisations with social media business accounts from falling victim to this scam, Kaspersky recommends:
- Restrict access and establish rules for the use of social media business accounts.
- Create a strong password and refrain from using the same password for other websites.
- Companies should use two factor authentication to safeguard online business accounts.
- Companies should ensure BYOD devices are also protected.
- Ensure you have a security solution on your personal devices.
- Do not access business accounts through a personal device.
- Avoid accessing business accounts via public Wi-Fi.