How Hackers used LinkedIn platform for duping job seekers- A Report

The Covid-19 pandemic-induced lockdown created havoc with the global economy, with business getting severely affected, resulting in companies trimming their workforce. As a result, millions of people were rendered jobless. In normal circumstances, laying off is common, but people tend to get back on track with new opportunities. Unfortunately, the turbulent lockdown period meant that everyone was in the same boat. 

This was also the time when fraudsters were active, preying on desperate and unsuspecting people. Earlier, also there was a fake job market, but the pandemic made job seekers desperate.  The modus operandi of many hackers was to study user's LinkedIn profiles and offer a similar lucrative job.   The scam was meant to target the personal and financial data of job seekers. 

Recently, LinkedIn was in the news for a job scam, which led to more than 100 people getting duped for a fake job interview. A fraudster posted job openings for an environmental engineering firm known as Geosyntec Consultants in the Washington DC area. A fake email from the firm's senior recruiter was given for screening interviews. Unfortunately, many fell for the trap and responded. In the meantime, the original senior recruiter came to know about the fake job interviews and recruited KrebsOnSecurity to verify the ads posted. The result confirmed that the phony ads were placed on behalf of the company. The ultimate objective was to get the personal information from the 100 odd applicants. 

One particular applicant fell for the offer when she was offered a lucrative position commensurate with her experience as a consultant for fashion and home brands. She was set up for an interview which was answering text questionnaires. After submitting them, she was immediately offered for work from home job with a salary that was too good to be true.  Sensing something wrong, the applicant asked to clarify her role and position in the company. This was ignored, and instead, the fake recruiter asked her to submit her personal information, including financial ones, for direct salary credit.  The applicant got in touch with the real recruiter, and the reality came out. 

This one of the recent incidents on LinkedIn does not mean that fraudsters are restricting them to this platform. They are active on other social media platforms like Facebook and Twitter also. The issue with LinkedIn is that people connect with others without knowing them, leading to disappointments. 

As per the FBI, technology has made fraudsters impersonate recruiters and commit scams easily. For example, they induce victims to provide personal financial information such as bank or credit card details which become easy for phishing or persuade victims to pay upfront money as service charges for providing jobs. 

In 2020 around 16012 people were victims of employment scams, as reported by the FBI internet crime Centre. However, the numbers may be higher as many people do not report such crimes to the authorities. 

The platform uses a manual and automated mechanism to detect fake accounts or any fraudulent payments as per LinkedIn. They also constantly monitor user accounts or any jib posts that violate the company's policy. This helps LinkedIn stop any fake posts going live on their platform. Even if anyone sneaks through, they are detected and removed quickly.   This automated defense system has ensured that LinkedIn removed 98.40 % of the fake accounts.   Incidents like that of Geosyntec Consultants occurred because fraudsters used email services like Yahoo and Gmail, which was out of LinkedIn’s control. 

The takeaway from job scams is to look for tell-tale signs as per the FBI.  Some of them are  

  • Fake employers contact victims through non-company email domains and also telephonically.

  • Interviews are not held in person or via video conferencing

  • Job applicants are asked to pay upfront fees as service charges for background investigation costs. 

  • Job applicants are asked to purchase any product from the company as a start-up kit. This could be in the form of Training material also. 

  • Fake employers ask for bank or credit card details for direct transfer of salaries in the future.

  • Job postings are on different job platforms but not on the company’s website.

  • Applicants are asked to sign a contract and provide all the personal identity details (PII).

  • There are no job profiles available of the fake recruiter or managers on the company's website or Job platforms.  

  • Their LinkedIn profile has few connections

  • They offer salaries higher than market benchmarks for a similar position

  • They are more eager to close the deal than the job applicant themselves.

Many scamsters use sophisticated and innovative methods to lure job applicants. Cybersecurity firm Symantec conducted a study on fake LinkedIn profiles and found that their profiles displayed similar characteristics. Some of the common features were

  • They pose as head hunters or recruiters for fake HR firms or are self-employed independent HR professionals.

  • They use photos of attractive females, usually taken from stock image sites, or in many cases even use real professionals. 

  • They use profiles of real professionals and copy-paste them on their profiles, passing them off as their achievements.

  • They make use of SEO keywords on their profile for higher visibility in search results for job applicants. 

Avoid malicious Phishing attacks 

Phishing attacks on LinkedIn are nothing new. Many scammers use a clone of well-known sites like an online banking site to trick people into logging in. Some cyber experts call it the spray and prayer technique. This means that while most people can see through the fraud for such fake websites, it is always seen that one in a thousand is foolish or desperate enough to log in.  This one prey is hood enough for fraudsters to capture the login credentials and take advantage of the compromised account. Other than the spray and pray method, another method deployed by fraudsters is to target professionals directly. This type of targeted attack is referred to as spear phishing and difficult to detect. 

LinkedIn usually focuses on connections and makes a job offer more authentic and responsive with an introduction by mutual friends. However, in today’s pandemic times, a job offer from an unknown source cannot be a godsend. Fraudsters attempt to conduct phishing operations using malicious malware and compromise an individual’s financial details. 

By chance, if one falls for a scam job offer, there is a huge risk of opening doors of installing sophisticated malware through the backdoor, which can be difficult for even an anti-virus to detect.