LinkedIn scammers step up sophistication of online attacks
LinkedIn has been hit by a rise in sophisticated recruitment scams, as fraudsters seek to take advantage of the trend towards remote working and widespread lay-offs across the tech sector.
Jobseekers on the world’s largest professional network are being defrauded out of money after taking part in fake recruitment processes set up by scammers who pose as employers, before obtaining personal and financial information.
“There’s certainly an increase in the sophistication of the attacks and the cleverness,” Oscar Rodriguez, vice-president of product management at LinkedIn told the Financial Times
“We see websites being set up, we see phone numbers with a seemingly professional operator picking up the phone and answering on the company’s behalf. We see a move to more sophisticated deception,” he added.
The warning comes as the Microsoft-owned social media company said it has sought to block tens of millions of fake accounts in recent months, while US regulators warn of an increase in jobs-related cons.
Last month, cyber security company Zscaler revealed a scam that targeted jobseekers and a dozen US companies, where fraudsters approached people through LinkedIn’s direct messaging feature InMail.
Scammers identified businesses that were already hiring, including enterprise software company Zuora, software developer Intellectsoft and Zscaler itself.
They then created “lookalike” websites with similar job ads and, via LinkedIn’s InMail feature, invited jobseekers to enter personal information into the websites, before conducting remote interviews via Skype.
“To top it off, they also created Skype profiles with the picture of the [real] recruiter from the companies to conduct interviews as well,” said Deepen Desai, vice-president of security research at Zscaler. “Everyone who falls for it will 100 per cent clear the interview with flying colours.”
Jobseekers passed “invaluable” personal details to the scammers, with some requesting money for IT equipment or third-party training for which applicants would never be reimbursed, Desai added.
The recent growth in artificial intelligence programmes that generate realistic text and images also pose a new threat.
“In the past year, [scammers] are now using artificial intelligence to create profile photos that can fool human eyes very easily,” said Rodriguez, who added that LinkedIn is using its own AI to detect “deepfake generated profile photos”.
Etay Maor, a professor in cyber security at Boston College and security strategist at Israeli security company Cato Networks, said that language programs such as OpenAI’s ChatGPT are another potential tool for scammers.
“ChatGPT-style solutions . . . make it much harder to detect scams. It accelerates the process and it lowers the bar for newcomers,” he said.
The attacks come as the amount jobseekers lose in employment-related scams increases. Figures from the US Federal Trade Commission show there were over 92,000 job-related and business scams in 2022, with $367.4mn reported lost. This compared to the 105,000 in the whole of 2021, where $209mn was lost.
Experts believe remote working has accelerated the trend. “In the old days, the problem for fraudsters and scammers was the face-to-face interview,” said Keith Rosser, chair of JobsAware, a not-for-profit organisation that provides help to UK workers who have suffered from job scams. “Now there’s a fully digital process. Workers expect an online interview and website [application].”
Recent lay-offs in the tech sector provide another “headline” for fraudsters “to follow”, said Kati Daffan, an assistant director of marketing practices at the FTC.
“Scammers are very creative in terms of leveraging timely topics,” said Rodriguez, when asked about tech lay-offs. “We see scammers trying to leverage whatever is happening at the moment to lend credibility to [their attacks].”
Of the almost 22mn fake accounts LinkedIn blocked in January to June 2022, 75 per cent were stopped at the account registration stage, the company said.
It has also recently introduced features telling users how long a person has operated a LinkedIn profile and it is developing cautionary, automatic prompts in InMail to warn users when they receive suspicious messages about employment or cryptocurrency investments, for example.
Read the full article Here