Threat Actors Abuse LinkedIn to Target Job Seekers

Cybercriminals LinkedIn Threat actors are targeting people who have recently lost their jobs with employment scams on LinkedIn, according to researchers at Malwarebytes.

The scammers are using bots to search LinkedIn for posts with certain phrases, such as “I was laid off” or “#opentowork.” Within minutes of making one of these posts, bots will begin commenting with phony employment opportunities or requests to connect.

“Scammers are notorious for targeting the vulnerable, and one could say that after losing a job you probably feel this way,” the researchers write. “All too eager to regain employment, you may jump at the first opportunity and engage in a conversation that could end badly.

Many of the bots spamming via comments tie back to some kind of fraud such as the advance-fee scam where you need to pay an up-front fee in order to receive goods or services. Some job offers are also too good to be true, and you could unknowingly participate in illegal activities by helping to funnel and launder money.”

Malwarebytes also observed targeted phishing attempts abusing LinkedIn’s premium messaging feature InMail.

“While bots are annoying, they are usually so predictable and noisy that they can be spotted from miles away, especially when they duplicate their own comments on the same post,” the researchers write. “More dangerous are personalized requests that come directly into a user’s inbox. It’s the same idea of a fake recruiter, but the profile looks more credible and scammers are using paid accounts. In fact, the ability to send a message to a user who’s not in your circle of contacts, is one of LinkedIn’s feature for going premium, called InMail.”

The scammers created fake recruiter personas with AI-generated profile pictures and targeted job seekers with personalized, fake employment offers.

“This was not a standard, copy-paste message but rather a carefully crafted one based on the victim’s job profile,” the researchers write. “The link shortener they used was related to their current position and was the hook to get them to visit a fake LinkedIn page showing a number of documents related to that role. None of the links to the documents actually load what they claim to be, instead they are meant to be a segway to a page hosting a phishing kit.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Malwarebytes has the story.

Will your users respond to phishing emails?

KnowBe4's Phishing Reply Test (PRT) is a complimentary IT security tool that makes it easy for you to check to see if key users in your organization will reply to a highly targeted phishing attack without clicking on a link. PRT will give you quick insights into how many users will take the bait so you can take action to train your users and better protect your organization from these fraudulent attacks!

Here's how it works: