The rate of cybercrimes is increasing rapidly and innocent people are falling prey to hackers every now and then. We are already aware that our social media accounts and bank accounts could be hacked anytime! So, we do everything to ensure that they remain safe and protected. People are even aware of fraudulent phone calls and emails nowadays. This made the cybercriminals act up and make LinkedIn their new hub.
LinkedIn is not something new to people but that was the place least likely to be hacked since it is a professional platform. It is one of the most popular social networking sites for people who are looking to expand their professional network. Well, it was not such a problem up until last year. Ever since the world got hit by COVID-19 and the lockdown started, the scarcity of jobs was on the rise. People started losing their jobs left and right and that’s when LinkedIn blew up majorly.
People turned to LinkedIn in search of jobs as it is one of the most sought-after networks for the corporate and business world. This caught the attention of hackers making the platform and its users their ultimate targets. Reports state that the hackers are being quite smart in tricking people as they are using a very sophisticated and real campaign to pry on their targets.
A backdoor Trojan is a dangerous malware that will give these criminals what they are looking for. They not only get access to the users’ LinkedIn account but also to their computer/mobiles/smartphones, etc. As a result, they can do anything from deleting files, launching certain programs, or hacking confidential information in exchange for a lump sum of money.
So, how do you protect yourself from falling into the trap of such phishing scams?
We are not sure if we can stop this from happening completely but we can always take precautions. It is better to try everything from our side than not trying at all.
GIF Source: Dani Montesinos
First things first, you need to identify the job offers that you get are fake or real. eSentire states that the easiest way to do this is by checking the file name and type that has been sent to you. The first signal is a message consisting of offers in a “Zip” format.
The team of researchers also states that the next step is to check out the file name. If the job position that you have been offered is written as Senior Account Executive- International Freight, then the folder would be like “Senior Account Executive- International Freight Position (the “position” at the end is to be noted down).
The “position” term added at the last is the most prominent way of identifying a malicious trojan and is to be ignored immediately.
Like we stated before that these attacks are way too sophisticated to identify. There are chances that you won’t be able to identify the fake job offer and click on the file. What next?
If you fall for the trick and open the file then the next plight of events gets triggered. It would lead to the installation of the backdoor trojan also known as more_eggs. Antivirus won’t be able to detect this as the file is not malicious.
The events occur through corrupting the general Windows movements and program scripts in the memory. Once the malware made itself at home in the victims’ system, the Trojan “more-eggs” wait for controls and orders from its original source. The hackers’ group mainly known as Golden Chickens then gives the eggs their orders.
Well, eSentire faced this attack and they still don’t know what the results would have been had the attack not been identified and stopped in time. Another report stated that the previous attacks by the same group have been vicious. They reportedly breached the finance systems of major entertainment, pharmaceutical and retail companies.
This group is downright dangerous and they can use the preys’ system for any kind of illegal and nefarious activities. However, LinkedIn has become more active and taking necessary precautions against such events. They have strengthened their security and verification process to ensure that all accounts are real.
Nevertheless, things still happen and cybercriminals still find their way out. So, it is better for everyone to be careful. We don’t have an exact number of how many people fell prey to this but please ignore if you receive spontaneous job offers or suspicious links.
You will come across multiple listings like earn $300 per hour by doing this and doing that. A lot of people are easily trapped by such listings since finding jobs is already a hard enough process and such easy tasks tend to intrigue the interests of users.
According to the FBI, falling victim to such scams can result in a loss of $3000 per individual. There have already been numerous reports about phishing scams and at this rate, it is very tough to identify legit offers from fake ones.
Mind you such phishing scams are not like the ones you receive directly in your email with ample clues. These messages are mastered at disguising themselves like sophisticated, professional letters.
But, if you even have the tiniest doubt on a job offer then you can confirm it with the Safety Center on LinkedIn. Fill up the form here or send the message directly to phishing@linkedIn.com. It is okay to double-check a legit offer than falling prey to illegal scams and you never know what could happen.
Some simple ways to stay cautious are
Well, not only job seekers but businesses can fall prey to this scam too. So, how can you safeguard your company from such events?
The Federal Trade Commission suggests that if you have the slightest insecurity about being scammed then report it immediately to FBI IC3. They will also help you alert the candidates and other people related to your company about the same.
The best way to stay safe is to encourage candidates to apply for vacancies directly from your original website. If you post about the openings on other websites, include that detail on your main website as well.
Make sure to use TLS/SSL certificates to protect transactions taking place from your website. It will also help you add an EV certificate to your website at the same time maintaining the website identity.
Search up your business once in a while everywhere possible and make sure that there are no fake listings available under your name. If you come across something similar, then report it immediately.
If you come across something like this, then announce it as fake and notify your audience immediately. Start taking the necessary steps.
Well, the world is progressing rapidly and so is technology. It is only natural that hackers will update their way of operations too. All you have to do is be careful.
Do not fall for such scams and notify the respective authorities immediately if anything seems fishy.
Klizo Solutions was founded by Joseph Ricard, a serial entrepreneur from America who has spent over ten years working in India, developing innovative tech solutions, building good teams, and admirable processes. And today, he has a team of over 50 super-talented people with him and various high-level technologies developed in multiple frameworks to his credit.