LinkedIn Trust Factor Phishing Scams.
South Africa ranks 3rd highest in the world for Ransomware Attacks and Email Hacks. If in doubt delete.
LinkedIn Trust Factor Phishing Scams.
South Africa ranks 3rd highest in the world for Ransomware Attacks and Email Hacks. If in doubt delete.
LinkedIn Phishing Scams. Zero Trust Policy: If in doubt delete.
We have all had Facebook, Twitter, PayPal and/or Instagram Phishing scams and now because LinkedIn has a trust factor, known to be a Professional space, subsequently, the business platform is experiencing a 232% increase in scams since the beginning of the year. Examples of social media scams are the Instagram Influencer Accounts hijacking, Twitter Crypto-currency rehash and now Spoofed LinkedIn Phishing email spam and scam messages for jobs. LinkedIn has a long way to go in protecting its assets and customers from these scams and cyber criminals.
- Hackers are attempting to impersonate LinkedIn Profiles.
- Phishing attacks using LinkedIn emails.
- Fake job offers.
- Credential-stealing attacks.
- CV Resume data theft scam.
Update 2023: LinkedIn Account hijacking, account takeovers leveraging either brute-force attacks or using stolen credentials has greatly escalated.
Enable 2FA and change your password.
This article, LinkedIn Trust Factor Phishing Scams, was penned in 2022 following an escalation in LinkedIn phishing, vishing attacks and now in 2023 LinkedIn account takeovers. LinkedIn is still not doing enough to protect its users from attacks which is more than likely due to revenue limitations of its current model.
Enable 2FA and change your password.
LinkedIn users are suffering account lockouts or account takeovers with users experiencing email address changes with the inability to prevent such modifications. Do not pay the ransom to retrieve your account however contact LinkedIn support before your profile is deleted. The damage to professional networks and your reputation can be offset by two-factor authentication 2FA and strong unique passwords. You might experience temporary lockouts as the scammers attempt to hijack your account which is far better than full lockout and a changed email address on your account.
Enable 2FA and change your password.
You have appeared in Searches this Week LinkedIn email scam.
Even if you do not have a LinkedIn Account, you have more than likely received a “You have appeared in Searches this Week” LinkedIn Phishing email scam. Threat actors/scammers are taking advantage of the Linkedin Trust Factor, Html masking and provide links you can click on to get more details without seeing the destination URL. These links lead to malicious websites designed to steal your personal and financial details or you are met with Viagra and other medical advertisements.
Email as HTML and note one of the red flags is the sender’s email is not LinkedIn.
The same email was converted to plain text with the HTML stripped out.
LinkedIn People have Noticed You Trust Factor Phishing Scams:
LinkedIn Email Attachment Scam:
We advise taking a Zero Trust Policy on all emails, especially transactional emails. There are very few reasons why you should share your personal details with external sources especially Banks and Professional Institutions, additionally Banks and Professional Institutions will not add attachments to emails for you to complete and will not direct you to the website URL where to complete the requested action. Scammers have now taken advantage of trust factors, by HTML masking the redirecting URL to a scam site.
LinkedIn Job Scam.
In South Africa, the job-hunting scam is particularly cruel, one of the most easily converting scams due to the very high unemployment rates, with no social security causing desperate people to take chances that look improbable but to a hungry candidate with high emotional distress, very probable. Many many Africans fall for job scams for many reasons especially Internet Literacy. Do not spray mail your CV or resume as there is data that can be used either for the hacking of accounts, cloning your Identity or social engineering.
Direct Message LinkedIn Scam.
You are desperately job hunting and you receive a direct message for your dream job. You send in your CV and then on request you provide further personal details. All “very personal data” can be used in multiple ways to clone your Identity or used to log into other profiles like social media accounts and even banking accounts. A direct message link is sent with a link to login into a spoofed LinkedIn account where your password is recorded. Most people use the same password for a large portion of their digital world. You can even be asked for your banking details for the job and as you have already provided a trove of personal data, it makes it easier to break into your bank. You might even be asked for an advance fee to secure your dream job. Of course, if you were like me job hunting there was no money in my bank account at the time.
LinkedIn Crypto Scam.
This scam relies on our greed and LinkedIn’s trust factor. A scammer in your network, possibly cloned or social-engineered profile, that appears to be well known, sends you a deal of a lifetime only available to their network. You are then usually redirected to an impressive-looking website with promises of great returns with great reviews from the famous and the rich. All you need to do is sign up and pay a fee to show you are a serious investor. There is usually the typical marketing scam, limited-time offer or limited places. The offer came from a Professional within your Professional network on a Professional Platform. Too good to be true. When it comes to all things Internet Security, cyber criminals are always steps ahead of not only the law and legislation but IT best practices, patches, and updates therefore we are always playing catch-up with new tricks and scams.
LinkedIn accounted for 52% of all phishing scams globally in 2022.
Fake LinkedIn Cyber-Espionage Profiles.
Spray and Pray scamming targets a wide audience range with a multitude of emails, with the idea that 1 in 1000 will follow that dodgy link. In a cyberespionage operation, the threat actor uses LinkedIn-based social engineering to create a relationship before deploying malware. Employees are first targeted with carefully crafted and targeted contact, once the trust is gained the employee is sent an infected file or a request of funds transfer. Social Engineering scams can use your CV data to create an illusion that you and the scammer were long-lost connections at school or a place of study for example. “Hi you might not remember me but we were in the same school together” (or place of higher learning). Currently, in South Africa, the Pumza Kulu Gauteng Department of Social Development email scam is doing the rounds. Pumza Kulu only appears on Linkedin in search results as Financial Reporting Manager Gauteng Department of Health, once again taking advantage of the Linkedin Trust factor additionally you can create any profile with any company profile without having to validate the profile and its credentials. LinkedIn needs to step up with verifications of profiles, qualifications and companies.
LinkedIn never sends files. If in Doubt Delete. Log in to LinkedIn using 2FA.
Many of the standard red flags for scams no longer apply as the scammers have read all the expert warnings and Industry Security blogs therefore the mismatch of email addresses supposedly from the sender’s company, and the poor spelling are no longer seen anymore in scam emails. LinkedIn Trust Factor and obedience to authority Psychologists who research obedience to authority know we are more likely to respond to requests from people higher up in our social and professional hierarchies. And fraudsters know it, too. Fraudsters are using spam bots to engage with victims who respond to the initial hook e-mail. The chatbot uses recent information from LinkedIn and other social media platforms to gain the victim’s trust and lure them into giving valuable information or transferring money.
Link hover: Convert all emails received to plain text which strips out the URL masking by HTML of the link address and then the true Url destination can be seen moreover if it’s a link to a URL that is not using the linkedin.com domain, it is phishing.
Attachments: LinkedIn will never email you attachments. It is very likely that your email security might not pick up embedded macros that are launched once you open the attachment.
If you receive an email and believe it is a phishing attempt, please forward the email to phishing@linkedin.com.
What I Do.
I specialise in Digital Footprints for new Startups and Identities struggling to be found in Search.
Google Maps Marketing Local SEO
Google Maps Marketing Local SEO is the art of optimising your online presence and increasing foot traffic to your local based business.
SEO Content Copywriting
SEO Digital Content Copywriting is the art of copywriting keyword/phrase content that is found in search results that converts.
WordPress Websites
WordPress is an open-source versatile content management system CMS for users to create easy functional beautiful looking websites that is found in search
WordPress SEO
WordPress SEO is the art of of getting your WordPress Website Pages on #Page1 of Organic Search Results for your Keywords/Phrases/Products/Services to your (best converting) target audience.
Let's Work Together!
Contact SEO Cape Town.
5 Clarendon Court, Melrose Road, Muizenberg, Western Cape 7945, South Africa VFR9+XP Lakeside, Cape Town
(+27) 060 904 5988
Email Me
Follow Us
First Peoples Land Statement
Search Engine Optimisation Marketing operates on the traditional, ancestral and unceded lands of the San and Khoe peoples. I wish to acknowledge the lands of the First Peoples we now occupy.