With over 830 million members in 200 plus countries worldwide, LinkedIn is a great tool for business professionals to utilize. LinkedIn differs from its social media counterparts with its added ability to search and recruit for jobs, strengthen professional relationships, and pick up on tips colleagues have learned.
While the social platform creates opportunities for LinkedIn users, scammers also see their chance to profit off unsuspecting victims. In the first quarter of 2022, Checkpoint Research reported that 52 percent of all phishing-related attacks globally occurred on LinkedIn. This dramatically increased from Q4 of 2021, when LinkedIn only accounted for 8 percent of phishing attacks.
To give you the full scope of what types of phishing scams to watch out for on LinkedIn, we are covering why the LinkedIn platform is targeted, what the attacks look like, and how you can avoid getting scammed.
Why is LinkedIn a target?
The Great Resignation
Current employment trends, like the Great Resignation, have made LinkedIn a prime source for scammers to catch employees’ attention and gather personal information. The Great Resignation was coined in 2021 as employees across the nation left their jobs at much higher rates than previously seen.
As professionals shift from one job to the next, LinkedIn is a tool that allows them to research and apply for potential positions and receive job offers. When applicants turn in their resumes, they receive email notifications showing how many people looked through their profile and whether their application has been reviewed.
Scammers will take advantage of this feature by sending fraudulent emails acting as notifications from LinkedIn. If the recipient clicks on the link and submits their credentials, they will unknowingly be giving the scammer access to their LinkedIn accounts.
Cryptocurrency Investment Scams
Another trend that has continued to grow is cryptocurrency investments. Cryptocurrency is a digital currency used to buy technology and luxury goods, not upheld by any specific country or bank. Individuals can also invest in cryptocurrencies to earn more money.
LinkedIn comes in handy as a place for investors from all over the world to connect. Investors can find reliable information about crypto investments: where to spend, what mistakes to avoid, and incoming trends to watch.
This creates another opportunity for LinkedIn scammers. Scammers can build a relationship with their target by acting as high-ranking professionals. They will start a casual conversation over direct message or email. As the relationship begins to build, the scammer will eventually offer an erroneous opportunity to invest in cryptocurrency, resulting in the victim spending their hard-earned money unknowingly, only to never see the money again.
What do the attacks look like?
Like most phishing emails, the attacks will be formatted as though the email was sent from LinkedIn. The scammer will use webmail addresses that look like they are associated with LinkedIn. These phishing emails will use targeted subject lines such as:
- You appeared in 5 searches this week
- You have a new direct message
- Your profile matches this job
- Who’s searching for you online?
They incorporate LinkedIn’s logo, brand colors, and icons to make the email look legitimate. In the body of the email, the scammer will name-drop well-known organizations, such as Apple or Disney. The footer includes LinkedIn’s actual email footer, with their HQ address, as well as hyperlinks to unsubscribe, and their support section.
[Screen shot from Egress]
According to the FBI, scammers will contact you directly on LinkedIn, using their fake professional profiles to make their offer of investing in cryptocurrency seem legitimate. The conversation will stay casual at first because the fraudster wants to build trust and a relationship with you.
Once a connection is established, and you believe what this person is offering is genuine, they will direct you to an investment platform for crypto. At the last minute, the fraudster will tell you to move the investment to a false website they control. Once you have transferred the money, the funds are drained from the account, and you no longer have access to the money.
How can I avoid getting scammed?
This issue has not gone unnoticed by LinkedIn. The company (LinkedIn) says it removed more than 32 million fake accounts from the platform in 2021. Their automated defenses also caught 99.1 percent of spam and scams, raking up to 70.8 million attempts, between July and December of 2021.
Despite LinkedIn's efforts to fend off scammers, there is still an increase in fraudulent accounts and emails. Here are a few tips to help you learn how you can avoid falling for a scammer’s tricks.
Phishing Emails from LinkedIn:
- Check the sender: While it may say it is coming from LinkedIn, it is most likely a scam if it has random letters in front of the @ sign.
- Grammar and spelling errors: A large corporation like LinkedIn will not send you a notification filled with mistakes.
- Go to the actual site: Instead of clicking on the link in the email, go to your profile on the app or by typing the LinkedIn website into the search bar, then confirm the notification.
Direct Messages on LinkedIn:
- People messaging you may not be who they say they are.
- If they direct you to any website other than a legitimate crypto website, do not transfer funds.
- If there are any suspicious signs of fraud, immediately report the profile to LinkedIn or contact law enforcement.
How does this impact my business?
LinkedIn continues to be an excellent resource for building brand reputation, networking with prospective customers and employees, as well as promoting current campaigns or updates. As your employees engage with LinkedIn, educate them on phishing emails and fraudulent messages. If employees enter in their credentials or transfer money on their work computer, it will more than likely open a doorway into your database.
The best way to prevent any employee from falling for a phishing scam is by training them on the tricks phishers, and scammers use to reel in victims. CoreTech offers an in-depth training course and weekly training tests to keep your employees alert and knowledgeable. Click below to learn more about our cybersecurity training program.