Alluring Fake Recruiters Entice LinkedIn Users with Attractive Job Offers
Fake profiles that gather personal details and lead users to dangerous websites are spreading at a faster pace on LinkedIn. Amid research into the growing scams on the professional social network, antivirus software provider Bitdefender has detected a new virulent campaign that lures victims with exciting job offers from an attractive female recruiter.
“There are hundreds of companies right now searching for people that can speak two languages,” the counterfeit recruitment message reads. “It doesn’t matter what language you speak, as long as you speak English, and at least one other language, there are plenty of jobs for you available.”
As many users speak English and a native language, the scam aims at most countries in the world especially the US, where over 84 million users are active on LinkedIn. The fake recruiter spreads the link to the scam using URL shortening techniques.
The bogus profile of “Annabella Erica” was already injected into authentic LinkedIn groups such as Global Jobs Network, which includes 167,000 users worldwide. Members of the social network are now sharing insights on more than 2.1 million groups, so the number of victims exposed to the scam could be a lot higher.
The fake employment website is registered on a reputable “.com” domain to avoid raising doubts as to its authenticity. Scammers gather e-mail addresses and passwords they may later use for identity theft. Fraudsters usually register websites for longer periods and sometimes make their pages look even better than legitimate websites.
However, there are several ways to avoid falling for this scam:
- Always check the new profiles that add you on LinkedIn. No matter how hard you’re looking for a job or to expand your professional network, it’s crucial to do a bit of research before accepting new connections;
- Check if you share trusted connections with the people who add you on LinkedIn;
- When you share insights on LinkedIn groups, be careful with the information you post. Social engineers seek details that help them reach you or your company through spear phishing and social media attacks.
- Employment scammers require victims to pay in advance for attractive jobs, usually work-at-home scams. When you’re recruited for a new job, make sure you are the one who gets paid, not otherwise.
- Use a search engine to check if the picture of your new recruiter isn’t spreading on other web sites as well. Bitdefender discovered that “Annabella Erica” also wrote a testimonial as “Sara”, for a research and writing services company. Her picture is used on the websites of an eye care center, a student registration system and a Florida bank.
Employment scams are sometimes backed by other fraudulent websites, such as fake hotels, which often include a Career section. Names, addresses, banking information and other personal details obtained throughout the “recruitment” process may also be used for identity theft. In the end, victims may even get a new job – as money mules transferring illegal payments from one account to another.
For more information about this make-believe industry, check the Bitdefender whitepaper on phishing and fraud.
Recent documents leaked by former NSA employee Edward Snowden showed that fake LinkedIn profiles are also used for spying at higher levels. The UK Government Communications Headquarters allegedly set up fake pages on LinkedIn and other websites to spy on communications companies across Europe.