What the Tech? LinkedIn fake profiles and malware
The social media network many people trust, LinkedIn has a malware problem. Researchers are finding an increase in the number of fake LinkedIn accounts that spread dangerous malware on people's computers.
If you've ever used LinkedIn to find a job you could easily get more than you bargained for. Hackers are using LinkedIn to advance their careers and increase their bank accounts.
In recent weeks and months fake LinkedIn profiles have been discovered that are sending links to unsuspecting users that include malware. The malware that's been uncovered often nabs the users information such as place of employment, hometown and e-mail address.
Here's how this scam works:
The LinkedIn user receives a connection request from someone, often from a hiring manger, at a company they'd consider working for. The job seeker accepts the request thinking it might lead to a new job. The fake profile then sends a private message to build up a relationship. They might send an email or a link through the private message, asking the user to click on it for information about a new job.
The LinkedIn user clicks on the link which installs malware, even the dreaded ransomware on their computer. If the attachment is opened on a worker's work computer it could infect the entire network.
Dell Research identified 25 fake profiles. They all looked legitimate with a profile picture, connections, resume and recommendations. Several of those were linked to other fake accounts. It's difficult to discern whether the account is from a real person employed at the company or a hacker.
Recently a cyber-security company identified accounts set up by hackers of accounts seemingly from the name of an actual employee.
This scam is successful because hackers can identify actual LinkedIn users by their occupation or employer and send invitations tailor-made to be of interest. An IT employee might get a connection request from a hiring manager with information about IT jobs.
So what should you do about these fake LinkedIn requests? Here are some tips:
Be discerning about any connection requests from people you don't know or with companies you haven't communicated with before.
Don't accept every connection request you're sent. I must get a dozen requests a week and I don't accept any that's in a field or company I'm not interested in for future job positions. I also decline connection requests from Facebook friends unless they're in the same line of work as me.
Don't be quick to click on any links sent through e-mail or a private message. If a connection wants to send a job application, ask if you can call them first.
Don't be too trusting of friend or connection requests on any social media platform.
LinkedIn has set up a website for anyone to report suspected fake profiles.