Fraudsters are opportunists. The cybercriminal community will look for any way they can to get money from their victims, as easily and seamlessly as possible. Social media platforms are incredibly popular; scammers love popular platforms because they see cyber-attacks on these platforms as like ‘shooting fish in a barrel’. In 2019, Vade Secure found an almost 75% increase in phishing attacks across social platforms; Facebook seeing a 155% increase in Q1 of 2019.
This week’s scam is via the business social media platform of choice, LinkedIn.
The LinkedIn Phishing Scam
LinkedIn is the subject of several scam types. Many of us will have experienced scams such as fake job offers and fraudulent contact requests. But this week’s LinkedIn scam is all about the phish. In fact, it’s proven so popular… I received not one but two LinkedIn scams from genuine connections this week.
The first scam involves a private message, in this case it was from a legitimate LinkedIn contact of mine. The message seemed to be my contact asking that I click on a link to hear a privileged and confidential audio message from them.
This is a very clever phish using a real account.
The fact it is a real account makes it all the more sinister. Unlike the phishing message we regularly review on The Defence Works Breaking Scams blog, it comes from a real contact. This makes it all the more difficult to detect. It would be very easy to click on the link, and no doubt, many people do. The body of the text even includes reference to my contact’s name, including in the Message Preview, where it says “This is XXXX calling to…”. Sneaky, right?
Fortunately, I spotted the fake message. My contact then reached out to LinkedIn and sent out a round robin message to all contacts warning them the previous message was a phishing message.
But, that wasn’t the only scam I received via LinkedIn this week. The second one referred to a “quote regarding a new project” which was available to view via an online link. This one was equally as sneaky as not only did it come from a genuine connection, but the scammer had even copied and pasted my contact’s name and tagline (his job title and description) into the sign off of the message underneath “thanks”. The devil, as they say, is in the detail.
How Can a Legitimate LinkedIn Account Be Used for Phishing?
There were over 4 billion data records breached in the first half of 2019. Within those records are email address and passwords, some of which are not secured. Cybercriminals use stolen data to attempt to access well-known platforms, like social media accounts. The practise is known as ‘credential stuffing’. In an 18-month period to June 2019, there were 61 billion attempts at accessing accounts using stolen login credentials.
You can check if your data and password have been stolen using this link: https://haveibeenpwned.com/
What Happens If You Click the LinkedIn Phishing Link?
Clicking the link in the phishing message I received, took me to a website that had already been closed down. However, the likely scenario would have been either a malware infected website, which could have infected my computer or a site setup to collect personal data for fraud purposes.
How to Spot if a LinkedIn Message is a Scam?
Fraudsters that hijack real accounts and use them to send messages to the account contact list, rely on the fact this is a real account and therefore trusted. This makes it very hard to spot if the message is real or not.
If in doubt, call or email the contact before attempting to click any link that looks suspicious.
To prevent yourself becoming a victim of a LinkedIn account takeover use these tips:
- Turn on second factor login to LinkedIn
- Patch your computer regularly
- Keep personal data on your LinkedIn profile to a minimum and use the privacy settings
- Keep your company up to date with cybersecurity issues by using security awareness training
Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:
The LinkedIn Phishing Scam
LinkedIn accounts could be at risk of takeover because of increasing numbers of data breaches. If an account is breached, you may receive a phishing message from a legitimate, but hijacked, contact account. The message will ask you to click on a link to listen to a recorded message from your contact. This is a malicious link.
DO NOT CLICK ON THIS LINK
For more information on what to do if you receive a phishing email check out “What to Do if You Click on a Phishing Link?”
Don’t forget to share this with your colleagues and friends and help them stay safe.
Let’s keeping breaking scams!
Subscribe to the Proofpoint Blog