Tuesday, 12 July 2022

Is LinkedIn the safe space you think it is?

Last month, the FBI issued a warning about fraudsters using LinkedIn to target victims. Are you and your colleagues as aware of the risks as you need to be?

Last month, the Federal Bureau of Investigations (FBI) in the USA issued a warning about fraudsters using the professional social network LinkedIn to target victims. Are you and your colleagues as aware of the risks as you need to be?

Through the pandemic, the activities of hackers and cyber criminals boomed. One area which saw a big increase in activity is phishing. In particular, social phishing has become a focus of concern.

A lot of us know how to spot Facebook scams, malicious email links and the kind of personal phishing attempts that proliferate on social media. However, for many of us, the professional network LinkedIn has seemed like a relatively safe space.

What are the new risks on LinkedIn?

Last month, in late June, the FBI issued a warning about the activities of investment fraudsters, who are posing a “significant threat” to LinkedIn users. Users around the country told the American news outlet CNBC(1) that they lost small fortunes after connecting with someone on LinkedIn who they believed was giving them sound financial advice.

In an exclusive interview to the news network, Sean Ragan, the FBI’s special agent in charge of the San Francisco and Sacramento, California, field offices, said, “It’s a significant threat. This type of fraudulent activity is significant, and there are many potential victims, and there are many past and current victims.”

How the investment scam works

Typically, this type of scam works when a fraudster posing as a professional creates a fake profile on LinkedIn. They use this profile to reach out to other LinkedIn users. The scam starts with small talk over LinkedIn messaging, and eventually offers to help the victim make money through a crypto investment. Typically, the fraudster directs the user to a legitimate investment platform for crypto but, after gaining their trust over several months, tells them to move the investment to a site controlled by the fraudster. The funds are then drained from the account.

What makes this scam so dangerous?

What makes the scam so successful, according to those who spoke to CNBC, is that the victims have a higher degree of confidence in the platform. Because LinkedIn is a trusted platform for business networking, victims tend to believe the investments are legitimate.

Agent Sean Ragan warned of the sophistication of the attacks. He told CNBC that the scammers “spend their time doing their homework, defining their goals and their strategies, and their tools and tactics that they use.”

Are there other risks to which users of LinkedIn are exposed?

This isn’t the first time the FBI has issued warnings about the professional network. In January 2021, for example, the Government Agency warned about cyber criminals(2) who were using fake job listings to target applicants’ personally identifiable information.

Fake job or hiring scams occur when criminal actors deceive victims into believing they have a job or a potential job. Criminals create fake profiles and then try to leverage their position as “employers” to persuade victims to part with personally identifiable information or to send them money.

What is LinkedIn doing in response?

In its half-yearly fraud report, LinkedIn said it removed more than 32 million fake accounts from its platform in 2021. From July to December 2021, its automated defences stopped 96% of all fake accounts — that includes 11.9 million that were stopped at registration and 4.4 million that were proactively restricted, the report said. Members reported 127,000 fake profiles that were also removed.

LinkedIn(3) said its automated defences caught 99.1% of spam and scams, a total of 70.8 million, in that same time period. Another 179,000 were removed after members reported them. LinkedIn said it doesn’t provide estimates on how much money has been stolen from members through its platform.

What can you do to protect yourself and your staff?

The best way to protect yourself and your staff from potential phishing scams is training and awareness. LinkedIn underlines how important it is not to send money to people who connect with you over the platform. It also warns against responding to any romantic messages; this should be another red flag because LinkedIn says they don’t have a place on the platform.

For more detailed awareness training, please talk to our team about the cyber security training options Grant McGregor offers. We have a range of solutions which can help you to protect your staff and your organisation from potential scams and other malicious cyber activity.

Contact our team on: 0808 164 4142

Book a 15-minute chat  >>>

 

What’s more, you can also find additional information on our blog. Please feel free to share these links with your staff to make them aware of commons scams and risks:

New report on phishing email activity reveals an increasingly active threat landscape: an overview of the 2022 State of the Phish report

The ten phishing red flags you need to know about

Protect your business from these common financial phishing scams

Phishing in the time of coronavirus: the COVID-themed scams to look out for.

How Phishing got social: how social media became the fastest-growing type of phishing attack.

• And Are you doing enough to protect your staff against Phishing?

 

Sources:

1. https://www.cnbc.com/2022/06/17/fbi-says-fraud-on-linkedin-a-significant-threat-to-platform-and-consumers.html

2. https://www.ic3.gov/Media/Y2020/PSA200121

3. https://blog.linkedin.com/2022/june/16/working-together-to-keep-linkedin-safe