Through the pandemic, the activities of hackers and cyber criminals boomed. One area which saw a big increase in activity is phishing. In particular, social phishing has become a focus of concern.
A lot of us know how to spot Facebook scams, malicious email links and the kind of personal phishing attempts that proliferate on social media. However, for many of us, the professional network LinkedIn has seemed like a relatively safe space.
Last month, in late June, the FBI issued a warning about the activities of investment fraudsters, who are posing a “significant threat” to LinkedIn users. Users around the country told the American news outlet CNBC(1) that they lost small fortunes after connecting with someone on LinkedIn who they believed was giving them sound financial advice.
In an exclusive interview to the news network, Sean Ragan, the FBI’s special agent in charge of the San Francisco and Sacramento, California, field offices, said, “It’s a significant threat. This type of fraudulent activity is significant, and there are many potential victims, and there are many past and current victims.”
Typically, this type of scam works when a fraudster posing as a professional creates a fake profile on LinkedIn. They use this profile to reach out to other LinkedIn users. The scam starts with small talk over LinkedIn messaging, and eventually offers to help the victim make money through a crypto investment. Typically, the fraudster directs the user to a legitimate investment platform for crypto but, after gaining their trust over several months, tells them to move the investment to a site controlled by the fraudster. The funds are then drained from the account.
What makes the scam so successful, according to those who spoke to CNBC, is that the victims have a higher degree of confidence in the platform. Because LinkedIn is a trusted platform for business networking, victims tend to believe the investments are legitimate.
Agent Sean Ragan warned of the sophistication of the attacks. He told CNBC that the scammers “spend their time doing their homework, defining their goals and their strategies, and their tools and tactics that they use.”
This isn’t the first time the FBI has issued warnings about the professional network. In January 2021, for example, the Government Agency warned about cyber criminals(2) who were using fake job listings to target applicants’ personally identifiable information.
Fake job or hiring scams occur when criminal actors deceive victims into believing they have a job or a potential job. Criminals create fake profiles and then try to leverage their position as “employers” to persuade victims to part with personally identifiable information or to send them money.
In its half-yearly fraud report, LinkedIn said it removed more than 32 million fake accounts from its platform in 2021. From July to December 2021, its automated defences stopped 96% of all fake accounts — that includes 11.9 million that were stopped at registration and 4.4 million that were proactively restricted, the report said. Members reported 127,000 fake profiles that were also removed.
LinkedIn(3) said its automated defences caught 99.1% of spam and scams, a total of 70.8 million, in that same time period. Another 179,000 were removed after members reported them. LinkedIn said it doesn’t provide estimates on how much money has been stolen from members through its platform.
The best way to protect yourself and your staff from potential phishing scams is training and awareness. LinkedIn underlines how important it is not to send money to people who connect with you over the platform. It also warns against responding to any romantic messages; this should be another red flag because LinkedIn says they don’t have a place on the platform.
For more detailed awareness training, please talk to our team about the cyber security training options Grant McGregor offers. We have a range of solutions which can help you to protect your staff and your organisation from potential scams and other malicious cyber activity.
Contact our team on: 0808 164 4142
What’s more, you can also find additional information on our blog. Please feel free to share these links with your staff to make them aware of commons scams and risks:
• New report on phishing email activity reveals an increasingly active threat landscape: an overview of the 2022 State of the Phish report
• The ten phishing red flags you need to know about
• Protect your business from these common financial phishing scams
• Phishing in the time of coronavirus: the COVID-themed scams to look out for.
• How Phishing got social: how social media became the fastest-growing type of phishing attack.
• And Are you doing enough to protect your staff against Phishing?
Sources:
1. https://www.cnbc.com/2022/06/17/fbi-says-fraud-on-linkedin-a-significant-threat-to-platform-and-consumers.html
2. https://www.ic3.gov/Media/Y2020/PSA200121
3. https://blog.linkedin.com/2022/june/16/working-together-to-keep-linkedin-safe