Security Alert: Job Seekers, Beware of this LinkedIn Scam
A stolen CV can do more damage than you think
Last updated on October 8, 2021
There’s a new LinkedIn scam doing the rounds, involving phishing emails and a fake website designed to harvest the information you have in your CV.
How the scam starts: the phishing email
In the first stage of the scam, you receive a phishing email disguised as a LinkedIn email.
Here are just a few of the giveaways that this is a phishing email:
Wrong sender name. Instead of it being “LinkedIn”, it’s “linkedin”.
The email sender address doesn’t make any sense. For the most part, emails from LinkedIn should end in “@linkedin.com” such as “email@example.com” or “firstname.lastname@example.org”
The urgent tone of the email. Phishing emails want to stop you from critically analyzing their contents by making it seem like the offer could expire at any moment, so you should act as soon as possible.
The design of the email. LinkedIn offers as a lot of information about the job listing within its newsletter, alongside mentions of connections and such.
It doesn’t have a correct LinkedIn footer. Normally, a legitimate footer from a big company contains an Unsubscribe / Help button, corporate branding, copyright protection and address.
Harvesting information from your CV
Clicking either of the two links in the spam email will send you to https://linkedinjobs (dot ) jimdo (dot) com.
We scanned the link with VirusTotal, and most of the security solutions found it to be clean, with the exception of a less well known scanner, AutoShun.
Clicking on the website itself will take you to a simple page, where the main focus falls on a form for uploading your CV.
Why would a cybercriminal want your CV?
Your CV contains a wealth of personal data which a cybercriminal uses to make a profit at your expense.
Phone numbers can be sold for companies doing promotional cold calling. Or, the cybercriminal might call you himself in a vishing attack.
In other cases, he might use the information for identity theft, using the companies you worked at or attached references as a cover for fraudulent activities.
Another frequently seen scam is one in which you do actual work, but only as part of a trial period. In these situations, the “employer” will fire you a few days before your first paycheck is due, which is exactly what happened to Beverly, who ended up working for a company she thought was legitimate, only to find in the final week that it wasn’t, and no salary would arrive.
Sometimes however, the attacker targets a company you worked at (or a future company you want to work for). Using the information found within your CV, the attacker might impersonate you in order to launch spear phishing emails against people in those companies, such as the CEO or the accounting department, in order to illegally obtain funds or money transfers.
In 2016 for instance, the CEO of an Austrian airplane component manufacturer was fired after he got tricked by a spear phishing attack that led him to transfer around 40 million euros to the scammer’s account.
When you’re actively searching for a job, being offered one in such a compelling tone might seem appealing. Because you expect to receive such messages (indeed, you welcome them) you’re tempted to let your guard down, and that’s exactly when a scammer strikes.