Heimdal
article featured image

Contents:

There’s a new LinkedIn scam doing the rounds, involving phishing emails and a fake website designed to harvest the information you have in your CV.

How the scam starts: the phishing email

In the first stage of the scam, you receive a phishing email disguised as a LinkedIn email.

Here are just a few of the giveaways that this is a phishing email:

  • Wrong sender name. Instead of it being “LinkedIn”, it’s “linkedin”.
  • The email sender address doesn’t make any sense. For the most part, emails from LinkedIn should end in “@linkedin.com” such as “jobs-listings@linkedin.com” or “invitations@linkedin.com”
  • The urgent tone of the email. Phishing emails want to stop you from critically analyzing their contents by making it seem like the offer could expire at any moment, so you should act as soon as possible.
  • The design of the email. LinkedIn offers as a lot of information about the job listing within its newsletter, alongside mentions of connections and such.

  • It doesn’t have a correct LinkedIn footer. Normally, a legitimate footer from a big company contains an Unsubscribe / Help button, corporate branding, copyright protection and address.

Harvesting information from your CV

Clicking either of the two links in the spam email will send you to https://linkedinjobs (dot ) jimdo (dot) com.

We scanned the link with VirusTotal, and most of the security solutions found it to be clean, with the exception of a less well known scanner, AutoShun.

Clicking on the website itself will take you to a simple page, where the main focus falls on a form for uploading your CV.

Why would a cybercriminal want your CV?

Your CV contains a wealth of personal data which a cybercriminal uses to make a profit at your expense.

Phone numbers can be sold for companies doing promotional cold calling. Or, the cybercriminal might call you himself in a vishing attack.

In other cases, he might use the information for identity theft, using the companies you worked at or attached references as a cover for fraudulent activities.

Another frequently seen scam is one in which you do actual work, but only as part of a trial period. In these situations, the “employer” will fire you a few days before your first paycheck is due, which is exactly what happened to Beverly, who ended up working for a company she thought was legitimate, only to find in the final week that it wasn’t, and no salary would arrive.

Sometimes however, the attacker targets a company you worked at (or a future company you want to work for). Using the information found within your CV, the attacker might impersonate you in order to launch spear phishing emails against people in those companies, such as the CEO or the accounting department, in order to illegally obtain funds or money transfers.

In 2016 for instance, the CEO of an Austrian airplane component manufacturer was fired after he got tricked by a spear phishing attack that led him to transfer around 40 million euros to the scammer’s account.

Report these scams and phishing emails

This isn’t the first time LinkedIn has been used a cover for a phishing campaign. Another similar situation was encountered in 2016, which we also covered.

It’s difficult (if not impossible) for companies alone to prevent these scams from taking place. In these cases, users too should contribute to keeping the Internet safe.

In cases involving LinkedIn, the best course of action is to report these to the company:

  • phishing@linkedin.com is for phishing messages you receive directly in your LinkedIn account.
  • safety@linkedin.com is for phishing emails you receive in your email inbox, from someone pretending to be LinkedIn.

LinkedIn itself also offers a thorough set of tips and advice on how to recognize various scams over the network, such as inheritance or dating scams.

To summarize

When you’re actively searching for a job, being offered one in such a compelling tone might seem appealing. Because you expect to receive such messages (indeed, you welcome them) you’re tempted to let your guard down, and that’s exactly when a scammer strikes.

If you want to know more about phishing, and how to prevent it, we recommend you check out our dedicated article on the subject and also our guide on improving LinkedIn security.

Author Profile

Paul Cucu

Security Evangelist

Paul is the newest writer in our team, with an interest in all things related to cybersecurity. Through his writing he wants to present and explain the most pressing online security issues of our day.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo