LinkedIn is a business social media platform that gives workers a space to connect, find new opportunities, and sometimes, humble brag about professional achievements. However, with an audience of 930 million and growing, the network is also attracting the attention of a different kind of opportunist — cybercriminals.
Behind WhatsApp and Facebook, LinkedIn is one of the most commonly targeted platforms by scammers. Recent research from virtual private network (VPN) provider Nordlayer reveals that the majority (52%) of US businesses have already fallen victim to LinkedIn scams, while a third are aware of fraudulent profiles using their company name.
To help you detect and avoid these professional honey pots, we spoke to LinkedIn users that have been targeted by these scams and compiled a list of the six common rackets to look out for. We also offer advice on how to identify a fake LinkedIn profile, to make it easier for you to network in peace.
LinkedIn scams:
Common Linkedin scams include email phishing, recruiter, romance, Chinese pig butchering, and technical support scams. Be wary of any messages or requests that seem suspicious, and jump to specific scams using the links below:
LinkedIn Email Phishing Scams
One common way cyber threats leverage LinkedIn’s professional network is through phishing scams – a type of ruse where bad actors reach out to potential victims through fake profiles.
LinkedIn phishers typically send targets a link disguised as a company website or document, which is designed to extract sensitive information or deploy malware on the victim’s browser.
When the founder of Nerdigital Max Shak fell victim to this type of cybercrime, he was asked to asked to click on a link to verify his account from a seemingly legitimate connection. “Naively, I clicked on the link,” Shak tells Tech.co, “which redirected me to a malicious website that mimicked the LinkedIn login page.”
“Unknowingly, I entered my login credentials, providing the scammers with access to my account. It was only after a series of unauthorized activities occurred on my account, such as suspicious messages sent to my connections and unauthorized changes to my profile, that I realized I had been targeted.”
Example of a LinkedIn phishing scam. Source: linkedin.com
Unfortunately, experiences like Shak’s aren’t unique. NordLayer research reveals that 46% of US businesses have received phishing messages in LinkedIn scams. So, how can you avoid falling for these tactics?
How to avoid this scam: Shak tells us that LinkedIn users should be “cautious of any unsolicited messages or requests for personal information” on the platform, and should always verify the authenticity of the account before clicking on any links.
We’d also add that even if you do think the link is legit, it’s best to avoid entering sensitive information that could jeopardize the security of you or your company.
LinkedIn Fake Recruiter Scams
Another common type of LinkedIn scam is the fake recruiter or ‘fake job’ scams, with research from NordLayer revealing that almost half (41%) of US businesses have been targeted by this professional form of catfishing.
As the name suggests, fake recruiter scams involve criminals creating a fake LinkedIn company or individual profile and reaching out to targets with fabricated opportunities. Monopolizing on recent layoff sprees and a rising number of applicants, scammers use information from legit companies and often have robust networks of connections, making it almost impossible to distinguish them from the real deal.
LinkedIn fake job offer scam. Source: reddit.com
After connecting with victims, fake recruiters present them with job opportunities relevant to their respective fields. They then move the ‘applicant’ along the interview process before offering them the job. Once the target has accepted the role, the scammers request payments or sensitive information as prerequisites to starting the job.
“While I didn’t suffer any direct financial loss, the experience left me feeling violated and concerned about the security of my personal information.” – Peter Wilson, Co-founder of Nihon Arubaito
This can be done in a number of ways. When talking about her experience with a fake LinkedIn recruiter, Peter Wilson Co-founder of the Tokyo-based employment resource Nihon Arubaito tells Tech.co “they requested sensitive personal information, such as my bank account details and social security number, claiming it was necessary for the hiring process”. Wilson immediately sensed something was off and reported the profile to LinkedIn, but not all fake recruiter attempts are easily detected.
After accepting a fake opportunity, JD Bhatala, Co-founder of WebContentEdge ended up sending LinkedIn scammers over a $49 registration fee to cover ‘administrative costs’. “Since everything looked genuine and legit, I happily paid the registration fee through a provided link” Bhatala told us.
How to avoid this scam: To make sure a job offer is legit, NordLayer recommends looking for inconsistencies in LinkedIn profiles, a dearth of personal information, and a lack of engagement with other accounts. Real recruiters will never ask for payments or sensitive data up front, either, so if you’re faced with unusual requests you should block and report the account immediately.
Skip to our section on how to identify a fake LinkedIn profile for more tips on weeding out scammers.
LinkedIn Romance Scams
While the words “professional networking app” and “romance” are rarely used in the same context, reports of LinkedIn romance scams have been rising over the years, following the success of the scam on other platforms.
This type of ruse is characterized by scammers sending out connection requests before feining some type of romantic interest with their targets. In most cases, scammers ask victims about their relationship status, interests, and personal life, to form some sort of connection.
Catfishers often try to move the conversation onto other platforms where data isn’t monitored. Then, once the LinkedIn user has fallen into the honey trap, the fraudster will request money or sensitive information and commonly resort to guilt tactics to try and achieve their desired result.
Source: Roger A. Grimes at csoonline.com
Roger A Grimes, a columnist at CSO Online was targeted by a romance scammer on LinkedIn claiming to be a student at Ohio Dominican University. You can read about his experience here.
How to avoid this scam: If someone you’ve never met is asking personal questions and trying to develop a relationship with you on LinkedIn, alarm bells should be ringing. Block all suspected romance scammers and report them to LinkedIn immediately.
And for those open to pursuing a special “connection” online, we’d recommend sticking to Bumble.
LinkedIn Chinese Pig Butchering Scams
Chinese pig butchering is a type of scam that leverages people’s desire to get rich quick through crypto trading.
This type of fraud originated in China, where it is known as ‘Shāz Hū Pán’, directly translating to ‘pig butchering’ – but no animals are harmed in the process of the scam. Instead, pig butchering scams rely on the concept of “fattening up” a victim up before cashing out, or “butchering” them to the tune of thousands of dollars.
In practice, this scam often starts with a stranger requesting to connect, before ‘accidentally’ messaging you, mistaking you for another connection. After they’ve found an in, the scammer will work hard at building a rapport and will tell you about an investment app they’re benefiting from.
In most cases, the swindler will then recommend an investment platform, and make sure you increase your returns in the early days of using the app. This is intended to “fatten you up”. After you’re convinced of the app’s legitimacy, the fraudster will persuade you to invest more money, before slaughtering you (AKA disappearing and never messaging you again).
Pig butchering scams are more common than most people realize too, with some LinkedIn users being targeted routinely. Jenson Crawford, a software engineer for Eastman Kodak told us that he got targeted by these attacks a couple of times a week, before adding that the investment opportunities ranged between “cryptocurrency, foreign exchange, and options trading”.
How to avoid this scam: If you receive a LinkedIn message from someone you’ve never met, claiming to have reached out to you by mistake, be wary. However, the main red flag to look out for with this scam is mentions of crypto trading or investment platforms.
LinkedIn Technical Support Scams
LinkedIn has also witnessed a rise in technical support scams – a type of con where bogus IT teams reach out to workers in a bid to extract sensitive credentials.
In technical support scams, bad actors typically contact targets via email, claiming that their LinkedIn account has issues. These issues can range in nature, but tend to be centered around cybersecurity flaws or failed payments.
After alerting victims, scammers will request them to click on a link to resolve the issue. This phishing link will redirect users away from the page, and inject code into their device’s flash memory. Once access is gained, hackers will be able to carry out a variety of malicious activities, from retrieving credentials to deploying ransomware.
This type of LinkedIn scam tends to be harder to spot too, as scammers often pose as LinkedIn or other legitimate tech support teams using proxy email addresses. So, if you suspect you’re being targeted by a false IT request, how can you verify its legitimacy?
How to avoid this scam: If you encounter a technical issue on LinkedIn, you should try and resolve it on the platform itself. LinkedIn won’t try and contact you out of the blue about tech issues over email, so if you receive messages about issues on the site, you should report them immediately.
How to Identify a Fake LinkedIn Profile
Scammers flock to LinkedIn because it’s widely understood to be a trusted platform. This veneer of credibility means that social engineering efforts on LinkedIn tend to be more successful, compared to scams carried out on other social media apps like Facebook and Telegram.
To avoid falling victim to a LinkedIn scam and becoming a cybercrime statistic, it’s essential to be able to differentiate fake profiles from the real deal. So, here are some tips for spotting red flags on the app.
- Lead with suspicion – As a general rule of thumb, it’s best to be overly cautious on the app than overly trusting. When you’re messaged by a new connection, look out for tell-tale warning signs like spelling and grammar errors, generic job offers, and requests for personal information.
- Check the details – The devil really is in the detail. While a profile may look legit at first glance, it’s always worth following links to other social profiles and checking for gaps or inconsistencies in professional and educational histories.
- Monitor activity – Fraudulent LinkedIn users won’t be as active as regular members. So if the profile seems to exist in a silo, and doesn’t engage with other accounts recently, it’s likely to be a fake.
- Is it too good to be true? – Just like with most things, if a job offer or opportunity seems too good to be true, it probably is. Approach all job offers with caution, and make sure you do your due diligence before moving forward with a recruiter.
- Use antivirus software – If you click on a malicious link from a fake profile, antivirus software like SurfShark will flag the page as high-risk, making it easier for you to identify threats and stay safe on the network.
LinkedIn itself is also working on its own tool to help root out fake profiles before they even reach users.
