Published on November 21st, 2013 | by admin
Alluring Fake Recruiters Entice LinkedIn Users with Attractive Job Offers
Sydney, 21st November 2013– Amid research into the growing scams on LinkedIn, antivirus software provider Bitdefender has detected a new virulent campaign that lures victims with exciting job offers from the fake profile of an attractive female recruiter. The fake profiles gather the personal details of users and leads them to dangerous websites using URL shortening techniques.
The scam reads as follows:
“There are hundreds of companies right now searching for people that can speak two languages, it doesn’t matter what language you speak, as long as you speak English, and at least one other language, there are plenty of jobs available for you.”
According to Senior E-threat Analyst at Bitdefender, Bogdan Botezatu, as many users speak English and a native language, Australia is a key target, especially considering more than 5 million Australians are active on LinkedIn.
“The fake Australian profile of ‘Annabella Erica’ has already been injected into authentic LinkedIn groups such as Global Jobs Network, which includes 167,000 users worldwide. Members of the social network are now sharing insights on more than 2.1 million groups, so the number of victims exposed to the scam could be a lot higher,” said Mr Botezatu.
“The fake employment website is registered on a reputable ‘.com’ domain to avoid raising doubts as to its authenticity. Scammers gather e-mail addresses and passwords they may later use for identity theft. Fraudsters usually register websites for longer periods and sometimes make their pages look even better than legitimate websites.”
Recent fake documents leaked by former NSA employee Edward Snowden showed that fake LinkedIn profiles are also used for spying at higher levels. The UK Government Communications headquarters allegedly set up fake pages on LinkedIn and other websites to spy on communications companies across Europe.
“Employment scams are sometimes backed by other fraudulent websites, such as fake hotels, which often include a Career section. Names, addresses, banking information and other personal details obtained throughout the “recruitment” process may also be used for identity theft. In the end, victims may even get a new job as a money mule transferring illegal payments from one account to another,” said Mr Botezatu.
Mr Botezatu offers the following advice for Australia’s LinkedIn users:
- Always check the new profiles that add you on LinkedIn. No matter how hard you’re looking for a job or to expand your professional network, it’s crucial to do a bit of research before accepting new connections;
- Check if you share trusted connections with the people who add you on LinkedIn;
- When you share insights on LinkedIn groups, be careful with the information you post. Social engineers seek details that help them reach you or your company through spear phishing and social media attacks.
- Employment scammers require victims to pay in advance for attractive jobs, usually work-at-home scams. When you’re recruited for a new job, make sure you are the one who gets paid, not otherwise.
- Use a search engine to check if the picture of your new recruiter isn’t spreading on other web sites as well. Bitdefender discovered that “Annabella Erica” also wrote a testimonial as “Sara”, for a research and writing services company. Her picture is used on the websites of an eye care center, a student registration system and a Florida bank.
For more information please view the Bitdefender whitepaper on phishing and fraud.