How to Avoid Frauds — And Being Hacked — on LinkedIn
Many of us are receiving more LinkedIn connection requests these days from people who seem to be strangers. When you receive a request like this, it’s hard to be sure how to respond. After all, it might be someone to whom you’re indirectly connected, and you don’t want to be rude. On the other hand, it may be part of some kind of fraudulent scheme, or worse, a hacker attempting some “human engineering” on you.
So what could a stranger be after, anyway? According to Ondrej Krehel of CSO, it’s likely to be phishing of some sort. Hackers use phishing to collect bits of seemingly innocent information that can be combined and built upon. One group of reportedly Iranian hackers posed as corporate headhunters on LinkedIn in order to acquire emails from within their targets’ companies. A hacker can glean information from business emails — such as job titles and a company’s organizational structure — that gives him leverage to phish higher and higher up the food chain. Some hackers make it to the top, posing as management capable of order subordinates to transfer funds to an account controlled by the hacker.
And of course, there’s the potential for planting malware on targets’ computers. The Carbanak cyber gang is believed to have made off with $1 billion from more than 100 financial institutions world-wide. Krehel says that fraudulent LinkedIn requests have some traits in common to keep an eye out for:
- Hackers often use stock images of attractive women as profile pictures. Unfortunately, they may also use pictures of actual professionals to appear more credible.
- Hackers may misrepresent themselves as recruiters for firms that may or may not actually exist, or list themselves as “self-employed.”
- Hackers have lately been copying real profiles, which is especially tricky since an external search will lead you down the same rabbit hole.
- A hacker’s fake profile will be littered with an abundance keywords to ensure the profile pops up in as many searches as possible.
So who can you trust among the LinkedIn requests that pop out of nowhere? See if LinkedIn shows you as being indirectly connected to the person already. You can also try a Google search to learn more about the person, bearing in mind that it won’t protect you if someone stole and identity outright. You can also try directly calling the company they claim to work for. Before you click the Accept button, whatever you do, think twice.