LinkedIn scammers are increasing the sophistication of online attacks

Jobseekers on the world’s largest professional network are being scammed after taking part in fake recruitment processes set up by fraudsters posing as employers before obtaining personal and financial information.

“There is certainly an increase in attack sophistication and intelligence,” Oscar Rodriguez, vice president of product management at LinkedIn, told the Financial Times

“We see websites being created, we see phone numbers with a seemingly professional operator picking up the phone and answering on behalf of the company. We are seeing a shift to more sophisticated fraud,” he added.

The warning comes after the Microsoft-owned social media company said it had tried to block tens of millions of fake accounts in recent months, as US regulators warned of a rise in workplace problems.

Last month, cybersecurity company Zscaler uncovered a scam targeting job seekers and a dozen US companies where scammers were reaching out to people through LinkedIn’s InMail direct messaging feature.

The fraudsters identified companies already hiring, including enterprise software company Zuora, software developer Intellectsoft and Zscaler itself.

They then created “lookalike” websites with similar job postings and, using LinkedIn’s InMail feature, invited job seekers to enter personal information on the websites before conducting remote interviews via Skype.

“To top it off, they also created Skype profiles with the picture of [real] recruiter from the companies to also conduct interviews,” said Deepen Desai, vice president of security research at Zscaler. “Anyone who falls for it will 100 percent clear the interview with honors.”

Jobseekers were handing over “priceless” personal details to the scammers, with some asking for money for IT equipment or third-party training for which applicants would never be reimbursed, Desai added.

The recent rise of artificial intelligence programs that generate lifelike text and images also poses a new threat.

“During last year, [scammers] now they’re using artificial intelligence to create profile pictures that can very easily fool the human eye,” said Rodriguez, who added that LinkedIn uses its own AI to detect “deepfake generated profile pictures.”

Itai Maor, a professor of cybersecurity at Boston College and a security strategist at Israeli security company Cato Networks, said language programs like OpenAI’s ChatGPT are another potential tool for fraudsters.

“ChatGPT-style solutions… make it much harder to detect fraud. It speeds up the process and lowers the bar for newcomers,” he said.

The attacks come as the amount job seekers are losing to recruitment scams is on the rise. Data from the US Federal Trade Commission shows that in 2022, there were over 92,000 work and business frauds, with losses of US$367.4 million reported. That compared to 105,000 in all of 2021, where $209 million was lost.

Experts believe telecommuting has accelerated the trend. “In the old days, the problem for fraudsters and scammers was the face-to-face interview,” said Keith Rosser, chairman of JobsAware, a not-for-profit organization that provides help to British workers affected by job fraud. “Now there is a completely digital process. Workers expect online interview and website [application].”

Recent layoffs in the technology sector provide another “headline” for scammers to “go after,” said Kathy Dafan, assistant director of marketing practices at the FTC.

“Fraudsters are very creative in terms of triggering timely topics,” Rodriguez said when asked about the tech layoffs. “We’re seeing scammers trying to use whatever’s going on right now to give credibility [their attacks].”

Of the nearly 22 million fake LinkedIn accounts blocked from January to June 2022, 75 percent were suspended at the account registration stage, the company said.

It also recently introduced features that tell users how long a person has managed a LinkedIn profile and is developing alerting, automated InMail prompts to alert users when they receive suspicious messages about jobs or cryptocurrency investments, for example.

© 2023 The Financial Times Ltd