LinkedIn has been hit by an increase in sophisticated recruitment scams as fraudsters seek to capitalize on the trend towards telecommuting and widespread layoffs in the tech sector.
Jobseekers on the world’s largest professional network are being scammed after taking part in fake recruitment processes set up by fraudsters posing as employers before obtaining personal and financial information.
“There is certainly an increase in attack sophistication and intelligence,” Oscar Rodriguez, vice president of product management at LinkedIn, told the Financial Times
“We see websites being created, we see phone numbers with a seemingly professional operator picking up the phone and answering on behalf of the company. We are seeing a shift to more sophisticated fraud,” he added.
The warning comes after the Microsoft-owned social media company said it had tried to block tens of millions of fake accounts in recent months, as US regulators warned of a rise in workplace problems.
Last month, cybersecurity company Zscaler uncovered a scam targeting job seekers and a dozen US companies where scammers were reaching out to people through LinkedIn’s InMail direct messaging feature.
The fraudsters identified companies already hiring, including enterprise software company Zuora, software developer Intellectsoft and Zscaler itself.
They then created “lookalike” websites with similar job postings and, using LinkedIn’s InMail feature, invited job seekers to enter personal information on the websites before conducting remote interviews via Skype.
“To top it off, they also created Skype profiles with the picture of [real] recruiter from the companies to also conduct interviews,” said Deepen Desai, vice president of security research at Zscaler. “Anyone who falls for it will 100 percent clear the interview with honors.”
Jobseekers were handing over “priceless” personal details to the scammers, with some asking for money for IT equipment or third-party training for which applicants would never be reimbursed, Desai added.
The recent rise of artificial intelligence programs that generate lifelike text and images also poses a new threat.
“During last year, [scammers] now they’re using artificial intelligence to create profile pictures that can very easily fool the human eye,” said Rodriguez, who added that LinkedIn uses its own AI to detect “deepfake generated profile pictures.”
Itai Maor, a professor of cybersecurity at Boston College and a security strategist at Israeli security company Cato Networks, said language programs like OpenAI’s ChatGPT are another potential tool for fraudsters.
“ChatGPT-style solutions . . . make it much more difficult to detect fraud. It speeds up the process and lowers the bar for newcomers,” he said.
The attacks come as the amount job seekers are losing to recruitment scams is on the rise. Data from the US Federal Trade Commission shows that in 2022, there were over 92,000 work and business frauds, with losses of $367.4 million reported. That compared to 105,000 in all of 2021, where $209 million was lost.
Experts believe telecommuting has accelerated the trend. “In the old days, the problem for fraudsters and scammers was the face-to-face interview,” said Keith Rosser, chairman of JobsAware, a not-for-profit organization that provides help to British workers affected by job fraud. “Now there is a completely digital process. Workers expect online interview and website [application].”
Recent layoffs in the technology sector provide another “headline” that fraudsters are “going after,” said Kathy Dafan, assistant director of marketing practices at the FTC.
“Fraudsters are very creative in terms of mobilizing timely topics,” Rodriguez said when asked about the technology layoffs. “We’re seeing scammers trying to use whatever’s going on right now to give credibility [their attacks].”
Of the almost 22 million fake LinkedIn accounts blocked from January to June 2022, 75 percent were suspended at the account registration stage, the company said.
It also recently introduced features that tell users how long a person has managed a LinkedIn profile and is developing alerting, automated InMail prompts to warn users when they receive suspicious messages about jobs or cryptocurrency investments, for example.