How scammers are using job offers to steal your identity

Through its Internet Crime Center (IC3), the Federal Bureau of Investigation (FBI) reports that cybercriminal groups are exploiting some errors in the verification mechanisms in a professional and job platform to publish malicious ads that would allow data theft and other variants of electronic fraud and extortion.

The main goal of this fraud variant is to obtain confidential information from victims, including email addresses, dates of birth, social security numbers, and even some financial details. The agency mentions that, since 2019, this variant of hacking has generated millionaire losses thanks to hackers using business accounts on a website focused on employment, advertising fraudulent job offers.

As mentioned above, the IC3 attributes the increase in this trend to low security standards on this website, allowing threat actors to run any ads to attract potential victims: “These ads appear alongside legitimate jobs posted by other companies, making it difficult for applicants and other companies to distinguish between legitimate and fraudulent job postings,” notes the report.

Authorities did not disclose the compromised online work platform, although security specialists believe it could be LinkedIn, one of the most important professional networking platforms. A few months ago it was reported that a flaw in LinkedIn would have allowed any user to post a job offer from a verified business account without requiring verification.

Last week, LinkedIn published its latest Transparency Report, which includes detailed reports on fraudulent practices on the platform. The report notes that, over the past year, security teams blocked a total of 11.5 million fake accounts on the website, in addition to removing more than 60 million posts deemed spam or fraudulent content.

These malicious posts take a lot of information from legitimate businesses, be it logos, addresses, phones and email addresses, which makes the scam even more credible, As if that were not enough, the FBI pointed to the detection of some cases in which scammers even get names of real employees in these companies, using this information to contact unsuspecting users. Remember that it is not advisable to share these details with any user over the Internet, even when establishing contact through a recognized platform.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.