Important! June 12th, 2024 Webinar Attendees, please click here to complete our Survey or Verification Request Form.

Click Here

Cybercriminals Target Job Seekers on LinkedIn

Last update

at

by:

by:

Share

Print Friendly, PDF & Email
Bad guys pose as legitimate employers.

If you’re on LinkedIn – and especially if you’re looking for a job – cybercriminals have their sights on you.

Hackers that are impersonating legitimate businesses are creating bogus LinkedIn job postings for malicious purposes. They are apparently able to do because of lax verification of companies offering jobs. The strategy is similar to email phishing, but bypasses email platforms and goes directly after LinkedIn users.

“Scams using job postings are one of the most powerful social engineering tactics used today,” writes Stu Sjouwerman, president of cybersecurity company KnowBe4. “Using a well-established site like LinkedIn, matched with the desire of the potential candidate to follow whatever process is necessary to get that cool job at that great company with the awesome pay adds up to be a perfect cyber-storm.”

Sjouwerman has been writing about LinkedIn vulnerabilities for several years. In 2019, he reported on a job seeker who was duped into downloading malware after he clicked on what he thought was a job application.

“It appears that LinkedIn still has no means for verifying that the poster is from the company they say they are,” Sjouwerman writes on the KnowBe4 blog. “According to Bleeping Computer, security researchers were recently able to walk through the posting process without needing to validate the company they purported to work for. This is a huge advantage for the threat actor. Think about it – if I want to target a specific industry or company, post a dev job as a competing company in that same sector. Simple, elegant, and likely effective social engineering – all thanks to LinkedIn.”

Sjouwerman says this type of attack is “one of the slickest as the victim feels completely like they are initiating the connection (as opposed to a phishing email that shows up in your Inbox) and is emotionally invested in following the process through to completion.”

Read Sjouwerman’s post, “Cybercriminals Can Post Jobs on LinkedIn Posing as Any Employer They Want.”

In 2020 and 2021, Alta Pro presented a popular four-part series of webinars on cybersecurity for law firms.Chapter three in the series featured a cyber-sleuth from KnowBe4, who shared insider tips for protecting your law practice. All four cyber webinars are available free and on demand on YouTube. Here is the link to the Alta Pro YouTube channel, where they can be watched anytime.

Succession Planning is key to your law firm’s future. Having a succession plan doesn’t mean you’re ready to retire or need to stop work today. It means having a blueprint for your future and a process for transitioning ownership smoothly, seamlessly and profitably. Learn more about succession planning – and how you can design a plan that’s right for your practice – by attending our upcoming live webinar, Success in Succession Planning. Our guest speaker is Camille Stell, CEO and founder of Lawyers Mutual Consulting & Services, who (literally) wrote the book on Designing a Succession Plan for Your Law Practice. One hour of CLE credit has been applied for and is expected to be approved. Register here.

Social Media Phishing Awareness Test

Cybercriminals use Facebook, LinkedIn, and Twitter to scrape profile information and create targeted spear phishing campaigns in an attempt to hijack your accounts, damage your reputation, and gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

Here’s how the Social Media Phishing Test works:

  • Start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Source: KnowBe 4

If you practice in Wisconsin, Texas, Minnesota, Ohio, Illinois, Indiana or Michigan, you can stay on top of ethics and risk management news by being a member of Alta Pro Lawyers RPG. You’ll get access to free webinars, the Pro Practice Playbook, Reminger ProLink, Ask the Risk Pro and more. Here’s how to join.

Share

Print Friendly, PDF & Email

Related Posts on Altaprorpg.com!

Alta Pro Logo Icon

About the Editorial Staff

In an age of consolidation where increasingly impersonal transactions have made customer service an oxymoron, we bring together independent agents, insurance companies, and other industry specific service providers to develop and deliver insurance products and risk management solutions that benefit our insurance customers.

Join Our Newsletter

Occasional newsletters and CLE invites

Find Us on Social

Upcoming CLE Webinar: Essential Business Skills for Busy Lawyers Part 2 – Build Your Legal Practice Like a Pro

August 28, 2024 1:00 pm EST
CLE Credit: 1.0 Regular

Colleen L. Byers

Colleen Byers Mediation, LLC

Archives

Latest Videos

1 Hour

Essential Business Skills for Busy Lawyers Part 1 – Communicate Like A Pro

1 Hour

Creating an Attorney Compensation Plan That Will Build Firm Culture and Attract Top Talent

1 Hour

Cybersecurity for Attorneys: Employing Competent and Reasonable Safeguards

Need Help?

Visit our Frequently Asked Questions page. 

Or email us directly at info@altaprorpg.com

Or submit your issue in the comment form below and we will respond as soon as possible.