If you’re on LinkedIn – and especially if you’re looking for a job – cybercriminals have their sights on you.
Hackers that are impersonating legitimate businesses are creating bogus LinkedIn job postings for malicious purposes. They are apparently able to do because of lax verification of companies offering jobs. The strategy is similar to email phishing, but bypasses email platforms and goes directly after LinkedIn users.
“Scams using job postings are one of the most powerful social engineering tactics used today,” writes Stu Sjouwerman, president of cybersecurity company KnowBe4. “Using a well-established site like LinkedIn, matched with the desire of the potential candidate to follow whatever process is necessary to get that cool job at that great company with the awesome pay adds up to be a perfect cyber-storm.”
Sjouwerman has been writing about LinkedIn vulnerabilities for several years. In 2019, he reported on a job seeker who was duped into downloading malware after he clicked on what he thought was a job application.
“It appears that LinkedIn still has no means for verifying that the poster is from the company they say they are,” Sjouwerman writes on the KnowBe4 blog. “According to Bleeping Computer, security researchers were recently able to walk through the posting process without needing to validate the company they purported to work for. This is a huge advantage for the threat actor. Think about it – if I want to target a specific industry or company, post a dev job as a competing company in that same sector. Simple, elegant, and likely effective social engineering – all thanks to LinkedIn.”
Sjouwerman says this type of attack is “one of the slickest as the victim feels completely like they are initiating the connection (as opposed to a phishing email that shows up in your Inbox) and is emotionally invested in following the process through to completion.”
Read Sjouwerman’s post, “Cybercriminals Can Post Jobs on LinkedIn Posing as Any Employer They Want.”
In 2020 and 2021, Alta Pro presented a popular four-part series of webinars on cybersecurity for law firms.Chapter three in the series featured a cyber-sleuth from KnowBe4, who shared insider tips for protecting your law practice. All four cyber webinars are available free and on demand on YouTube. Here is the link to the Alta Pro YouTube channel, where they can be watched anytime.
Succession Planning is key to your law firm’s future. Having a succession plan doesn’t mean you’re ready to retire or need to stop work today. It means having a blueprint for your future and a process for transitioning ownership smoothly, seamlessly and profitably. Learn more about succession planning – and how you can design a plan that’s right for your practice – by attending our upcoming live webinar, Success in Succession Planning. Our guest speaker is Camille Stell, CEO and founder of Lawyers Mutual Consulting & Services, who (literally) wrote the book on Designing a Succession Plan for Your Law Practice. One hour of CLE credit has been applied for and is expected to be approved. Register here.
Social Media Phishing Awareness Test
Cybercriminals use Facebook, LinkedIn, and Twitter to scrape profile information and create targeted spear phishing campaigns in an attempt to hijack your accounts, damage your reputation, and gain access to your network.
KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.
Here’s how the Social Media Phishing Test works:
- Start your test with your choice of three social media phishing templates
- Choose the corresponding landing page your users see after they click
- Show users which red flags they missed or send them to a fake login page
- Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered
Source: KnowBe 4
If you practice in Wisconsin, Texas, Minnesota, Ohio, Illinois, Indiana or Michigan, you can stay on top of ethics and risk management news by being a member of Alta Pro Lawyers RPG. You’ll get access to free webinars, the Pro Practice Playbook, Reminger ProLink, Ask the Risk Pro and more. Here’s how to join.