The pandemic left many people unemployed or rethinking their career choices. People spent their quarantine learning new skills, updating their professional profiles, and seeking better opportunities. LinkedIn is the de facto platform for professional networking. It’s the Facebook for jobs, with over 750 million members seeking jobs or looking to hire.
Job searchers check their LinkedIn profiles eagerly awaiting a competitive offer from a leader in their industry and often believe they’ve found exactly what they’re looking for. Sometimes they do, but in many cases, they find themselves on the receiving end of a malware attack from a fake LinkedIn profile looking to take advantage of ambitious career seekers.
LinkedIn Has No Employment Verification
LinkedIn works on an honor system. They don’t have the time or resources to verify the supposed credentials of everyone who creates a profile. There is no process to vet the education or work history of hopefuls who create accounts seeking job opportunities, and there is no process to verify that the person offering these candidates a job works for the company they claim to represent.
LinkedIn users have no way of knowing if anyone on the platform is legitimate. They’ve been operating under the assumption that people are who they say they are and job offers are above board.
This is a tremendous oversight on LinkedIn’s part. If platforms like Twitter and Instagram validate users who are simply posting witty content or selfies, one would assume that LinkedIn would offer a similar process for professionals with the ability to collect information from potential candidates.
LinkedIn’s failure to improve their process is even more troubling when that process has a well documented history of being abused and exploited by bad actors. Malware scams are a major security threat for LinkedIn, and they have been for quite some time. Despite the lengthy history of these scams, LinkedIn hasn’t enacted a valuable solution.
Malware Runs Rampant
Security company eSentire put their Threat Response Unit (TRU) in charge of monitoring LinkedIn threats. TRU discovered that a group of hackers calling themselves the Golden Chickens (who comes up with these names?) is consistently targeting professionals with fake job offers in a well orchestrated spear phishing scheme.
Spear phishing attacks are scams orchestrated by hacking groups that use targeted information. When scam messages appear, they’re personalized and reference the target’s specific information. This makes the attack appear like a legitimate inquiry to the unsuspecting user.
Victims are led through a series of processes that appear legitimate. The process ultimately ends with them installing a malware backdoor called more_eggs that is undetectable by antivirus software.
The Golden Chickens want more_eggs, and they’re certainly getting them.
In the past more_eggs has been used to steal data from online payment processing systems. It seems that the hackers are most interested in targeting people who are major players of highly successful organizations in an effort to steal payment information from their customers.
Don’t Trust Strangers on LinkedIn
These spear phishing attacks are well orchestrated and completely unmitigated. LinkedIn isn’t taking any meaningful steps to address or prevent them. Until they do, it’s wise to stay off of LinkedIn. You have no way of knowing if the person who is seemingly hiring or vetting you is intelligently stealing from you or your company.
TorGuard has been Impersonated on LinkedIn
Hackers have created profiles on LinkedIn claiming to work for TorGuard. We’re on the other end of this process. We’re never asked to confirm details about anyone who claims to work for TorGuard. Anyone on LinkedIn can make an account and automatically be added to a company’s employee list. This process legitimizes the appearance of hackers almost instantaneously. We’re a privacy company, and we’re well aware of the inexcusable and wholly unaddressed security vulnerabilities that plague LinkedIn. We’re not comfortable with the idea of using that platform to communicate. If you’ve received a message on LinkedIn from someone claiming to represent TorGuard, that message is almost certainly illegitimate. You can contact us at [email protected] to vet the legitimacy of any messages you’ve received.