LinkedIn, another playground for cybercriminals

Scams on LinkedIn have been around since its inception, but their sophistication has risen sharply if we are to believe what the Microsoft-owned social media platform said in February 2023. “There’s certainly an increase in the sophistication and cleverness of the attacks. We see websites being set up, we see phone numbers with a seemingly professional operator picking up the phone and answering on the company’s behalf. We see a move to more sophisticated deception,” Oscar Rodriguez, vice-president of product management at LinkedIn told the Financial Times.

A month earlier, in January 2023, cybersecurity specialist Zscaler revealed a scam targeting jobseekers and around a dozen US companies. The scammers approached people through LinkedIn’s InMail direct messaging function.

“The Zscaler Threatlabz team observed multiple suspicious job portals and surveys used by attackers to solicit information from job seekers under the guise of employment application forms. The attackers may advertise jobs online, sometimes setting up fake websites, or look for targets on social media to steal money and personal information,” Zscaler says on its blog.

Generative AI tools: valuable allies for scammers

The aim of these cybercriminals is clear: to steal as much personal information as possible from job applicants. And when recruitment is involved, applicants tend to provide a great deal of information. Another potential scenario is tricking applicants into buying computer equipment or training sessions ahead of their future employment, with the false promise that their prospective employer will reimburse these expenses at a later date.

Generative artificial intelligence tools such as ChatGPT play a pivotal role in setting these traps, helping the scammers create persuasive job postings. Grammar, spelling and typing errors are practically a thing of the past. The same is true of odd-looking photos, which are being replaced with realistic images generated by Midjourney, DALL-E or Stable Diffusion.

“Most conversations take place by email. You therefore don’t need to have a perfect command of the local language. You just need to produce clean, error-free text,” says Benoît Grünemwald, cybersecurity expert at ESET France. By using AI, scammers can improve both the quality and quantity of fake job postings without spending any more time on creating them. This also makes it easy for novice cybercriminals to get started with this type of scam.

LinkedIn, the place for business intelligence operations

Job scams on LinkedIn are not just about money. They may also be business intelligence operations aimed at gathering valuable information about a company’s current projects.

“Advanced Persistent Threat (APT) groups are organising spear phishing campaigns targeting key profiles in certain companies. In particular, we have seen operations in the European aerospace and defence industry in which the hackers entirely duplicated recruitment campaigns being run by major corporations. These operations – which we believe with a high degree of confidence to be the work of North Korean cybercriminal group Lazarus – are designed to gather confidential information for the purposes of industrial espionage,” adds Grünemwald.

The cybercriminals do not necessarily target a company’s directors, as their profiles are of little interest for this type of information gathering. Instead, they target the company’s employees who, because they are working on a particular project, hold information that is both highly specific and strategic.

Microsoft’s response: identity verification for LinkedIn

In response to this upsurge in cybercrime, Microsoft announced in April 2023 a new way for its users to verify their identity on LinkedIn. Members of the professional social media platform can now verify their workplace using a Microsoft Entra Verified ID.

Organisations can use Verified ID to quickly create personalised employee digital identities that reflect their brand and business needs. With just a few taps in the mobile app, members can then obtain their employee digital ID from their organisation and request to share it on LinkedIn. Once they have submitted the request, LinkedIn verifies the credential and displays a workplace verification on their profile.

“Digital interactions often play a big part in how sophisticated cybercriminals manipulate their victims. This new verification tool will undoubtedly reduce the current threat and boost user confidence. As with all new tools designed to limit scams, bad actors will inevitably try to get round it,” says Grünemwald.

The cybersecurity expert ended by saying: “Identity and employment verification alone cannot completely stop attackers trying to create fake identities and fake companies to ‘verify’ fake jobs. However, widespread adoption of workplace verification on LinkedIn would make it harder for bad actors to impersonate legitimate accounts and create convincing fake personas.”