That LinkedIn Job Listing May Be a Phishing Scam

Join 350,000 subscribers and get a daily digest of news, articles, and more.
By submitting your email, you agree to the Terms of Use and Privacy Policy.
Andrew is a writer for Review Geek and its sister site, How-To Geek. Like a jack-of-all-trades, he handles the writing and image editing for a mess of tech news articles, daily deals, product reviews, and complicated explainers. Read more…
LinkedIn’s verification process for new accounts is practically non-existent, a problem that’s made the website a hotbed for scammers and impersonators. But if that’s not enough, a new report from BleepingComputer shows that random people can post LinkedIn job listings under nearly any company’s name, opening the door to phishing attacks and recruitment fraud.
Several people may be aware of this “feature,” but Harman Singh, a security expert at Cyphere, was the first person to address it publicly. In his words, “anyone can post a job under a company’s LinkedIn account and it appears exactly the same as a job advertised by a company.”
Companies cannot remove these fake job listings without contacting LinkedIn directly. And that’s a big problem, because scammers can direct applicants to any website or email address using these fake listings.
If you were to make a fake job listing for Apple, for example, you could redirect applicants to a fake Apple login page that collects usernames and passwords. Using email correspondence, you could convince applicants into sharing personal or financial info, such as social security numbers (for “background checks”) or banking information (to set up “direct deposit”).
By default, LinkedIn gives companies zero control over unauthorized job listings. But some companies, like Google, are protected from this threat. That’s because they have extra job listing controls that aren’t available to average accounts. The only way to unlock these job listing controls is to hunt down the private email address for LinkedIn’s Trust and Safety team (tns-SAFE@linkedin.com) and complain about the site’s poor job listing security. No joke.
LinkedIn could solve this issue, or at least mitigate it, by immediately blocking unauthorized job listings for all companies. But the website doesn’t seem all that interested in security! For what it’s worth, LinkedIn tells BleepingComputer that it uses “automated and manual defenses” to block fake job listings, but these defenses did not stop BleepingComputer’s writers from setting up fraudulent job listings for their investigation.
Source: BleepingComputer
The above article may contain affiliate links, which help support Review Geek.
Facebook
Twitter
Instagram
LinkedIn
RSS Feed
The Best Free Tech Newsletter Anywhere
By submitting your email, you agree to the Terms of Use and Privacy Policy.

source

Digital Strategist Chris Hood

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2021 SHAQ HAX - Proudly powered by theme Octo