With the present COVID crisis, many companies are facing a hard time managing their employees. Due to lack of revenue, many companies have decided to cut down their workforce, leaving millions of people jobless. As the vaccination for COVID started companies are trying to pick up where they left. Companies started hiring people, one of the most commonplace that companies prefer to visit for recruiting is Linkedin. Unfortunately, with the recent data Hackers are using Linkedin to lure job seekers with fake offers.
This time Hackers are using a very strategic approach for job seekers on Linkedin. Based on reports from Gizmodo, that features research published by eSentire highlights how Hackers are using Linkedin with fake job offers.
eSentire is a leading cybersecurity solution provider, warns companies and individuals that a hacking group is spear phishing business professionals on Linkedin with fake job offers. Later they will send a file which will hackers to have remote control over the victim’s computer. Thus allowing them to send, receive, launch and delete a file or else install the malware in their pcs.
Spear Phishing is a very well-known fraudulent practice employed by Hackers. In this Hackers will send emails apparently from a known or trusted sender. Then they will induce targeted individuals to reveal their confidential information. They can even install more extensions and plugins from here. Along with that, their tactics work in a very secretive manner and runs normally on run, so most of the victims will be unaware.
Here are the details of how Hackers are using Linkedin
Hackers are using Linkedin in a very strategic way, first, the hacker group studies their user’s Linkedin profile. Then they create a lucrative job offer tailored to that individual. For example, if the victim is a working or former customer executive. Then Hackers will offer them a fake job role with a similar position but a better salary.
If the victim agrees to it, then they will send a mail to the user. Once the Linkedin users get the mail he/she will asked to open the malware-laced .zip file. To go through the job description and employment application. In reality, these files contain malware dubbed as ‘more eggs. Which can easily fool the anti-virus in the system and discreetly get installed on the victim device without their concern or knowledge.
After that hackers can easily gain control over victim devices. Also they can install malicious plugins or ransomware, credential stealers, and more. Addressing this issue, Rob McLeod, Sr. Director of the Threat Response Unit (TRU) for eSentire stated that with the day-to-day increment in unemployment, it is the perfect time for hackers to take advantage of job seekers. In addition to this, A customized job offer is more enticing during these hard times.
As of now, there is no accurate information and eSentire reports also don’t mention how many people have fallen victim to these fake job offers. eSentire encourages everyone to beware of fake job offers and when you receive any unsolicited job offers.
Hackers are making Linkedin users data for sale on a hackers site
Nearly 500 million Linkedin user profiles data is part of a database posted for sale on a hacker’s website. This news was initially reported by cybersecurity news and research site CyberNews. Hackers leaked Linkedin Profiles information consists of user IDs, names, and email addresses. Along with phone numbers, professional titles, and their social media platform links. All this information was being sold for a four-figure sum.
Linkedin responded to this news Hackers are using Linkedin in an unethical way. Linkedin informed that the sale database, actually a collection of data from a number of websites and companies. In addition to this, the data from Linkedin users includes only information that people listed publicly in their profiles and the professional social media site. Which is owned by the PC maker Microsoft.
Linkedin further added that this data on hackers’ websites which consists of Linkedin users database has some loopholes. Like Linkedin states that this data is not a LinkedIn data breach, also it ensures that no private member account data from LinkedIn was included. From what the company was able to review.
The company also info,m that any misuse of our user’s data violates its terms of service. Linkedin prohibits third-party software, bots, browser extensions, and plugins that collect scrape data from the site. Responding to these claims that hackers are using Linkedin. The company states that when anyone tries to take other user’s data and use it for purposes Linkedin and our members have not agreed to. We will restrict them and hold them accountable.
Follow these steps to stop being a victim to hackers on LinkedIn
Next time, whenever you receive any job offers via emails from unknown senders be extra cautious. It’s even better to visit the company’s official website to check whether the company has the same job opening that the emails mentioned.
Also, keep in mind that no company will ask for money for registration or processing fee or any such procedures during the hiring process. In case if you get any documents especially .zip files never download unless you know that mail came from a known person. Along with that, it is better to have a good anti-virus application installed on the system.
Conclusion
Hopefully, we have everything that you need to know about how Hackers are using Linkedin to lure users with fake job offers. Due to the COVID crisis, millions of people have lost their jobs. Taking advantage of this situation Hackers are creating fake job offers for many users who are working and former employees. Hackers are following a very strategic plan for this, and infecting user’s devices with malware to allow hackers easy control of it.
