Sunday, August 22, 2021

LinkedIn jobs adverts targeted in new scam campaign

Posts on LinkedIn are being  abused to post fake job listings on behalf of virtually any legitimate company, cybersecurity experts have claimed.

Harman Singh, a security expert and managing consultant at security company Cyphere, shared details of the scams with BleepingComputer, noting that, "Anyone can post a job under a company's LinkedIn account and it appears exactly the same as a job advertised by a company."

There’s no dearth of fake LinkedIn job scams, but while these were orchestrated from fake recruiter accounts, Singh’s technique post the fake job on behalf of a genuine company, adding a whole new level of legitimacy to the scam. 

Feature or faux pas?

To test Singh’s claims, BleepingComputer used a LinkedIn account unconnected with its website to advertise a fake job listing. 

The listing didn’t identify who posted the job, making it appear as if it was posted by BleepingComputer itself. Furthermore, all applications sent in response to the fake listing, were sent to the non-BleepingComputer-owned email address.

Even more worryingly, BleepingComputer was unable to take down the fake listing posted on behalf of the website, as the platform prevented it from exercising admin control on the content.

The only option for businesses to prevent others from fraudulently posting jobs on their behalf is to rope in LinkedIn.

"You can manually email to the LinkedIn trust and safety team to get those options enabled that allow you to block unauthorised posts, and only allow authorised team members to post jobs," shared Singh.

A LinkedIn representative didn't directly comment on Singh's workaround, but shared the following statement with TechRadar Pro:

"Posting a fraudulent job is a clear violation of our terms of service. We use automated and manual defenses to detect any fake job posting and quickly take action to remove them. We’re constantly investing in new ways to improve detection, including providing tools for companies to require work email verification before posting to LinkedIn."

Via BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/3821TG2

No comments:

Post a Comment

NYT Strands today — hints, answers and spangram for Saturday, November 16 (game #258)

Strands is the NYT's latest word game after the likes of Wordle, Spelling Bee and Connections – and it's great fun. It can be diffi...