A sophisticated Iranian cyber-espionage organization has been using the career-networking website LinkedIn to trick its victims, and it’s not alone. Here are LinkedIn scams used by this group and others…
• You might receive a message from a professional acquaintance asking to be added to your LinkedIn network. But this LinkedIn request really is from a scammer using your acquaintance’s name. Later, this “acquaintance” might ask you to look over a file—but opening the file could load malware onto your computer.
• You might receive a LinkedIn message from a job recruiter inviting you to apply for a position. But if you fill out the job application, malware could be loaded onto your computer.
• You might receive a LinkedIn request from a stranger expressing interest in your business or region. The Iranian threat group created a LinkedIn profile for a fictional woman named “Mia Ash” to do this. Ms. Ash successfully built a rapport with many executives through LinkedIn and eventually asked them to take a look at a file, which loaded malware onto their computers.
This Iranian group previously used malware and similar techniques to steal trade secrets, but other scammers use similar strategies to steal victims’ identities…loot bank or investment accounts…or install “ransomware” on their computers that encrypts files until money is paid.
What to do: Before accepting a LinkedIn request or offer, e-mail (or call or text) the person who seems to be sending this message and say, “I just received a LinkedIn request that appears to be from you. I wanted to confirm that it really is from you—I’ve read about LinkedIn scams.” If you don’t have contact info for this person outside what is provided via LinkedIn, use a search engine to find contact info for him or his employer.
If you do not have a LinkedIn account, periodically check LinkedIn to confirm that no one has started one under your name to scam your acquaintances. And if you own or manage a company, make sure that your employees are aware of these LinkedIn scams—your trade secrets could be at risk.