Phishing attacks are a common tactic used by scammers to steal personal information and money from unsuspecting victims. These attacks can occur through various channels, including email, text message, and social media platforms like LinkedIn. Phishing scams are a serious concern on LinkedIn, as scammers often create fake profiles to gain access to personal and sensitive information. This article will discuss how to spot a phishing scam on LinkedIn and provide resources to help protect yourself from these fraudulent activities.
Tactics used in LinkedIn phishing scams
Since last February, the amount of phishing attacks impersonating emails from LinkedIn have grown 232%. Using display name spoofing and stylized HTML templates, cybercriminals rely on social engineering to get victims to click phishing links in Microsoft 365. The victim then enters their credentials into a fraudulent website.
Many users have become desensitized to receiving emails from LinkedIn notifying you that "You appeared in 4 searches this week," "You have 1 new message," and "Your profile matches this job." But now, cybercriminals are using LinkedIn profiles in their webmail addresses to send out fake emails with the same subject lines. The emails' HTML uses the LinkedIn logo, colors, and icons and the names of other known companies, such as American Express and CVS, to help with the attacks' credibility.
When opened, phishing links on LinkedIn send victims to a website that harvests their login credentials. The footer features elements from the site’s genuine email footer, including their global headquarters address. The emails are particularly concerning so many people searching for new jobs and switching employers, and malicious links that look like they're coming from LinkedI make them more likely for people to open.
Proactive Measures to Prevent Phishing Scams
Everyone should know the basics for how to protect themselves and the groups or organizations they’re part of. Here is a brief look at some of the cybersecurity best practices to keep in mind.
Keep everything up-to-date: LinkedIn is a social network used to make professional connections. To stay safe, always keep your software and operating systems updated. To make it easy, turn on automatic updates when possible. Also, be sure to install software to scan your system for viruses and malware.
Install antivirus and anti-malware software: Antivirus and anti-malware software is crucial to protect your computer and data from various types of malicious software, such as viruses, Trojans, botnets, rootkits, rogue security software, ransomware, and other types of malware. While Windows 10's built-in antivirus is good enough for most people, it's still important to have additional protection. Keeping everything patched and practicing common sense is also important. A proper antivirus program defends against all kinds of malicious software.
Enable multi-factor authentication: In many situations, websites are requiring users not only to provide a strong password but also to type in a separate code from an app, text message or email message when logging in. Multi-factor authentication makes it much harder for a hacker to break into your accounts.
Verify the sender before clicking on any links or downloading attachments: It's important to verify the sender of an email before clicking on any links or downloading attachments to prevent falling victim to email spoofing. Always double-check email links by hovering over them to see where they lead and be cautious if they appear suspicious. Employing additional security measures like Microsoft's Safe Links policies can also provide added protection.
How to Spot a Phishing Scam on LinkedIn
Phishing scams can fool even the savviest of internet users. The scammers even go as far as to mimic the "from" address. So, how can you spot LinkedIn phishing?
Look for typos and misspellings in the subject line and the email body. Look at the link that you need to click to go further. If it brings you to a URL that is not using the LinkedIn domain or includes an attached file, it is most likely a phishing link. LinkedIn will not send you files, so it probably will infect your computer if opened. In all cases, if you suspect something, disregard the email, open your browser and access LinkedIn the way you usually do. If you receive an email that looks suspicious or if you are not sure whether it is a phishing email, contact LinkedIn immediately. You can also report the email to them by going to the site’s Help Center and clicking on “report spam.”
Take time to consider as scams often instill a sense of urgency in victims to force them into making poor decisions. If you feel rushed to make a decision, stop to consider because it could be a scam. Additionally, many LinkedIn scammers are based in foreign countries, so they may not be able to speak and write English fluently. Be on the lookout for misspellings, mangled grammar, and slang.
Most LinkedIn scams are created by people using fake profiles. This is a very common way of scamming others online. Be sure to look for incomplete or vague profile information. You can do this by checking the profile's connections and endorsements and verify the person's work history and experience.
What To Do if You’re a Victim of a LinkedIn Phishing Scam
If you’re the victim of a LinkedIn phishing scam, there are a few steps you should take to minimize the damage. First, change your LinkedIn password and enable two-factor authentication. Then, report the phishing message and check for any unauthorized activity on your LinkedIn account. Be sure to monitor your other online accounts as well and change their passwords, ideally each account should have its own strong and unique password. You should also consider notifying your bank or credit card company if you have provided any financial information to the scammers. It's important to act quickly to protect your personal and financial information from further harm.
If you suspect that you have fallen victim to a scam, it's crucial to report it to the relevant authorities, such as the Federal Trade Commission. They can provide valuable guidance on what steps to take next, including how to report the scam to law enforcement agencies. Additionally, consider installing reputable antivirus software to help prevent future scams. Finally, be sure to educate yourself on how to identify phishing scams and avoid falling victim to them in the future.
It is clear that phishing scams are a prevalent threat on the Internet. Hackers and fraudsters use various tactics to lure people into providing sensitive information, such as passwords or credit card details. To avoid falling victim to these scams, it is essential to be able to spot the warning signs of a phishing attempt. Some of the key indicators to look out for include suspicious emails or messages, requests for personal information, and suspicious website links. By staying vigilant and taking the necessary precautions, it is possible to protect oneself from the dangers of phishing scams on LinkedIn or any other online platform.