‘Recruited’ on LinkedIn? Beware the Latest Job Scam

Fraud Watch
image

(Photo Credit: Shutterstock/fizkes)
By Sid Kirchheimer

Job websites are often used to pitch work that doesn’t work out. Posing as legitimate employers, scammers post ads for nonexistent positions—and usually include at least one of the typical tip-offs to a job scam.

Most often it’s requiring upfront fees for supposed background or credit checks, training or supplies. After paying, applicants are told they didn’t get the job—if they hear anything at all. Fraudsters seek your birth date, Social Security number or other sensitive info (that shouldn’t be on your résumé) for possible identity theft. Or, after “hiring” you with no face-to-face interview, they request your bank account number, for alleged direct deposit of paychecks.

The latest ruse: Con artists are posing as recruiters on the popular employment social network LinkedIn. It’s a convincing scheme because legitimate recruiters use LinkedIn to contact, out of the blue, potential job seekers among the website’s 400 million members.

“Using these fake LinkedIn accounts, scammers are able to establish a sense of credibility among professionals in order to initiate further connections,” reports security software manufacturer Symantec (maker of Norton products). The goal is to get contact information for you and those in your business network—“including personal and professional email addresses as well as phone numbers”—which can be used for spear-phishing emails.

Unlike “regular” phishing—general “Dear Customer” correspondence sent en masse (with hopes that a tiny fraction of recipients respond)—spear phishing is specific, including your name and other personal details for more convincing emails. In such a message, con artists may pose as a credit card company and ask for your account number, or they may devise other ruses to glean data worthy of identity theft.

Noting LinkedIn as “a prime target for scammers looking to connect with professionals,” the Symantec report follows others by cybersecurity experts at F-Secure and Dell SecureWorks. So if you’re a LinkedIn member who gets “recruited,” take it with a grain of salt and know that, at least for now, scam-centric fake accounts follow a specific pattern (and can be reported to LinkedIn).

  • They primarily use photos of women pulled from stock image sites or stolen from legit LinkedIn profiles or other social networks.

  • They copy text from profiles of real professionals. To check this, copy and paste a section of text into a search engine to see where else it appears, and from whom.

  • Commonly used key words include “Reservoir Engineer,” “Exploration Manager” and “Cargo Securement Training,” notes Symantec. Fake recruiter accounts also typically pitch jobs in logistics and the oil and gas industries.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud. Keep tabs on scams and law enforcement alerts in your area with AARP’s Scam-Tracking Map.