Cybercriminals are increasingly targeting private accounts on LinkedIn and WhatsApp because they are less secure than business accounts, according to Europe cybersecurity agency Enisa’s latest threat landscape report.
Here, an increasingly common method sees cybercriminals pretending to be recruiters targeting people in higher positions with sugarcoated offers of enticing jobs.
Sometimes hard to see through
Cybersecurity expert Emanuel Lipschütz left Conscia Sweden, the company he founded under the name Netsafe 27 years ago, a few months ago. In that month he has already been subjected to such attempts twice, once via LinkedIn and another via WhatsApp.
“This trend started with North Korean hackers posing as recruiters working for Meta. And that’s often how it starts — that cybercriminals and other fraudsters go after successful and sophisticated state actors,” he says.
“I myself have received an SMS via WhatsApp and a message via LinkedIn with a job offer. Both were quite obvious — there were warnings about the sender on WhatsApp and the sender on LinkedIn hadn’t really had time to build their profile and we had no common contacts,” Lipschütz says.
But just because the people who tried to trick Lipschütz weren’t very skilled doesn’t mean other cybercriminals can’t be better at this job recruitment technique. With profiles that pretend to work at real companies or at pretend companies for which they have created a website, it can becomes more difficult to see through the scam — not least if they also make sure to build a network of contacts on LinkedIn.
“If you have several common contacts with the person who gets in touch, you become less suspicious,” Lipschütz says. “Everyone likes flattery and if you are contacted by a recruiter who offers a position one step higher with a competitor, it is easy to get carried away.”
In the next stage, you have to click somewhere to fill in information, at which point malware slips in through the open door.
North Korean attackers have been known to use the method by luring developers with job interview offers, tricking them into trojanized Node.js or Python projects.
Different motivations
The purpose of accessing your account may look different depending on who is attacking you. A motive could be to get access to your name and brand or to get into the company you work for.
“If it is more simple fraudsters, it may be a matter of deceiving you out of your money, but if it is more professional actors, they may be more focused on accessing your organization and the data that is there,” Lipschütz says.
By contacting their targets through private accounts, it becomes easier for the cybercriminals to reach because the protection there is much lower than it is on business accounts.
“It is simply a weak link that they have identified to exploit,” he says.
How you protect yourself
So how do you act to protect yourself and at the same time not reject legitimate job offers?
Lipschütz has several concrete pieces of advice:
Firstly, you should always verify the identity of the person contacting you even if it looks like a legitimate profile and contact the recruitment companies directly, through their official channels.
If you are genuinely interested in the offer you receive, it is important to use secure communication and insist on communicating via the company’s official channels or email.
And as always, don’t open unexpected attachments, especially when they come from unknown sources via messaging apps. Take a near-fanatical approach to security updates — make sure operating systems and all apps are up to date to reduce risks — and install security apps that can detect malicious links and malware on your smartphone and your personal computer.
Read More from This Article: Headhunted? That dream job could be a trap
Source: News