Yet another phishing scam involving LinkedIn has been detected. The scheme is trying to trick users of the professional network to upload their CVs. Scammers are sending emails about alleged “job openings for active LinkedIn users”.
LinkedIn Phishing Scam April 2017: Details
Despite the efforts of the scammers, it’s easy to spot the details that reveal the inadequacy of the sent message. First of all, it’s quite obvious that the sender isn’t LinkedIn. However, the success of most phishing scams is due to the fact that users tend to open suspicious messages without having a closer look. It’s also very important not to forget that scammers typically impersonate popular services in their attempt to trick users into revealing personal information.
Another detail pointing to the unauthenticity of the message is the fact that it is not addressing the user by name. There is also no “unsubscribe” footer which is usually found in emails sent by LinkedIn. Furthermore, the email is creating a sense of urgency which should hint at its scam origin. Add the grammatical errors, and it becomes very clear that the user has been targeted by phishers.
Users who fall for the scam will typically proceed with clicking on the provided links. This action will take them to a page where they are supposed to upload their CVs. Fortunately, the scammy website identified as https://linkedinjobs.jimdo.com is already taken down. However, this doesn’t mean that users are safe. Scammers are known to react quickly by creating new websites thus prolonging the life of their phishing attempts. If new websites are created, the link in the phishing email is surely updated, too.
Why Do Scammers Want LinkedIn Users’ CVs?
CVs are usually abundant with sensitive personal information, including home addresses, email addresses, and phone numbers. The abundance of personal information can lead to a variety of activities including promotional cold calling, identity theft, vishing attacks, further spear phishing attempts targeting employers or colleagues of targeted the user.
To avoid becoming a victim of a phishing scam, always double-check the email and inspect it for signs that scream phishing. To increase your awareness, have a look at the phishing email described in this article: