The report claims that scammers are increasingly targeting big companies using LinkedIn lures, making it vital for businesses to ensure they protect themselves online. NordLayer’s research shows that at least one scam on LinkedIn has already been experienced by over half (52%) of US-based businesses in 2023. The threat actors usually target a person working at the target company, sending them a friend request and an instant message on the platform containing a suspicious link that either steals sensitive information from the victim or installs malware that gives attackers access to the corporate network.
According to the report, big US companies (65%), medium-sized companies (58%), and small companies (31%) have all experienced at least one attack. Additionally, the report noted that businesses were not only victims but also had their brand names used in attacks, with big companies particularly targeted for impersonation. Victims usually combat the threat by contacting LinkedIn’s customer support (69%), their company’s IT and cybersecurity departments (66%), and discussing it on the network itself (45%). Cybersecurity experts suggest educating employees about existing scams, encouraging them to use two-factor authentication, and verifying requests for information.
LinkedIn, with its vast user base of over 900 million, is not only benefiting hardworking professionals and job seekers but is also becoming an attractive platform for scammers to exploit. In fact, LinkedIn topped the list of brands most likely to be targeted for phishing scams in the first quarter of 2022. Scammers specifically target LinkedIn’s higher-income user demographic, turning the social network into a profitable breeding ground for fraudulent activities.
While there are various types of LinkedIn scams, they often rely on a set of familiar tactics. It is important to be vigilant and recognize common warning signs, such as:
- Individuals requesting personal information or assistance immediately after connecting with you.
- Prompt and consistent responses to direct messages, regardless of the time of day.
- The language that utilizes threats, urgency, or high-pressure techniques.
- Solicitations for untraceable forms of payment, such as cryptocurrencies, gift cards, wire transfers, or platforms like Zelle.
- Requests to shift conversations from LinkedIn to external apps like WhatsApp or Telegram.
- Newly created accounts with few connections and minimal engagement.
- Users discouraging you from discussing your conversations with others.
- Offers and business opportunities that appear too good to be true.
- Requests for upfront fees or funds in order to receive a promised sum of money.
LinkedIn has introduced new security measures, including free identity verification and verification marks.