LinkedIn scams are getting more common, and more dangerous - here's how you can stay safe
Scammers are targeting big companies using LinkedIn lures
Scams originating on LinkedIn are getting more dangerous, and also more common, meaning businesses need to ensure they are staying protected online, a new report has claimed.
Research by NordLayer found more than half of US-based businesses (52%) has aleady experienced at least one scam on LinkedIn in 2023.
Most of the time, the threat actors would find a person working at the target company, send them a friend request, followed by an instant message on the platform. The message would carry a suspicious link that would either serve to steal sensitive information from the victim, or install a piece of malware that would grant the attackers access to the corporate network.
Tarnished reputation
The result of successful attacks is similar most of the time, with businesses fighting to save their damaged reputation (48%).
Big businesses seem to be the most popular targets, as the report states that almost two-thirds (65%) of big US companies experienced at least one attack this year. However, that doesn’t mean smaller businesses get a free pass - 58% of medium and 31% of small companies suffered at least one attack themselves.
But these businesses aren’t just victims because they’re targeted - their brand name also gets used in attacks, too. One of the most prevalent types of attacks among big companies (53%) includes impersonating people working in other big companies. This is somewhat unique for big brands, as only 13% of small companies experienced such scams.
> Hackers are using ChatGPT to write malware
> AI’s role in the future of cybersecurity
> These are the best identity theft protection tools around
To combat the threat, victims would usually contact LinkedIn’s customer support (69%), their company’s IT and cybersecurity departments (66%), and would often talk about it on the network itself (45%).
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“One of the best ways to protect your business from LinkedIn scams is to educate your employees about the types of scams that exist and how to recognize them,” commented Carlos Salas, a cybersecurity expert at NordLayer. “Also, encourage your employees to use two-factor authentication (2FA) on their LinkedIn accounts as well as verify requests for information.”
LinkedIn has made several moves to boost its own security in recent months, including a a new free way of verifying users' identities and employment roles, offering verification marks to help broaden its appeal.
With more verification methods, LinkedIn hopes that showing “you're the real you” will land you with better connections that lead you to more meaningful networks and improved job opportunities.
AI to the rescue
“Scams or fraudulent activity are a clear violation of our policies and we’re always working to stay ahead and keep our members safe," a LinkedIn spokesperson told us via email. "While scammers are continually trying new and more sophisticated tactics, we use technology including artificial intelligence paired with teams of experts to stop fraudulent activity – 95% of detected fake accounts and around 99% of detected spam and scams are removed by our teams before members ever see it."
"We’ve also launched a series of new features including an optional advanced safety feature that, when enabled, displays a warning on LinkedIn messages with high-risk content, such as a request to move the conversation away from LinkedIn, as this could be a sign of a scam. We also encourage our members to report anything that might violate our Professional Community Policies so we can investigate. You can learn more about the work we do to keep LinkedIn trusted and professional here," they concluded.
- Here's our rundown of the best firewalls right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.