ADVERTISEMENT
Hackers use LinkedIn with fake job offers as bait to prey on users
Rohit KVN
DH Web Desk
Last Updated IST
LinkedIn app on a phone. Picture Credit: Pixabay
LinkedIn app on a phone. Picture Credit: Pixabay

The untimely Covid-19 pandemic-induced lockdown caused severe stress on economic activities in 2020. Due to lack of revenue, several companies had to trim their workforce leaving many jobless.

However, with the arrival of vaccines, the economy is limping back to normalcy, firms are starting to hire people in select regions. LinkedIn is one of the biggest platforms for professional networking and job listings. But, unfortunately, bad actors are misusing the Microsoft-owned platform to prey on naive users to hack their devices.

The Golden Chickens hacking team is using the Spear Phishing technique to lure prospective job seekers with a fat paycheck offer, reported the Threat Response Unit (TRU), part of the eSentire’s research team.

ADVERTISEMENT

What's interesting is that the hacker group studies their user's LinkedIn profile and creates a lucrative job offer. For instance, if the victim is a current or former 'Senior Account Executive' at 'International Freight' company, the fake job posting will have a similar executive position but with a bigger salary.

Once the user receives the mail, he/she will be asked to open the malware-laced .zip file, to see the job description and employment application. Once opened, malware dubbed as 'more_eggs' is capable of fooling the anti-virus in the system and discreetly gets installed on the device (phone/PC) without the victim's knowledge. And, then the hackers can gain full control over the device and even install malicious plugins or ransomware, credential stealers, banking malware, and more.

Flowchart how the hackers lure victims. Credit: eSentire

“Since the Covid pandemic, unemployment rates have risen dramatically. It is a perfect time to take advantage of job seekers who are desperate to find employment. Thus, a customized job lure is even more enticing during these troubled times,” said Rob McLeod, Sr. Director of the Threat Response Unit (TRU) for eSentire.

The eSentire report doesn't mention how many people have fell victim to this fake job scam, but people have been asked to exercise caution when they receive any unsolicited job offers.

Tips on how to safeguard yourself from phishing attacks:
1) Be cautious when they receive any job offers via emails from unknown senders
2) Always go to the company's official website of the company to see if it has the same job offering for that particular position mentioned in the mail
3) Also, no company asks for money for registration or processing fee or any such procedure during the hiring process
4) Never download any .zip files unless you are sure the mail came from a known person
5) Always, make sure you have a good anti-virus application installed on the system

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.

ADVERTISEMENT
(Published 07 April 2021, 17:29 IST)