LinkedIn As An Attack Platform
When you think of social media, it’s likely that Facebook, Instagram and X spring immediately to mind.
Unless, that is, you are talking about professional networking platforms, in which case there can be only one: LinkedIn.
I have to admit that I am always somewhat surprised by the fact that LinkedIn doesn’t feature more prominently in cybersecurity reports concerning hack attacks of all kinds, but in particular when it comes to phishing. Not that the social media platform for professionals is immune to such things, far from it, as this latest case successfully illustrates. Especially given that LinkedIn is built for professionals to network, commonly used for work purposes, and often outside of the purview of enterprise security tools when used out of the workplace. One area that stands out for such usage would have to be when a user is looking for a new job. And that, dear reader, is where this hack attack alert comes into play.
In an “Ask HN” posting to the Y Combinator Hacker News site, one user posed the question: “Are they trying to hack me?” In this case Betteridge’s Law, which states that any headline ending in a question mark can be answered with no, does not apply. Dear reader, yes, they were.
With 1.2 billion registered users, it should come as no surprise that hackers target LinkedIn, and this latest hack attack alert needs to be taken very seriously considering the risk it poses to employers and employees alike. Here are the red flags you must watch out for.
In fact, the user posing the question, who goes by the name of dgrcode, had pretty much guessed that this was the case. “I'm in the middle of an interaction that has raised a few red flags,” the question began, “and at this point I'm confident this is part of hacking attempt.” That hacking attempt was taking place on LinkedIn, with a member reaching out with supposed jobs that matched the profile of the user in question. The conversation that followed explained the salary for a part-time position they expressed an interest in, and the first of many red flags started waving at this point. The person reaching out, supposedly on behalf of a client, said they were willing to accept the fact that the person had asked for twice as much as was initially offered.
This was quickly followed by a second: the online calendar, where an appointment to book an interview was to be made, had “pretty much full availability.” Something that anyone looking for a position being offered by an agency of any kind would find highly unusual.
Then things got really sketchy from the hack attack perspective. During the arranged chat, a zip file was sent to the user that supposedly contained a technical issue to be solved by way of a test task.
Being the technical type, after all, who else uses the Y Combinator Hacker News platform, the user decided to download this and inspect the code on an old system with a fresh Linux install. It turns out that the JavaScript Object Notation package was both marked as malicious and had already been removed from the NPM developer site a couple of weeks earlier as a result.
Watch Out For Red Flags And Use LinkedIn Advanced Safety Features
The alert here is for all LinkedIn users to beware of anyone reaching out about a job vacancy, especially when the red flags start waving as rapidly as they did here. The zip file that was downloaded actually contained malware that acted as an infostealer and would have happily grabbed login credentials and other data.
I reached out to LinkedIn for a statement, and a spokesperson told me: "“Fake profiles and fake jobs are not allowed on LinkedIn and we take a number of steps to combat job scams. We’ve built features to help members more easily identify trusted opportunities – like verification badges on job postings and recruiter profiles that confirm details such as company affiliation or verified identity. We also offer filters for verified jobs and optional safety tools, including message warnings and scam detection, while also making it easy to report suspicious messages to us. While the overwhelming majority of fake accounts on LinkedIn are blocked before they’re reported, it’s essential that job seekers stay vigilant. To help, LinkedIn shares tips for recognizing and reporting scams and job searching safely with our members."