LinkedIn is the social media platform of the corporate world, acting as a mouthpiece for companies, employees, and job seekers to share their thoughts, network, and find new opportunities. Unfortunately, it's also become a haven for scams that are targeting job seekers through obvious flaws in LinkedIn's internal structure.
How Scammers Are Targeting Job Seekers on LinkedIn
While LinkedIn may be a hub of the business world, the platform's profile validation and identity protection features are lackluster. Fake job listings are created each day, tricking unsuspecting users into sharing information and potentially spending thousands of dollars on technology that will be shipped (and stolen).
Here is a step-by-step process of how scammers are leveraging LinkedIn:
1. A Fake Job Listing is Created
LinkedIn allows any user, regardless of the age of the account or its previous activity, to post a job as any company. Anyone with an internet connection and an email address can sign up for a LinkedIn account and post a job from Microsoft, Google, Facebook - recently, even our team at SeedSpark. LinkedIn's structure then links these entirely false job listings to the targeted company's official LinkedIn page - a security oversight that the company has been aware of for years, but have taken no action to remedy.
2. Fake Profiles of Real Team Members are Created
The scammers then create false lookalike profiles on social media platforms and messaging services by downloading public profile pictures of the targeted company's team members, spoofing their job titles and personal descriptions to fool anyone that isn't deeply familiar with the company.
3. Scammers Steal Applicant Data and Technology
Once the scammers have someone "hooked" with a fake job offer they either email the applicant or start a chat on an encrypted messaging platform like Wire, telling the applicant to purchase high-end electronics like smartphones, tablets, and laptops that they'll then be reimbursed for. Before reimbursement, the applicant must send in their devices to be "preloaded with software." That's when all communication with fake representatives from the company will disappear, with these bad actors getting away with a collection of pricey technology and moving on to their next victim.
Convincing Fake Email Addresses
Our team has found that the scammers will register domains that are closely-related the targeted company's true domain. For instance, seedspark.com is our official company website. Scammers have been seen using seedspark.us for their attacks - a small discrepancy that still creates a believable online persona for those that are unfamiliar with the company and its normal domain. This domain redirects to the official domain, tricking anyone that isn't paying strict attention to the URL bar when visiting the website. Emails are registered with this domain that are once again lookalikes of real employees of the company, often specifically focusing on the HR department that usually handles new employee onboarding.
It's important to always check the sender's full email address and ensure that it doesn't vary from the official website domain, follows the naming convention of other company emails, and isn't being falsely masked.
No company communications will ever be sent from an email address registered with any domain other than SeedSpark.com. We will never chat with any job applicants over a communication platform other than Microsoft Teams.
How to Protect Yourself Against Job Scams
- Always go to a company's official Careers page for the latest job listings from their team.
LinkedIn, Indeed, and other platforms are great for finding new opportunities, but always complete your application through the links provided on the official website.
- Never provide any private information to companies without verifying that you're speaking with a legitimate member of their team.
Always check the email address of the sender and connect with the company directly via their verified email address or phone number if something seems off.
- If you do find a fake job listing on LinkedIn, report it.
Report a scam by clicking the three-dots icon and choosing "Report this job." You can also report the account that posted the job by finding their profile, if applicable, on the job listing itself and following the same steps.
With a constant flow of job seekers searching for their next opportunity, it's important to stay vigilant and verify new opportunities. The excitement of receiving an interview request or job offer can override common sense, but that's exactly when your senses should be at their height.