LinkedIn is the social media platform of the corporate world, acting as a mouthpiece for companies, employees, and job seekers to share their thoughts, network, and find new opportunities. Unfortunately, it's also become a haven for scams that are targeting job seekers through obvious flaws in LinkedIn's internal structure.
While LinkedIn may be a hub of the business world, the platform's profile validation and identity protection features are lackluster. Fake job listings are created each day, tricking unsuspecting users into sharing information and potentially spending thousands of dollars on technology that will be shipped (and stolen).
Here is a step-by-step process of how scammers are leveraging LinkedIn:
LinkedIn allows any user, regardless of the age of the account or its previous activity, to post a job as any company. Anyone with an internet connection and an email address can sign up for a LinkedIn account and post a job from Microsoft, Google, Facebook - recently, even our team at SeedSpark. LinkedIn's structure then links these entirely false job listings to the targeted company's official LinkedIn page - a security oversight that the company has been aware of for years, but have taken no action to remedy.
The scammers then create false lookalike profiles on social media platforms and messaging services by downloading public profile pictures of the targeted company's team members, spoofing their job titles and personal descriptions to fool anyone that isn't deeply familiar with the company.
Once the scammers have someone "hooked" with a fake job offer they either email the applicant or start a chat on an encrypted messaging platform like Wire, telling the applicant to purchase high-end electronics like smartphones, tablets, and laptops that they'll then be reimbursed for. Before reimbursement, the applicant must send in their devices to be "preloaded with software." That's when all communication with fake representatives from the company will disappear, with these bad actors getting away with a collection of pricey technology and moving on to their next victim.
Our team has found that the scammers will register domains that are closely-related the targeted company's true domain. For instance, seedspark.com is our official company website. Scammers have been seen using seedspark.us for their attacks - a small discrepancy that still creates a believable online persona for those that are unfamiliar with the company and its normal domain. This domain redirects to the official domain, tricking anyone that isn't paying strict attention to the URL bar when visiting the website. Emails are registered with this domain that are once again lookalikes of real employees of the company, often specifically focusing on the HR department that usually handles new employee onboarding.
It's important to always check the sender's full email address and ensure that it doesn't vary from the official website domain, follows the naming convention of other company emails, and isn't being falsely masked.
No company communications will ever be sent from an email address registered with any domain other than SeedSpark.com. We will never chat with any job applicants over a communication platform other than Microsoft Teams.
LinkedIn, Indeed, and other platforms are great for finding new opportunities, but always complete your application through the links provided on the official website.
Always check the email address of the sender and connect with the company directly via their verified email address or phone number if something seems off.
Report a scam by clicking the three-dots icon and choosing "Report this job." You can also report the account that posted the job by finding their profile, if applicable, on the job listing itself and following the same steps.
With a constant flow of job seekers searching for their next opportunity, it's important to stay vigilant and verify new opportunities. The excitement of receiving an interview request or job offer can override common sense, but that's exactly when your senses should be at their height.