Phishing with a Familiar Face: How the LinkedIn Scam Targets New Employees
In this article Simon Plummer from Collective Security, our recommended cyber security consultants, sheds some light on how cybercriminals are looking to take advantage of new employees and their eagerness at starting their new job.
New employees are often brimming with excitement and a desire to prove themselves. Unfortunately, cybercriminals exploit this eagerness through cunning scams using public information on LinkedIn.
This deceptive tactic leverages publicly available information on LinkedIn to target new employees shortly after they join a company. Here's how it works:
- Data Scraping: Scammers scour LinkedIn for recently updated profiles indicating a job change.
- Fake Familiarity: They impersonate colleagues or clients, often using stolen profile pictures and names.
- Urgent Requests: The scammer simulates urgency, requesting the new employee's help with a task (such as making a purchase) or access to confidential information.
The new employee, eager to impress and lacking the context to identify the red flags, might fall victim to the scam, potentially compromising sensitive data or financial resources.
How to Protect Yourself and Your Employees:
- New Employee Security Awareness Training: Train new employees on common phishing tactics, including the LinkedIn scam. Even make them aware before their start date!
- Verification Protocols: Implement procedures for verifying the sender's identity before responding to urgent requests, especially via email.
- Cybersecurity Best Practices: Educate your staff on strong password hygiene, data security protocols, and reporting suspicious activity.
Step Up Your Cybersecurity
By raising awareness about the LinkedIn scam and implementing robust security measures, you can empower your new employees to become valuable assets without falling prey to cybercriminals.
Visit the Collective Security website.
