LinkedIn is a social and business networking website that people use to connect with potential employers, clients and improve their industry connections. In short, LinkedIn is the social media of the business world. Many potential employers look for employees on LinkedIn and people looking for jobs often browse through LinkedIn looking for job opportunities. A new hacker group has started targeting LinkedIn users who are looking for jobs with phishing malware. Read on to know more about this LinkedIn scam, and how you can protect yourself against it.
Hacker Group Targets LinkedIn Users with Sophisticated Phishing Scam
The COVID-19 pandemic has struck the corporate world pretty hard. Unemployment rates are historically high across the world. In a situation like this, countless unemployed people are turning to LinkedIn looking for potential job opportunities. These people who are just looking to find a job and earn a living are now being target with a sophisticated phishing job scam. As per a report by the cybersecurity firm eSentire, a hacker group known as ‘Golden Chickens’ have been sending fake job offer and opportunities to people looking for jobs.
The hackers are sending malware ZIP files in the form of a personal direct message (DM) to people looking for jobs and they are doing this with customised messages for each individual. For example, if you have the post of ‘Accountant’ in your employment history, you will get a message with a ZIP file saying, ‘Application for Account Position’. With specific messages like this, people are highly likely to click through to the ZIP file which contains malware known as ‘more_eggs’.
Once the unsuspecting LinkedIn users download the ZIP file and try to open it on their computers, the Malware is automatically installed on their PCs/laptops. The ‘more_eggs’ malware is used by hackers as a backdoor into the victims’ computers. The malware lays dormant in the computer, undetectable by antivirus, until the time the hackers give the malware an instruction. This malware is capable of downloading other virus and malware (such as banking malware) onto the users’ computer, as well as sending sensitive data such as username and passwords for different websites to the hackers.
How to Protect Yourself from the LinkedIn Phishing Scam
The malware is usually delivered in the form of a direct message in the form of ‘ZIP file’. If the hackers have your email id, they might even send you a fake job offer through your email with the link to the ‘ZIP file’. Anytime you get a suspicious email or message with a ZIP file offering a job, immediately delete the email/message and do not click on the ZIP file. If you end up click on the ZIP the malware will be downloaded on your computer. So, it’s best if you delete the message along with the ZIP so it has no way of infecting your computer.
Image Source: Unsplash