Phishing Alert: Don't Let Scammers Steal Your Bank Information Using a Fake LinkedIn Email
If you are one of 562 million LinkedIn users, you need to be extremely cautious about scams that are specifically designed to target you. LinkedIn is a social networking platform that was built to help connect businesses with existing and future employees. The platform allows anyone to create a free virtual CV and use it to apply for jobs that companies offer. It provides a private messaging feature, and it also allows communicating with businesses and individuals via email. Every time someone checks a user's profile, a message is sent, someone posts an update, or LinkedIn itself wants to send a newsletter, an email is sent by default. When signing up, the user must do so using a valid email address, and so there is no way of leaving the email address out of the process. Unfortunately, that is what schemers are successfully using against the most gullible users. If you continue reading this blog post, you will learn about the most common phishing scams that are targeted at Linkedin users.
Schemers are smarter than you might think
If you think that you would never become a victim of LinkedIn phishing email scam, you need to think again. Unless you inspect every single email you receive, you could be scammed before you can put two and two together. Schemers know how to set up realistic-looking email addresses. They know what kinds of subjects lines are used by LinkedIn. They know how to design emails to make you suspect nothing. To do that, they can use the same fonts, the same logos, and the same color schemes. On top of that, the messages sent via LinkedIn phishing emails can look completely legitimate. So, if you receive an email from, let's say, firstname.lastname@example.org, the subject line says something like Urgent Password Reset Required, and the message looks very similar to legitimate emails you have previously received from LinkedIn, do not jump into action. There are plenty of different scams that virtual attackers have created, but a few of them are most common and, in many cases, most successful.
N.B. The email address and subject line used in this scenario are completely fictional, and are used just as an example.
Please add me to your LinkedIn network
If you have set up your LinkedIn profile, and you accept invitations from anyone, you must have received emails with the Please add me to your LinkedIn network message. This message basically informs that someone wants to connect with you, and the email should contain Accept and View profile buttons. A fake LinkedIn phishing email could contain the same message and the same buttons, but if you click them, you could be routed to malicious sites, or malware could be executed immediately without any of your notice at all. This is why it is best to go to your LinkedIn app or visit linkedin.com to check the requests you get. Needless to say, if there are no new contact requests, the email is bogus.
In a different scenario, the message could be sent by LinkedIn, but the person trying to connect with you could be a scammer. So, for example, if you have adjusted your settings to receive messages from contacts only, schemers will be able to send you bogus messages with, for example, corrupted links, only if you are connected to them and, potentially, trust them more. For example, just last week, Nebraska's Treasurer informed about a fake account that, by the time it got deleted, already had 350 followers.
Fake security warning from LinkedIn
Just like with bogus contact requests, schemers could create fictitious email messages, allegedly, sent by LinkedIn. Service providers often communicate with their customers/users via email, and so the next time you receive an email message might not surprise you at all. LinkedIn can introduce you to updated policies, send you newsletters and interesting articles that are posted on the platform, as well as alert you of security issues. For example, if the company experienced a data breach, they could send you an email explaining the situation and, potentially, asking to update your password and other personal data. Again, this is just a speculation. Unfortunately, attackers could create a bogus LinkedIn phishing email to make you think that you need to update personal information due to security issues.
Whether you are asked to confirm your email or reset your password via a sent link, you need to think carefully before doing anything. Phishing emails can be used to extract the most sensitive data, including your password, which is why you must make no haste decisions. Remember that you can always reset your LinkedIn password via the app or linkedin.com profile. You do not need to do it via suspicious links.
LinkedIn phishing emails could be used to steal banking information
If you are a member of LinkedIn Premium, you need to cough up at least $29.99 per month. According to the company, if you sign up for Premium, you can find better jobs, connect the recruiters that might have checked your profile (otherwise, they might be invisible to you), take a complimentary course to strengthen your profile, as well as use InMail, an exclusive messing service provided by LinkedIn. If you are a Premium member, you must have shared payment-related information, such as your credit card number. If that is the case, you could be scammed into disclosing this information. Phishing emails are usually used to extract personal information and passwords, but schemers can also use them to trick gullible users into disclosing credit card numbers, expiration dates, etc. If they obtain this kind of information, they can empty your accounts or perform illegal transactions without your notice. Obviously, if you do not want to be scammed, you need to ignore phishing emails that ask you to disclose credit card numbers and similar sensitive data.
How to avoid LinkedIn phishing email scams
You can learn more about phishing scams by clicking HERE, and you should definitely read the article to comprehend the issue better. In this specific scenario, however, you need to look at a few specific things.
- Always look at the address of the sender. Once you get familiar with the address used by LinkedIn or any other service provider, it will become much easier to spot fake addresses.
- Always look for the style and grammar of the message. If it contains grammatical errors, or the style is out of the ordinary, you could be dealing with a phishing email.
- Always beware of links, buttons, and attachments sent to you. If you have the option, log into your account (open the LinkedIn app or go to linkedin.com) to approve any new contact requests, check messages, reset passwords, etc.
- Always hover over links – if you are sent any – to check the URL of the link. Note that schemers can use URL shortening to confuse you.
- Always ignore emails that ask to disclose personal information. These phishing emails could try to convince you that you need to verify yourself or confirm data, such as passwords. Remember that NO ONE should ask you for personal information via email.
- Always cross-check the warnings that you are receiving. For example, if you are asked to change password because of a data breach, do a quick search online to confirm if a data breach is real.
- Always report phishing emails to email@example.com to ensure that schemers cannot scam more gullible users.