{"id":328084,"date":"2021-08-20T18:17:28","date_gmt":"2021-08-20T15:17:28","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/that-linkdin-job-listing-may-be-a-phishing-scam-review-geek\/"},"modified":"2021-08-20T18:17:28","modified_gmt":"2021-08-20T15:17:28","slug":"that-linkdin-job-listing-may-be-a-phishing-scam-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/that-linkdin-job-listing-may-be-a-phishing-scam-review-geek\/","title":{"rendered":"#That LinkdIn Job Listing May Be a Phishing Scam \u2013 Review Geek"},"content":{"rendered":"

“#That LinkdIn Job Listing May Be a Phishing Scam \u2013 Review Geek”<\/strong><\/p>\n

\n
\"\"
LinkedIn<\/a><\/span><\/figcaption><\/figure>\n

LinkedIn\u2019s verification process for new accounts is practically non-existent<\/a>, a problem that\u2019s made the website a hotbed for scammers and impersonators. But if that\u2019s not enough, a new report from BleepingComputer<\/em><\/a> shows that random people can post LinkedIn job listings under nearly any company\u2019s name, opening the door to phishing attacks and recruitment fraud.<\/p>\n

Several people may be aware of this \u201cfeature,\u201d but Harman Singh, a security expert at Cyphere<\/a>, was the first person to address it publicly. In his words, \u201canyone can post a job under a company\u2019s LinkedIn account and it app<\/a>ears exactly the same as a job advertised by a company.\u201d<\/p>\n

Companies cannot remove these fake job listings without contacting LinkedIn directly. And that\u2019s a big problem, because scammers can direct applicants to any website or email address using these fake listings.<\/p>\n

If you were to make a fake job listing for Apple, for example, you could redirect applicants to a fake Apple login page that collects usernames and passwords. Using email correspondence, you could convince applicants into sharing personal or financial info, such as social<\/a> security numbers (for \u201cbackground checks\u201d) or banking information (to set up \u201cdirect deposit\u201d).<\/p>\n

By default, LinkedIn gives companies zero control over unauthorized job listings. But some companies, like Google, are protected from this threat. That\u2019s because they have extra job listing controls that aren\u2019t available to average accounts. The only way to unlock these job listing controls is to hunt down the private email address for LinkedIn\u2019s Trust and Safety team (tns-SAFE@linkedin.com<\/em>) and complain about the site\u2019s poor job listing security. No joke.<\/p>\n

LinkedIn could solve this issue, or at least mitigate it, by immediately blocking unauthorized job listings for all companies. But the website doesn\u2019t seem all that interested in security! For what it\u2019s worth, LinkedIn tells BleepingComputer<\/em><\/a> that it uses \u201cautomated and manual defenses\u201d to block fake job listings, but these defenses did not stop BleepingComputer\u2019s<\/em> writers from setting up fraudulent job listings for their investigation.<\/p>\n

Source: BleepingComputer<\/a><\/small>\n<\/div>\n