BEWARE OF SOCIAL MEDIA SCAMS ON LINKEDIN

A stern warning for our readers

MY HISTORY WITH SCAMMERS

In 2005, while living in San Diego North County (Encinitas) and having my own little digital imaging business while working as a community tennis organizer, I came across an emailed "job offer" that made me suspicious. Some foreign guy wrote he needed someone to fulfill the money part of orders he received through eBay. I engaged him in conversation and quickly learned a few things about his operation. He was based in Ukraine and scammed eBay buyers out of millions by pretending he was selling something valuable but didn't really possess those products.

How did he do it? He said he employed about 20 hackers in his office. One of their targets: Dormand eBay Power Sellers with high positive feedback scores. They hacked those accounts and with the login and password, they did the "eBay Photo-Only" scam.

Here's an example of how that works: They put up a photo of a rare electric guitar they didn't have and sold it to the highest bidder, let's say for $5,000. Then they told the second bidder that the first backed out of the deal and sold it again to that person. And so forth.

Their biggest problem: Those scammed buyers could not find out that the money went to the Ukraine. So they needed U.S.-based middlemen to collect the money for them, deduct a high commission(20% at least), and send it on via Western Union to the scammers in Eastern Europe.

Finding those middlemen with the allure of easy money wasn't too difficult for them. The challenge was keeping them because the scammed buyers went to the cops. After just a few transactions, the FBI was able to locate the middleman and it was over. Big trouble for those middlemen, of course. They burned a lot of people that way.

When I realized what was going on, I reported it via the FBI's cyber crime reporting portal but only got a generic reply. So I persisted and got in touch with the FBI's San Diego office. An agent called me back and invited me to a meeting in his office. During that meeting, I learned that he headed a task force trying to take down my Ukraine guy. He told me that I had gotten more information about this guy than the entire task force had and asked me to stay on and work with them to take him down. I learned that they did a similar operation with another Ukrainian scammer a few years earlier and were able to work with Ukrainian police to storm his office and book him.

For the next 8-9 months I worked with them and engaged my villain in more and more conversations where we learned how he also scammed people out of "eGold" for instance. Every month, the FBI paid me between $500 and $1,000 for my services. Always in crisp new $50 bills they called "drug money." It was fun for me and, since I was single at the time, I didn't mind the personal danger I could have been in.

How did it all end? Just before they were getting ready to fly to Eastern Europe and take the operation down, the FBI dismantled the task force and stopped all activities against this kind of scam. Bummer. But I must admit, I learned a lot about cybercrime and foreign scammers.

FAST FORWARD TO 2023

I recently became aware of another scam on a very popular social media platform that is business-oriented: LinkedIn. I'm using LinkedIn every day to connect with people and have gained over 11,400 followers over time. I use social networking sites a lot to connect with friends and colleagues. But I'm very aware that like on any website, scammers prowl these platforms for unsuspecting users. So it's not surprising that you always need to keep an eye out for scams.

According to Tripwire (Katrina Thompson "A Guide on 5 Common LinkedIn Scams"), the most popular scams on LinkedIn are

• Illegitimate Contact Requests
• Fake Job Offers
• Phishing and Whaling Ploys
• Tech Support Ruses
• Advanced Fee/Inheritance Schemes

You have to know what most of those attempts are designed to do: The scammers want access to your credentials and personal information. While an "Inheritance Scheme" may "only" get the scammer a certain amount of money wired from you, the "Fake Job Offers" ploy is on an entirely different level. Can you imagine what you may have to fill out on a job application? From address to DOB, social security number to maybe even bank account numbers. Good luck getting out of this situation unscathed.

MY RECENT OBSERVATIONS

It started a few weeks ago. I had observed fake account scams on Facebook for years but didn't see a lot of them on LinkedIn until now. And it's always the same M.O. for those cases:

1. A female with a beautiful face, mostly exotic, Asian, asks to connect via InMail. If you are a paid LinkedIn subscriber, you can use InMail to message someone you're not connected to. If you connect with "her" you'll most often reveal your email address. The person will use AI-generated verbiage and has a lot of AI-generated content on their page.

2. If you engage with "her" you will find a lot of discrepancies in regard to employer, residence, etc. All replies will be AI-generated.

3. When you ask too many penetrating questions, the LinkedIn profile will disappear.

2. If you don't ask those questions or connect with "her" on LinkedIn, the next step is that you will be asked to change the mode of communication to WhatsApp. Why? Because the person will now also have your phone number. They're building a profile trying to get as much information as possible until they reveal their scam like enticing you to invest in crypto they don't possess. Insiders call this "the long game."

Katrina Thompson writes on Tripwire: "To protect your account credentials against scammers, make sure that you treat emails and in-platform messages from people you don’t know – and even the ones you do - with caution. Verify requests and message content in multiple places (like an email or Slack) before responding and remember; if your boss wanted to communicate something urgent and work-related, they probably wouldn’t choose an outside social media platform to do it."

Here are two out of dozens of examples of fake accounts contacting me recently.

1. YUNQUING LIU's message made me suspicious from the get-go. First, beautiful, young women don't just send "Hello, I am interested in your information and hope to receive your reply" to an old fart like me. Not happening. You don't even know whether it's a woman at all.

2. Further down in the profile, nothing made sense. Mostly AI-generated nonsense like, "highly successful person with a central idea." Or, "I believe programmers don't want to be good kids."

I reported the profile and it has since been taken down. No doubt the same person has a hundred similar profiles - all set up as "long-game phishing scams."

The other candidate is Shura Robinson. "She" contacted me via LinkedIn message: "I hope this message doesn't interrupt your work, I saw your profile in the circle of people around me. I read your profile and think you're pretty good and look forward to connecting with you and finding mutually beneficial resources."

That message alone is quite suspicious. Further down she describes the real estate lending process. ("Installment payment: After signing the contract, the purchaser will divide the purchase price into several proportions...... and when the house is delivered, the payment will be paid in full.")

The profile disappeared after I reported it. But last week I found it is back with a slightly different name.

WHAT DOES LINKEDIN SAY?

Well, you really have no way of finding out. There is no phone number you can call. You can report a conversation as a scam but their answer will mostly be: "We have checked the profile and it is legitimate." Why? Because they don't have the manpower to really dig deeper into your complaint. The company revealed that there were over 21 million fake accounts detected in the first half of 2022. That's 21,000,000 in 6 months, my friends. Looks like they have dropped the ball and given up on stopping the scammers.

But you know now what goes on in Social Media. All other sites have the same problem but you are now on extra alert. Right?

Here's my guideline:

• In my experience, there are only 3 kinds of people contacting me on LinkedIn: Tennis folks, Sellers, and Scammers.
• Tennis folks want to connect. Teaching pros, coaches, USTA staff, and vendors. All legitimate and always appreciated.
• Sellers may be interesting to me, depending on their business. I often say no but sometimes I welcome them.
• Scammers are relatively easy to detect because nothing really makes sense. Don't engage. Report.
• Never reveal email, phone number, etc. to someone who is not a connection.

When I worked with the FBI, my Ukraine contact told me about his eGold scam. Wikipedia writes, "e-gold was a digital gold currency operated by Gold & Silver Reserve Inc. (G&SR) that allowed users to open an account on their web site denominated in grams of gold, or other precious metals, and that let users make instant transfers of value ("spends") to other e-gold accounts."

The scammer had developed a Trojan Horse that was able to find the eGold account number and password if an eGold user opened their phishing email with the Trojan Horse in it. His problem: He needed to know for sure if someone was an eGold account holder. So he was always on the lookout for people who gave him the email addresses of those account holders.

Learned something today? Good. Pass it on to your friends and family.