Fake Job Offers

Cybercriminals are using phishing and social engineering tactics to send out fake job offers to candidates and?exploiting social media channels, especially?LinkedIn.

The bait used most frequently is a lucrative and generous job offer that is delivered to the victim in a pdf file.?Once a malicious file is opened, the malware is inserted into the system that can compromise an entire company’s network through any opened applications being used. A recent incident resulted in a $540 Million theft from Axie Infinity, via LinkedIn.

What can candidates do?

1. If you receive an email that?appears?to be from LinkedIn, and are unsure if it is legitimate, do not click on any link, nor reply. Instead,?open LinkedIn from your browser?and check your notifications.
2. Make sure your?privacy settings?for people outside your contacts only show the necessary information, like your work experience and education, but not your phone number.
3. Keep your passwords strong and secure.??Here’s an article with some tips on?password management.

Enable?Multi-Factor Authentication (MFA) (also known as Two-step verification). Find out how to enable MFA on LinkedIn?here.

Common signs a job isn’t real, according to LinkedIn:

• Contact not found on google search
• Can’t find company information
• Grammatical or spelling errors
• Personal information such as?PII?immediately required
• Too good to be true
• Lack of employment branding
• Look for proof job/listing exists
• Research companies on LinkedIn, Glassdoor, Indeed, Company Social Media pages, and Company Website

Share this information with far and wide! Let's all look out for each other.

THANK YOU!?Your companies are SECURE, because?YOU?make it secure!!

Always report?any suspicious activity work accounts to your IT or Cyber departments.

For reporting personal attacks, contact one of the following organizations:

The?FBI Internet Crime Complaint Center IC3, and the?Cybersecurity & Infrastructure Security Agency

BE SAFE AND BE SECURE!!!