LinkedIn jobs adverts targeted in new scam campaign

Anyone can abuse LinkedIn jobs posts, researcher claims.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Posts onLinkedInare being  abused to post fake job listings on behalf of virtually any legitimate company,cybersecurityexperts have claimed.

Harman Singh, a security expert and managing consultant at security company Cyphere, shared details of the scams withBleepingComputer, noting that,“Anyone can post a job under a company’s LinkedIn account and it appears exactly the same as a job advertised by a company.”

There’s no dearth of fake LinkedIn job scams, but while these were orchestrated from fake recruiter accounts, Singh’s technique post the fake job on behalf of a genuine company, adding a whole new level of legitimacy to the scam.

Feature or faux pas?

To test Singh’s claims,BleepingComputerused a LinkedIn account unconnected with its website to advertise a fake job listing.

The listing didn’t identify who posted the job, making it appear as if it was posted byBleepingComputeritself. Furthermore, all applications sent in response to the fake listing, were sent to the non-BleepingComputer-owned email address.

Even more worryingly,BleepingComputerwas unable to take down the fake listing posted on behalf of the website, as the platform prevented it from exercising admin control on the content.

The only option for businesses to prevent others from fraudulently posting jobs on their behalf is to rope in LinkedIn.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“You can manually email to the LinkedIn trust and safety team to get those options enabled that allow you to block unauthorised posts, and only allow authorised team members to post jobs,” shared Singh.

A LinkedIn representative didn’t directly comment on Singh’s workaround, but shared the following statement withTechRadar Pro:

“Posting a fraudulent job is a clear violation of our terms of service. We use automated and manual defenses to detect any fake job posting and quickly take action to remove them. We’re constantly investing in new ways to improve detection, including providing tools for companies to require work email verification before posting to LinkedIn.”

ViaBleepingComputer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well