Millions of people use online job boards such as LinkedIn and Indeed to network, look for their next opportunity, hire people, and stay current with their industry. Online scammers know this, and prey on people using what’s known in the information security industry as “social engineering.”
If you’ve been a victim of job layoffs during COVID-19, or if you’re simply looking for a career change, then you are probably using LinkedIn and other career search and networking websites as part of your search. Don’t let your guard down when it comes to trusting these sites with your information. Be smart about what you’re sharing.
Here are six cybersecurity tips from Sean O’Keefe, Information Security Analyst, and Dwight Evans, Information Security Officers at Maxim Healthcare.
1. Don’t trust messages from people you don’t know.
You’re searching jobs on LinkedIn, and you receive a message from a friendly looking person wanting to connect with you. You rack your brain, but can’t think of where you might know this person. He doesn’t have any mutual connections. But, he seems to know you, and a connection could lead to an opportunity, so what’s the harm?
According to experts, this is a common tactic that attackers use to get information. “Cyber criminals use LinkedIn as a means to learn about their targets,” says Dwight Evans. Healthcare is one of the most targeted industries because scammers can use private health information to rip off people for money or for additional information for a larger scam.
2. The higher up in a company you are, the more vulnerable you are to online scams.
“This is what’s known as whaling,” says Sean O’Keefe. C-suite employees at an organization are frequent targets of this type of social engineering. Whaling is a highly targeted phishing attack aimed at senior leaders disguised as a legitimate email or message. The goal of whaling is to commit digital fraud. Through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds.
Cyber criminals are looking for in-depth personally identifying information, or PII. These include a person’s address, Social Security Number, and other sensitive information. Whaling is about gathering more information to see if it can be valuable.
3. Hiring managers and recruiters: Think twice before you download that resume.
Cyber criminals know that people post their resumes in Word and PDF formats on platforms like CareerBuilder and craigslist. They have been known to pose as job seekers on career sites. When an employer downloads and opens the file, it may have malware and/or viruses embedded that could infect your computer.
4. Don’t accept a connection request from someone you’ve never met.
“If you have a name of someone asking to connect, stop and think, have I met them? Do you know that the person is really who they say they are?” advises Evans. A lot of people secure their LinkedIn profiles by only allowing their connections to view their phone number, email, for example. Scammers know this, and so they pose as colleagues so that you’ll accept and connect. From there, they gain access to everything you let your connections see about you.
5. There are ways to spot a fake profile.
Here are some tell-tale signs that a job board profile might be a fake:
- The person’s name is in ALL CAPS or things are spelled wrong.
- They have zero or very few connections.
- You share no professional interests or mutual connections.
- The account was created recently, as in within the last few months.
- The person is what society would consider very handsome or beautiful. You can do a reverse image search on Google to check if the photo is a fake.
6. Here’s what to do if you think you’ve become a victim to online scammers.
If you think you’ve been a victim of a cybercrime at work, contact your company’s information security office immediately. If you’re at home, report cybercrime to your local law enforcement, just as you would any other type of crime. Depending on the specific incident, there are a number of additional steps you should take. Visit the National Cybersecurity Alliance’s Stay Safe Online website for easy-to-follow steps and resources.
Do yourself a favor and manage your preferences on LinkedIn to make sure you’re comfortable with what information about you is available. Also, review your list of connections to make sure you don’t have any posers. “You may be an open book, but it only takes 30 seconds to improve your information security and protect yourself from fraud,” says O’Keefe.
Looking for a career change? Let Maxim connect you to the work you love.