Every organization is aware of the potential dangers of opening emails and clicking on forwarded links. Where this awareness has been established for users of e-mail and web pages after years of awareness training, this awareness appears to be less present when using social media. That is a shame, cybercriminals seize their opportunity.
Companies and employees generally use one social media platform often: Linkedin. Especially the HR department of organizations can often be found on Linkedin. A cyber criminal can pose as a recruiter in order to penetrate another company or person. By first establishing contact via a well-known and professional platform such as Linkedin, a fake bond of trust is created. The employee often opens documents without thinking about it and then often does not even know that he has infected his own network and that of his organization.
See below the three most used tricks of cybercriminals:
1. Fake Recruiter
The cybercriminal poses as a recruiter and contacts an employee for an attractive vacancy. Incidentally, the cybercriminal is savvy enough to actually use open functions. After contact has been made, the cybercriminal forwards documents that look like job descriptions to the employee. The moment the employee opens the documents, the damage has been done and he has infected his own network and possibly also the network of the organization where he works. Because the cybercriminal uses good-looking documents and keeps the conversation going normally, the employee often does not even realize this.
2. Respond to job openings
Many companies have an open vacancy outstanding. Especially in the current time, organizations have long been happy with a response. The enclosed CV is often opened immediately. Cybercriminals know this and send an infected document.
3. Business proposal
LinkedIn is a business social media platform for professionals, so a lot of digital material is exchanged to trade. If the profile does not seem fake at first glance, it is a logical thought to open an enclosed proposal/offer. It’s not difficult to build a legitimate-looking profile for a cybercriminal. The professional character of Linkedin then does the rest and a confidential feeling is created.
