
Fake LinkedIn Notification Steals personal Information
Note: We may earn a commission from products or services when you click on a link and make a purchase.
A LinkedIn impersonation scam is making the rounds online. Cybercriminals are attempting to steal highly sensitive personal information from LinkedIn users.
In this scam, cybercriminals send a phishing email that impersonates a LinkedIn notification. Messaging in the phishing email informs the user there has been a policy change on LinkedIn that affects them. The email contains an attachment that supposedly contains information about the changes.
This LinkedIn impersonation scam uses a convincing web page designed to look like it is an official LinkedIn page.
The subject line says, “Changes that affect you.”
The victim is encouraged to open an email attachment to read the policy change.
RELATED READ Iranian Hackers Impersonating Journalists on LinkedIn, WhatsApp
The email attachment is a file with the name “PolicyChange2845.”
“…in this attack, attackers rely on the reputability and trust bestowed in social media and networking platforms, such as LinkedIn,” says cyber security researchers from Abnormal Security who discovered the attack.
If the victim is tricked by the LinkedIn phishing scam and opens the email attachment, they are redirected to a spoofed LinkedIn web form. The form impersonates LinkedIn using the company’s logo and familiar blue color scheme.
The use of the logo in color scheme makes it look almost identical to any form that would appear on the official LinkedIn site.
The fake LinkedIn form prompts the reader to enter in their full name, Social Security number, birthdate, and drivers’ license number.
If the victim his tricked by this LinkedIn impersonation scam and enters their sensitive information in the web form, their response is sent directly to the cybercriminals. This leaves them vulnerable to future phishing scams and identity theft.
Both of these schemes can result in financial losses.
How to Avoid a LinkedIn Impersonation Scam
- Never click on a link in an email link, even when you think it is official communications sent by a company that you shop from or otherwise do business with.
- To read notifications visit the company’s official website. Log into your account and read the notifications from there
- Use an antivirus app to help detect phishing emails and harmful web pages. Cybercriminals frequently use fake web pages that look exactly like legitimate corporate sites
- Use a virtual private network (VPN) like Ivacy VPN to help protect your sensitive information
- Don’t email sensitive documents that contain information like government ID numbers, birth dates, or copies of your identification