LinkedIn jobs adverts targeted in new scam campaign

(Image credit: Shutterstock / Ink Drop)

Posts on LinkedIn are being  abused to post fake job listings on behalf of virtually any legitimate company, cybersecurity experts have claimed.

Harman Singh, a security expert and managing consultant at security company Cyphere, shared details of the scams with BleepingComputer, noting that, "Anyone can post a job under a company's LinkedIn account and it appears exactly the same as a job advertised by a company."

There’s no dearth of fake LinkedIn job scams, but while these were orchestrated from fake recruiter accounts, Singh’s technique post the fake job on behalf of a genuine company, adding a whole new level of legitimacy to the scam. 

Feature or faux pas?

To test Singh’s claims, BleepingComputer used a LinkedIn account unconnected with its website to advertise a fake job listing. 

The listing didn’t identify who posted the job, making it appear as if it was posted by BleepingComputer itself. Furthermore, all applications sent in response to the fake listing, were sent to the non-BleepingComputer-owned email address.

Even more worryingly, BleepingComputer was unable to take down the fake listing posted on behalf of the website, as the platform prevented it from exercising admin control on the content.

The only option for businesses to prevent others from fraudulently posting jobs on their behalf is to rope in LinkedIn.

"You can manually email to the LinkedIn trust and safety team to get those options enabled that allow you to block unauthorised posts, and only allow authorised team members to post jobs," shared Singh.

A LinkedIn representative didn't directly comment on Singh's workaround, but shared the following statement with TechRadar Pro:

"Posting a fraudulent job is a clear violation of our terms of service. We use automated and manual defenses to detect any fake job posting and quickly take action to remove them. We’re constantly investing in new ways to improve detection, including providing tools for companies to require work email verification before posting to LinkedIn."

Via BleepingComputer

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.