I Talked to Cybersecurity Experts After These LinkedIn Scams Almost Fooled Me

No matter where you hang out online, social media is riddled with scammers looking for targets to swindle or con you out of your cash. 

But on LinkedIn, it can be especially tricky to weed out wrongdoers because they can be disguised as career opportunities. 

I’ve had more than a few fake job recruiters contact me — some through LinkedIn, and some, I suspect, by finding me on LinkedIn and then reaching out to me over email.

These days, scammers are using AI to write convincing and highly detailed business propositions. Sometimes, they’re very persuasive. But you can keep yourself safer if you look for the red flags.

My encounter with scammers on LinkedIn 

I recently had a “job recruiter” contact me, asking if I’d be interested in working on an aerospace writing project. That was a little suspicious as I have no experience writing about aerospace.

Secondly, the job recruiter had three followers. Surely a recruiter, even if it was her first day on the job, would have a little more of a presence on LinkedIn. But if you don’t know what to look for, you might get fooled.  

My next experience was when a “book marketer” approached me about publicizing a book I wrote in 2007 — C.C. Pyle’s Amazing Foot Race. The pitch: I should pony up $399 to have this person market my book. The email was detailed, but it was nothing that AI couldn’t have written. Sure enough, when I searched for the publicist, his LinkedIn page showed up on Google, but then I clicked on it and found that LinkedIn had removed his page.

To help me dodge future headaches like these, I asked two cybersecurity experts for advice on how to spot, report and protect yourself from these types of scams.  

Common LinkedIn scams and how to spot them

The fake Job

How it works: You could get approached by a fake job recruiter or you apply for a fake job posting that looks legitimate. It might promise excellent pay for hours that are too good to be true. That’s because it is.

Red flags: Mark Anthony Dyson, author of the newsletter, “The Job Scam Report,” says to look for misspelled URLs. These might lead you to a rogue site where the link could contain malware. Malare can infect your device and then be used to steal your personal information.

Try using the website WhoIs.com, Dyson says. Type in the URL of a job posting, and you’ll be able to verify that the URL belongs to a real company and not an unknown entity or person.

Dyson also says to look out for fake recruiters who communicate through text and quickly ask for your personal information. The safest course of action is to apply for a job through its company’s website.

Phishing scams

How it works: Phishing over LinkedIn is the same principle as email phishing. This time the con artist is sending you a message through LinkedIn, hoping you’ll click on the bad link — or that you’ll reply and believe whoever you’re talking to is a legitimate, reputable person.

What can be especially tricky is that “these scams can be timed to target victims,” says Tony Anscombe, the chief security evangelist at ESET, a global cybersecurity vendor based out of San Diego.

Anscombe says that during the holidays, when people are shopping online, “phishing email or SMS messages claiming to be from delivery companies are not out of context when they land in the inbox. If enough information in the message sounds feasible, then the victim may assume the message is authentic and click the link.”

And it’s not just during the holiday season. For instance, around tax filing season, Anscombe says that you can expect phishing messages over LinkedIn (or through texts and emails) about your taxes.

Red flags: If there’s no photo on the LinkedIn profile or the individual has very few followers or connections, those can be red flags. Don’t count on bad grammar and spelling errors in the message, because criminals are polishing up their language. “The concept of spotting grammatical mistakes is no longer a protection mechanism as freely available AI tools will correct grammar and make content look realistic,” Anscombe says.

A lack of details in the LinkedIn message you receive can be a red flag. For instance, the scammer may say that they want to meet with you, without explaining why.

Fake profiles and catfishing

How it works: Essentially, this is when a criminal puts up a fake profile so they can start scamming. From there, they may use their profile as a way to send out phishing emails to potential victims.

They might also simply reach out to potential victims and try to establish a rapport, to build trust, so they can eventually “hire” an employee or talk the person into “investing” in their company. Some scammers have even used LinkedIn as a vehicle to meet and “romance” victims, a practice known as catfishing or pig butchering.

Red flags: Just like the other scams, seeing few to no followers on a LinkedIn profile can be a red flag. While everybody new to LinkedIn starts off with few to no followers, most people are going to start adding people quickly, even if it’s just their friends and family members.

No posts, little activity, little profile information and no photo are all possible hints, and you should proceed with caution. 

Sometimes criminals will hijack an existing, legitimate LinkedIn profile and then send phishing emails. You really want to be careful about clicking on any link or sharing personal information with people, even close colleagues, unless you’re certain you know who you’re dealing with. You can always reach out to them directly if you get a message that’s unexpected or otherwise suspicious.

Investment and crypto Scams

How it works: You meet somebody on LinkedIn, talk about cryptocurrency and before long, you’re investing in whatever cryptocoin the scammer has you excited about. But instead of investing, you’re accidentally giving your money to a criminal. 

Red flags: Your newfound friend wants you to move the conversation somewhere else, like an encrypted messaging app, where there won’t be as much of a paper trail. Often these messages aren’t saved, making it harder for law enforcement to later look for clues as to where the criminal is.

If you get any pressure to invest in anything — especially cryptocurrency — that’s a bad sign. If you’re being pressured to invest on a financial website that you’re unfamiliar with or looks shady, consider that a flashing neon red sign.

Advance fee scams

How it works: If you’ve ever heard from an alleged Nigerian prince, you’re familiar with these scams. These are scams where, if you fall for it, you’ll pay the scammer a small but still significant amount of money to access much more money. Maybe it’s an “attorney” who says you’ve got a $50,000 inheritance from a long-lost relative you’ve never met. All you need to do is first pay the $500 attorney fee to get your $50,000.

Naturally, you’ll need to hand over your checking account number so they can make a direct deposit.

Red flags: Sometimes good things happen, and in rare cases you may need to pay money for it to happen, though such fees are usually deducted from the windfall. 

But when somebody reaches out to you, even if it sounds believable, if you have to pay money to get money, it’s almost certainly a scam. And if it involves you paying money to get a job, don’t believe it.

“Legitimate recruiters do not request money for any part of the job interview or hiring process,” Dyson says. Paying money to purchase equipment for the job is also a hard no, according to Dyson.

Consulting fee scam

How it works: There are a lot of legitimate consultants on LinkedIn looking for clients. That’s why scammers will reach out and offer people help with their resume or updating their LinkedIn profile to better attract recruiters and employers. Of course, if you pay a scammer, you’ll never receive the services you were promised.

“Scammers are bold and savvy marketers,” Dyson says. “I checked their profile and looked at the comment section, only to see that they’d commented the same thing as a dozen other people,” Dyson says.

Red flags: If the consultant is always too busy to speak on the phone or they’re promising a lot, tread lightly. A big red flag is not being able to find information about them online, outside of LinkedIn. 

Whether you pay a fake consultant money or a real consultant without much presence, there isn’t much difference — you almost certainly won’t get the results you want. It’s best to use consultants you trust and who have a reputation. If somebody has referred you to that consultant, even better.

How to protect yourself from LinkedIn scams

There are several strategies you can take to protect yourself from LinkedIn scams.

• Verify the sender: This is a must. If someone writes to you on LinkedIn, check out their profile — but also cast a net across the internet to see what comes up. Even if the sender’s LinkedIn profile is legitimate; if you’re going to do some business with them, you want to know something about them.
• Verify the information on the company’s official website: If a contact from a big or small brand has reached out to you with some exciting big break, via a text or email, that’s wonderful — but go independently to the website and look and see if that contact is actually listed or the job is posted in the company’s career section. Maybe even pick up the phone and see if you can reach a live human who might be able to confirm that contact works there or the opportunity is available.
• Don’t pay upfront: As a general rule, do not pay anyone upfront. If someone does ask you for upfront payment, verify with other sources that it’s a legitimate case — in most cases, it won’t be.
• Keep conversations on the original platform (initially): Be wary of connections who immediately try to move your conversation to an informal, unmonitored platform like WhatsApp and Telegram, or possibly a personal email. If it’s a scammer, they want to get you away from websites where there may be a paper trail that law enforcement can use later. 
• Don’t include highly sensitive personal information on your profile: Nobody should put their full home address on their LinkedIn page, and obviously no national ID numbers, like your Social Security number or driver’s license, should go on LinkedIn.
• Consider enrolling in ID theft prevention services: If you’re worried that you could be a victim of identity theft, and let’s face it, we’re all at risk, you could consider paying for a service to reduce your risk. Identity theft services can offer credit monitoring and alerts (if somebody does use your credit or debit card without your knowing) as well as dark web monitoring, high-risk transaction monitoring, public records monitoring, credit freezes and locks, financial account alerts, post-fraud assistance, identity restoration services and even identity theft insurance. CNET tests and reviews the best identity theft protection services.  
• Be cynical: It’s great if your worldview is optimistic. The world needs optimists. But when it comes to messages over LinkedIn or any social media site, or any email or text, it can pay off to be cynical. “Take the view that nothing is real and treat every message as though it is fake. This zero-trust attitude means clicking no links in email and messages,” Anscombe says.

What to do if you spot a scam

If you suddenly realize that you are, indeed, about to become a victim of a LinkedIn scam, here are a few pieces of advice.

• If the scam has escalated to where you’re on the phone with a scammer, and you realize this is a con, no need to say another word. Hang up immediately.
• If you’re even remotely suspicious, do not click on links or attachments from strangers on LinkedIn.
• Report the profile or message to LinkedIn immediately using their reporting tools. There’s a form where you can report a scam to LinkedIn.
• If you think you’ve fallen for a scam or are a victim of identity fraud or theft, immediately report your case to the FTC. 
• If you’ve shared personal information with a potential scammer, immediately change your passwords and monitor your financial accounts. You also may want to alert your bank or credit card provider so they can be on guard as well.