As the IT Administrator for my organization, I've recently been facing a serious issue with scammers. We've had several reports from individuals who received fake job offers supposedly from our company after they applied to our legitimate job postings on LinkedIn. The scammers are using email addresses that look similar to ours but aren't quite right and are reaching out to applicants, claiming they've been hired. This not only confuses the applicants but also harms our company's reputation. I'm trying to figure out how these scammers are accessing applicant data in the first place. Are they scraping LinkedIn? Is there a vulnerability in our job application process? Has anyone else dealt with this before? What measures have you taken to address or report this issue? Any insights into how they might be gathering this information would be greatly appreciated. Thanks!
5 Answers
Honestly, I'd say the best move is to consider deleting your LinkedIn accounts entirely. LinkedIn has a troubled history with security breaches, and it’s a goldmine for hackers. They scrape the site constantly, watching for job applications and updates from employees like, "I'm excited to be part of this company now!" That's a big red flag for scammers. I've seen phishing attempts hit people even before their official start dates because they changed their LinkedIn status and made their email easy to guess. You might want to look into strengthening your email filters too; the basic protections often aren’t enough to catch these impersonation attacks.
Make sure your LinkedIn business accounts are well protected. There’s valid use for them beyond just these scams. Also, keep a record of the email addresses scammers use and consider issuing takedown requests when you can.
It’s likely they’re already in your system. They might have phished your HR department or compromised an email account, allowing them access to applicant data. It’s crucial to check your systems for any breaches.
Absolutely, scraping LinkedIn is a real issue. A few months ago, we had a new user whose email alias was slightly off from what it should have been. He updated his LinkedIn profile right away, and before he even settled in, he received phishing emails supposedly from a "Board Member" at our company. Thankfully, our impersonation protection caught the emails, but it shows how persistent these scammers can be. I usually advise people to be cautious about putting too much personal info out there.
I've seen this problem too. A good tip is to include a clear notice in your job postings stating that any official communication will only come from your company’s official email domain. Link the domain right there to clarify for applicants who may get confused.
Totally agree! LinkedIn feels like a hacker buffet.