SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Innotec Security on avoiding social network job scams
Mon, 13th Nov 2023

Increasing usage of social networks and the trust they engender, especially in the context of job searching platforms, amplifies the risks of online scams. Understanding the tactics of cybercriminals operating in this domain is essential to protect oneself from becoming a victim. Professionals from Innotec Security, part of Accenture, have shared some advice on how to accomplish this.

The surge in social networks' popularity in recent years has triggered a corresponding rise in the number of attempts to defraud specific employment platforms. Cyber-attackers are exploiting these job search platforms, viewing them as a fertile hunting ground for potential scam victims. This malicious activity is reported to be increasing at a steady pace.

In strictly professional communities, it is not uncommon for an unknown individual to reach out to a user on behalf of a legitimate-sounding organisation. This creates a false sense of trust which the cybercriminals exploit to succeed in their fraudulent pursuits.

Raquel Puebla and Itxaso Reboleiro, cyberintelligence analysts at Innotec Security, part of Accenture, provide some valuable advice on avoiding falling prey to these nefarious activities. Users must maintain a healthy level of scepticism especially when it comes to job offers requesting personal or financial information. Users should also be wary of messages encouraging clicks on suspicious links, or suggesting downloads from unknown sources.

The legitimacy of the company listed in the alleged job offer should be confirmed. Any company unknown, or with a very small number of employees on professional networking sites, may be considered suspicious. Furthermore, the supposed employer's profile could contain warning signs such as, lack of an image, a recent creation date, absence of verifications and engagement from other personnel and undeclared publications for their company's benefit.

When assessing the job positions on offer, be suspicious of positions with minimal entry requirements and abnormally high salaries.

Should a user suspect they have been targeted by an employment scam, the consequent actions will depend on the type of personal information exposed to third parties explains Puebla and Reboleiro. If personal or professional data has been compromised, the concerned organisation should be informed immediately. If any of the compromised data is financial, the bank needs to be informed promptly so that they can take the necessary precautions.

In case of a possible cybersecurity breach, it is also highly recommended to get in touch with cybersecurity specialists, especially if the victim's computer has been infected and could potentially harbour malicious code. Should the computer system discovery reveal the presence of malware, such as stealer, keylogger, spyware or similar, it is strongly recommended to change all credentials that have been used on the computer since the compromise.