A new LinkedIn-based malware campaign, using the fake identity of an attractive female recruiter, has been discovered just as a gang of UK fraudsters have been sentenced to up to seven years for a similar scam.
The latest job ad attack was discovered last week by Bitdefender security specialist Bianca Stanescu, who confirmed these types of malware campaigns “have now intensified”. It uses the bogus profile of recruiter ‘Annabella Erica', complete with a stock photo, placed on authentic LinkedIn groups such as Global Jobs Network.
“By using a picture of a beautiful young woman, they get a bigger response – from men and women too,” Stanescu said.
The campaign lures job seekers to click on an authentic-looking employment website, allowing the criminals to gather email addresses and passwords that can be used for identity theft.
The scam seeks people who can speak English and one other language, so mainly targets LinkedIn users in the UK, US and other English-speaking countries. There are around 13 million registered LinkedIn users in the UK.
The scam is very similar to one that was recently cracked by the UK's National Crime Agency, resulting in the convictions of six people at the Old Bailey last week.
The south London-based gang were convicted of stealing thousands of pounds from job hunters using fake online adverts for companies including Harrods and Argos.
They targeted people looking for work on internet sites such as Gumtree and Blue Arrow. Respondents to their fake adverts were emailed a link asking them to complete an online application form. Those people who clicked on the link inadvertently downloaded malware which recorded their keystrokes and captured their financial and personal data.
Last Thursday (14 November) Adjibola Akinlabi, Damilare Oduwole and Michael Awosile were each jailed for seven years, Tyrone Ellis to four-and-a-half years, Temitope Araoye to two years and Nadine Windley was sentenced to 12 months suspended for two years.
They were convicted for conspiracy to defraud following an investigation started by the Met Police's eCrime Unit and concluded by the new National Crime Agency's National Cyber Crime Unit.
The NCA said mobile phone and online chat records showed the gang had made more than £300,000 from the fraud, but officers believe the real figure could be more than £1 million.
Bianca Stanescu outlined some ways job seekers can spot these “increasingly prevalent” malware campaigns.
The photos used may be stock ones, so by searching in Google images you will see if the picture has already appeared elsewhere.
The fake employment website may well be registered on a reputable .com or .co.uk domain but Stanescu said the LinkedIn profile of the recruiter may be minimally filled in with relatively few connections. She also advised people to look out for grammatical errors and “rhythmic names” like Sam Smith.
Commenting on last week's convictions, the NCA's lead cyber officer on the case, Frank Tutty, told SCMagazineUK.com that he was happy with the sentence handed down by the court today, commenting: “This organised criminal network preyed on people seeking employment, and it's quite right they received a custodial sentence.”
One of the group, Nadine Windley, had also pleaded guilty to using her position as an employee of Santander Bank to provide the others with customer account data.
Santander Bank said in an emailed comment to SCMgazineUK.com: “Santander takes fraud perpetrated by people, including staff, extremely seriously. We will always report such incidents to the relevant authorities and fully co-operate in any investigation. If a customer is ever a victim of fraud due to no fault of their own, Santander will ensure they do not lose out financially, and that all relevant credit records are corrected.”
Tutty added: “I would like to thank Harrods, Gumtree and Santander for their assistance in this long and complex investigation."