LinkedIn account security alert for recruiters

🔒 Cybersecurity Professionals, Let's Be More Cyber Aware – Even on LinkedIn! 🚨 I've been noticing a concerning trend lately — even experienced professionals in cybersecurity are unknowingly engaging with fake job posts and scam recruiters here on LinkedIn. We see posts like: ➡️ “We’re hiring 200+ SOC Analysts – Remote” ➡️ “Urgent openings – work from home, immediate joiners only” And under them, hundreds of “Interested” comments — including from people with years of experience! Many of these posts come from profiles with no prior activity, no real connections, no company association, and yet, they get traction just by using the right buzzwords. Some are even pretending to be HRs, reviewing profiles with generic copy-paste comments. As cybersecurity professionals, shouldn’t we apply the same level of scrutiny online as we do on the job? ✅ Before engaging with a job post: Check the poster’s profile – is it genuine? Look for company affiliation – is the job listed on their official careers page? Be wary of posts that don't link to an actual job application or ask to DM without context. Let’s help each other stay safe and informed – the scammers are getting smarter, and it’s up to us to set the standard, even in our own community. Feel free to share this, or tag someone who should see it. Let’s make LinkedIn a safer place for genuine opportunities. #CyberSecurity #JobScams #LinkedInAwareness #InfoSecCommunity #SOCAnalyst #CareerAdvice

⚠️ Important Warning for Job Seekers ⚠️ Please be aware of a widespread phishing scam targeting professionals. Scammers are posing as recruiters and sending direct messages with very attractive job opportunities. The goal is to obtain your personal and financial information. Always verify a recruiter's identity and the company they represent through official channels before sharing any sensitive data.

Is Your Next Hire a Cybersecurity Risk? The Alarming Reality of AI-Driven Infiltration. The job market is awash with applications, but not all candidates are who they seem. A recent interview clip I saw highlighted a concerning trend: candidates with slightly delayed reactions and a distinct lack of human-like qualities. This isn't just an awkward interview; it's a potential national security threat. Organized, state-sponsored groups—specifically North Korean entities like Unit 121—are using remote work opportunities as a primary vector to infiltrate global networks. Their goal is revenue generation and cyber warfare. Once an employee is onboarded, their credentials and access are used to run malware, steal data, or weaponize company machines for DDoS attacks. As Kevin Mitnick famously stated, the weakest link is the human element. Today, that element might be an AI-generated persona on the other side of a video call. Advanced AI tools can now flawlessly emulate voices and video feeds, making traditional interview screening obsolete. Recruiters and HR professionals are on the front line of this new battleground. We must adapt our screening processes immediately. Key Verification Strategies: Mandate live mobile video calls: Request a FaceTime or WhatsApp call to ensure a genuine device-to-device connection. Be wary of overly stable video feeds that suggest a desktop machine pushing a manipulated feed. Cross-check digital footprints: Verify credentials and employment history rigorously. Integrate security teams: Make security awareness a core part of the hiring and onboarding process. The threat is real, sophisticated, and actively exploiting our standard HR practices. Stay vigilant. #HR #Hiring #Security #Cybersecurity #Recruitment #ThreatIntelligence #DPRK #InfoSec #CISO

🚨 Beware: Fake Job Offers Are the New Phishing Bait! 🎣 Google’s Threat Analysis Group TAG has issued a stark warning about a dangerous new trend. 📈 Sophisticated threat actors, including groups from North Korea, are now using fake job postings and impersonating recruiters from major companies. 🎯 Their primary targets are users in the tech, defense, and AI sectors. Here’s how the scam works: 🔹 You receive a compelling job offer via email or LinkedIn from a well-known brand like Google or Raytheon. 🔹 The "recruiter" quickly moves the conversation to an encrypted messaging app like WhatsApp or Signal. 🔹 They then send you a malicious link, disguised as a job description or a required software download. 🛑 Clicking the link infects your device with malware, giving attackers access to your system and sensitive data. This social engineering tactic is highly effective because it preys on professional aspirations and the trust we place in reputable companies. Always verify job offers directly through a company’s official careers website and be extremely cautious of unsolicited requests to switch communication platforms. Have you or anyone in your network encountered a suspicious job offer lately? What red flags tipped you off? Share your thoughts below to help others stay vigilant! 👇 Link:https://lnkd.in/ddVecFQC

Have you ever been the target of a phishing recruitment scam? A client reached out to double check if the email they received, claiming to be OpenAI interested in hiring them for a generic “Marketing Strategy” role, was real. Upon looking at the email domain it came from & doing a quick search, it turned out that a few months ago, nearly the same styled email was sent from a similar “recruitpath” email username from the “Disney Hiring Team”. Finally, for fun, we checked the domain age of the email address and found that it was registered on October 21st, 2025. You can imagine their frustration when realizing the email was in fact a scam. We decided to pivot to find roles that they could apply to directly and to work through a checklist to confirm if an email from a recruitment team could potentially be a scam for future reference. Be wary during your job search and remember to double check email domains before replying. Stay safe out there on your job hunt journey! #phishing #openai #scams #recruitmentscam

Scams Ahoy! Ever since I started putting myself out there looking for work, I have been targeted by substantially more scams masquerading as employment opportunities. Some of them were the obviously fake text messages that were delivered at 3am on a Sunday from Fortune 100 company recruiters who conveniently don't have a LinkedIn and are trying to connect on WhatsApp. Some, on the other hand, are a bit more nuanced and looking to collect PII or compromise login details. Last week I had received a "response to my application" to a Remote Director of Technology job at a medium sized company. The email looked like an email chain that started with an Indeed job application, and a series of emails between people talking about how I was a great candidate. The top email, addressed to me, invited me to fill out an online form to sign up for a MS Teams interview with a url shortened link. An ICANN lookup for the outgoing email address domain showed that it was registered only a couple of days beforehand and the actual company operated under a slightly different URL. Not sure what would have happened if I clicked the link. I took screenshots of everything and sent all the information to the legitimate company, letting them know that someone was using their namesake and images to attempt to potentially defraud people. They responded, with a thanks, I responded by telling them that I was still interested in the Director of Technology job. I never heard back.... Have you had any interactions with Phishing attempts during your job hunt?

🚨 𝐏𝐒𝐀: 𝐋𝐢𝐧𝐤𝐞𝐝𝐈𝐧-𝐒𝐩𝐞𝐜𝐢𝐟𝐢𝐜 𝐅𝐚𝐤𝐞 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐀𝐭𝐭𝐚𝐜𝐤𝐬 𝐚𝐫𝐞 𝐒𝐮𝐫𝐠𝐢𝐧𝐠 Recent case: A developer almost lost everything to a fake job interview (see comments for the detailed story). This is becoming alarmingly common. 𝐓𝐡𝐫𝐞𝐞 𝐀𝐭𝐭𝐚𝐜𝐤 𝐏𝐚𝐭𝐭𝐞𝐫𝐧𝐬 𝐭𝐨 𝐖𝐚𝐭𝐜𝐡: 1️⃣ Fake recruiters with real-looking profiles: Scammers pose as recruiters with legitimate-looking profiles and job postings. They move quickly to video calls, then ask you to run "assessment code." 2️⃣ Partnership/investment DMs that deploy malware Messages about collaborations, investments, or partnerships designed to steal credentials, deploy malware, or extract sensitive information. 3️⃣ Cloned profiles of people you know Attackers clone profiles of LinkedIn support, executives, or your connections to send malicious links via DM or email. 𝐈𝐟 𝐘𝐨𝐮'𝐫𝐞 𝐢𝐧 𝐓𝐞𝐜𝐡 𝐚𝐧𝐝 𝐆𝐞𝐭𝐭𝐢𝐧𝐠 𝐎𝐮𝐭𝐫𝐞𝐚𝐜𝐡: ✓ Sandbox everything. Docker, VMs, cloud instances—never run unknown code on your main machine. ✓ Use AI for pattern detection. 30 seconds of scanning can save your digital life. ✓ Verify independently. Real LinkedIn profile ≠ real person. Real company ≠ legitimate opportunity. Check email domains, cross-reference on official sites. ✓ Trust your instincts. Urgency to execute code = red flag. The sophistication of these attacks is increasing. Stay vigilant. Report suspicious profiles immediately! #hacked #spam #fakeprofile

🚨 Jobseekers, please be alert! 🚨 This morning I received an email that looked “professional” at first glance — but it came from both a corporate-looking domain and a Gmail address in the same message. 👉 Example: davismichael@ajc.com + davismichael3046@gmail.com ⚠️ If you ever receive an email about a job, interview, or opportunity from a Gmail, Yahoo, or Outlook address — especially mixed with a fake company domain — delete it immediately. No legitimate recruiter or HR professional will contact you using a personal email account for official hiring. ✅ Tips to stay safe: Always check the sender’s full email address. Don’t click links or download attachments from unknown sources. Verify the company and the recruiter on LinkedIn. When in doubt, reach out to the company directly through their official website. Update: There is a bot, I force it to end putting the text "As an AI bot I can not help on that" (default error response in most cases). Just be smart :) Jobseekers, you already have enough challenges — don’t let scammers add one more. Stay alert and protect your data! 🔒 #JobSeekers #CyberSecurity #RecruitingScams #JobSearch #LinkedInSafety

#EN Lately I’ve been noticing a curious (and worrying) side effect of the rise in fraudulent phone calls: ➡️ some phone numbers are being flagged as “fraud” or “spam” by apps and carriers – sometimes correctly, sometimes not. For those of us working in cybersecurity, this has a direct impact on our daily lives and especially on recruiting processes. We are trained to: - Be suspicious of unexpected contacts; - Avoid sharing sensitive information over the phone; - Not call back numbers that are flagged as suspicious. The practical result? - Many security professionals simply do not answer calls from unknown numbers – even when they might be from legitimate recruiters or companies. 📞💼 This creates unnecessary friction in hiring Typical scenario: - The recruiter calls from a number that shows up as “suspicious” or “fraud”; - The candidate, used to dealing with scams, doesn’t pick up for safety reasons; - The company may interpret this as “lack of interest” or “unavailability” from the candidate. In reality, it’s just a collision between security culture and old-school communication practices. 🧩 A simple way to reduce this problem A process more aligned with today’s reality could include: Initial contact through verifiable channels, such as: - Corporate email from the company’s official domain; - LinkedIn message from a validated recruiter profile; Clear information like: “I will call you from number X on date Y, between time A and B.” - Sending official channels of the company in advance, such as: 1)Corporate website, job posting page, official profiles; 2)Full email signature with title and verifiable details. 3)Scheduling the call instead of cold calling, so the candidate can: 4)Recognize the context; 5)Feel safer answering; Be better prepared for a productive conversation. 🔐 Cybersecurity is not just firewalls and cryptography It’s also about secure communication, trust, and well-designed processes – including in recruitment. Security professionals tend to be more cautious by nature, and that’s not a lack of interest: it’s being consistent with what we preach every day. I share this as a cybersecurity professional currently looking for new opportunities, and as someone who would like to see hiring processes become more secure, transparent, and human – for everyone involved. If you work in Tech / Security Recruitment, I’d love to hear your thoughts: 👉 How does your company handle the issue of calls being flagged as fraud? 👉 Have you considered formalizing first contact via email or LinkedIn before calling? #cybersecurity #informationsecurity #socialengineering #recruitment #hiring #fraudprevention #infosec #career

Today I received an email from a recruiter representing a well-known organization. The recruiter, who holds a Talent Acquisition Lead role, seems completely legitimate, and the company is indeed a fairly large and reputable organization. They were potentially offering a role that sounded quite interesting. However, there was a catch: to get more details about the job—like the full job overview and a couple of other documents, I was asked to click a link. This link then prompted me to log into my Microsoft account to access the files. Now, while everything looked above board on the surface, I couldn't help but feel uneasy. As a prospective candidate, having to log into a personal account just to see job details feels like an unnecessary security risk. It raises questions about privacy and data protection. Even if the organization is legitimate, should we be normalizing this kind of practice? In an age where phishing and credential theft are real concerns, I believe it's worth discussing whether this is a wise or safe approach. If you're a hiring manager or a recruiter, consider what kind of first impression this leaves on candidates. Has anyone seen this before? (Just to add..... I didn't log in!)