Bleeping Computer shares an unsettling flaw in Linkedin job postings that is ripe for social engineering tricks. Anyone can post a phony job listing as your company (except posing as Google). This is pretty scary as you can imagine the social engineering information pay day and phishing opportunities a fertile hacker mind can conjure up. So far, there is no fix. Probably a good idea for an organization’s recruiting departments and online social media experts to monitor until there is a fix. Attackers could phish the interested applicants or collect OSINT about former employers. Lots of crafty social engineering scenarios. Discuss it here on Hackbuster’s Forum.
[Read Here] (You can post LinkedIn jobs as almost ANY employer — so can attackers) and discuss here.
This week, Harman Singh, a security expert and managing consultant at Cyphere, shared a “feature” with BleepingComputer that was quite unsettling for him to come across.
“Anyone can post a job under a company’s LinkedIn account and it appears exactly the same as a job advertised by a company.”