Anyone Can Post Job Listings on Linkedin As Your Company And Gather Information For Social Engineering Attacks

Bleeping Computer shares an unsettling flaw in Linkedin job postings that is ripe for social engineering tricks. Anyone can post a phony job listing as your company (except posing as Google). This is pretty scary as you can imagine the social engineering information pay day and phishing opportunities a fertile hacker mind can conjure up. So far, there is no fix. Probably a good idea for an organization’s recruiting departments and online social media experts to monitor until there is a fix. Attackers could phish the interested applicants or collect OSINT about former employers. Lots of crafty social engineering scenarios. Discuss it here on Hackbuster’s Forum.

[Read Here] (You can post LinkedIn jobs as almost ANY employer — so can attackers) and discuss here.

Blockquote

This week, Harman Singh, a security expert and managing consultant at Cyphere, shared a “feature” with BleepingComputer that was quite unsettling for him to come across.

“Anyone can post a job under a company’s LinkedIn account and it appears exactly the same as a job advertised by a company.”

Blockquote


Privacy Policy | Terms of Service