TLDR
Attackers compromise legitimate LinkedIn recruiter accounts (often via session cookie theft from infostealer) to post fake jobs targeting devs / sales. Candidates do 'interviews' (sometimes deepfake), receive a malicious 'coding test' or...
How it works
Attackers compromise legitimate LinkedIn recruiter accounts (often via session cookie theft from infostealer) to post fake jobs targeting devs / sales. Candidates do 'interviews' (sometimes deepfake), receive a malicious 'coding test' or...
Red flags
- Urgent pressure to click, pay, or share codes immediately.
- A link or sender that does not match the official organization.
- Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What to do
- 1DO: verify the role on the company's official careers site; check the recruiter on the company's official org chart.
Source
LinkedIn-Threat-Report
Source reviewed by Mythos Forensic Team
https://www.linkedin.com/help/linkedin/answer/a1342402FAQ
Is LinkedIn recruiter account takeover for spear phish + fake job fraud a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What should I do first?
DO: verify the role on the company's official careers site; check the recruiter on the company's official org chart.
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.