LEGALAUDIT

Scam Watch

Comment reconnaitre AI scaled spear phishing — LinkedIn scrape + per victim customisation?

En bref

Attacker scrapes 50k LinkedIn profiles, pipes each into an LLM with prompt 'write a credible recruiter outreach citing this person's last role and a fake job at their target company' — yields tens of thousands of unique, hyper tailored...

Comment ca fonctionne

Attacker scrapes 50k LinkedIn profiles, pipes each into an LLM with prompt 'write a credible recruiter outreach citing this person's last role and a fake job at their target company' — yields tens of thousands of unique, hyper tailored...

Signaux d'alerte

  • Pression urgente pour cliquer, payer ou partager des codes immediatement.
  • Lien ou expediteur qui ne correspond pas a l'organisation officielle.
  • Demande de carte, mot de passe, OTP, signature wallet ou virement.

Que faire

  1. 1Tells: 1) recruiter email references YOUR specific past role and a plausible but non existent posting; 2) link leads to a job board lookalike domain capturing creds + 2FA push; 3) recruiter's LinkedIn was created <60 days ago; 4) follow ups are themselves LLM written and never reference earlier replies' specifics.
  2. 2DO: independently search the posted role on the company's official careers site; verify recruiter on official org chart.

Source

OpenAI-Threat-Disclosure

Source verifiee par Mythos Forensic Team

https://openai.com/index/influence-and-cyber-operations-an-update/

FAQ

AI scaled spear phishing — LinkedIn scrape + per victim customisation est une vraie arnaque ?

Oui. Traitez le message, l'appel ou la demande de paiement comme suspect jusqu'a verification via un canal officiel.

Quels sont les premiers signaux ?

Pression urgente pour cliquer, payer ou partager des codes immediatement.; Lien ou expediteur qui ne correspond pas a l'organisation officielle.; Demande de carte, mot de passe, OTP, signature wallet ou virement.

Que faire en premier ?

Tells: 1) recruiter email references YOUR specific past role and a plausible but non existent posting; 2) link leads to a job board lookalike domain capturing creds + 2FA push; 3) recruiter's LinkedIn was created <60 days ago; 4) follow ups are themselves LLM written and never reference earlier replies' specifics.; DO: independently search the posted role on the company's official careers site; verify recruiter on official org chart.

LegalAudit peut-il verifier mon cas ?

Oui. Lancez le chat gratuit et collez le message, le lien, l'expediteur ou les details de paiement.