LEGALAUDIT

Scam Watch

Come riconoscere AI scaled spear phishing — LinkedIn scrape + per victim customisation?

In breve

Attacker scrapes 50k LinkedIn profiles, pipes each into an LLM with prompt 'write a credible recruiter outreach citing this person's last role and a fake job at their target company' — yields tens of thousands of unique, hyper tailored...

Come funziona

Attacker scrapes 50k LinkedIn profiles, pipes each into an LLM with prompt 'write a credible recruiter outreach citing this person's last role and a fake job at their target company' — yields tens of thousands of unique, hyper tailored...

Indicatori rossi

  • Pressione urgente a cliccare, pagare o condividere codici subito.
  • Link o mittente che non corrispondono all'organizzazione ufficiale.
  • Richiesta di carta, password, OTP, firma wallet o bonifico.

Cosa fare

  1. 1Tells: 1) recruiter email references YOUR specific past role and a plausible but non existent posting; 2) link leads to a job board lookalike domain capturing creds + 2FA push; 3) recruiter's LinkedIn was created <60 days ago; 4) follow ups are themselves LLM written and never reference earlier replies' specifics.
  2. 2DO: independently search the posted role on the company's official careers site; verify recruiter on official org chart.

Fonte

OpenAI-Threat-Disclosure

Fonte verificata da Mythos Forensic Team

https://openai.com/index/influence-and-cyber-operations-an-update/

FAQ

AI scaled spear phishing — LinkedIn scrape + per victim customisation e una truffa reale?

Si. Tratta messaggi, chiamate o richieste di pagamento come sospette finche non le verifichi da un canale ufficiale.

Quali sono i primi segnali?

Pressione urgente a cliccare, pagare o condividere codici subito.; Link o mittente che non corrispondono all'organizzazione ufficiale.; Richiesta di carta, password, OTP, firma wallet o bonifico.

Cosa devo fare subito?

Tells: 1) recruiter email references YOUR specific past role and a plausible but non existent posting; 2) link leads to a job board lookalike domain capturing creds + 2FA push; 3) recruiter's LinkedIn was created <60 days ago; 4) follow ups are themselves LLM written and never reference earlier replies' specifics.; DO: independently search the posted role on the company's official careers site; verify recruiter on official org chart.

LegalAudit puo controllare il mio caso?

Si. Apri la chat gratis e incolla messaggio, link, mittente o dati di pagamento per un triage.