LinkedIn is potentially being used as a medium for cybercriminals to connect with victims, posing as any employer they want to. With lax verification around what company is offering a given job on LinkedIn, attackers are seeing an opportunity to create fake job postings for malicious purposes.
Threat actors can now impersonate being part of a legitimate company when posting a job; this approach is a highly powerful social engineering tactic being used in recent times. Since LinkedIn is a well established site that potential candidates often use, it creates a perfect cyber-storm for cybercriminals. Security researchers have even walked through the posting process to confirm there is no need to validate the company one is purported to work for. On the flip side, the victim may feel that they are initiating the connection and are invested in following the process through to completion, without sensing any threat.
To learn more about cybercriminals using LinkedIn for attacks, and how to protect against social media phishing, visit here.