LinkedIn is now a hotbed for crypto scams? That's a twist I didn't see coming. As hackers adapt their elaborate tricks to this seemingly professional network, I can't help but think about how easily we could all lose our digital assets. Here's a rundown of what these cybercriminals are doing and how you might keep your online presence safe from their grasp. Because let’s be honest, we all want to avoid being the next victim.
What's Going Down on LinkedIn?
It appears that hackers are setting up shop on LinkedIn to target unsuspecting crypto enthusiasts. They’re taking the fight away from the usual places and into a realm where many of us might not expect to encounter such sophisticated attacks.
According to Taylor Monahan (known as Tayvano on X), a Web3 security expert, these hackers have begun using specialized social media propaganda to spread malware. After releasing it, victims often lose control of their devices, which then leads to being attacked for their digital wealth.
Monahan shared an insightful post on X, detailing the lengths these attackers go to and offering advice on how to protect yourself.
Social Engineering to the Next Level
These hackers apparently kick off their schemes by creating fake LinkedIn profiles that seem genuine. Then they impersonate well-known platforms as if they were recruiters. They begin to chat with their targets, aiming to gain their trust over time.
🚨 Heads up all—some dudes have a slick, new way of dropping some nasty malware.
Feels infostealer-y on the surface but…its not.🫠
It'll really, deeply rekt you.
Pls share this w/ your friends, devs, and multisig signers. Everyone needs to be careful + stay skeptical. 🙏
Once trust is established, they hit their targets with enticing job offers. This method seems to work particularly well for those who are actively job-hunting, but let's face it, who isn't looking for some side cash? They verify their employment opportunities using tools that many crypto companies use for interviews. They provide job descriptions and details, further deepening the deception.
Victims are asked to record and send their responses on a platform that the hackers navigate without using its video features, citing technical issues.
At this point, the scam kicks in. The hackers send their targets a link leading to harmful instructions. If the instructions are followed, the hackers gain access to the victim’s device.
A Cautionary Tale from Monahan
According to Monahan, once a user follows the hackers' instructions, they lose control of their device—regardless of what they’re using.
“If you follow their instructions, you are fcked. They vary depending on whether you are on Mac/Windows/Linux. But once you do it, Chrome will prompt you to update/restart to “fix the issue.” It’s not fixing the issue. It’s fully fcking you,” Monahan said.
We don’t have insight into the scale of the hack or how much they’ve raked in, but it’s similar to a past incident that hit employees of Ginco, a Japanese crypto firm. The company lost around $305 million due to similar social engineering tactics. Multiple organizations, including the FBI, were involved in the investigation.
While LinkedIn has made strides to weed out fake accounts, the issue has persisted. They claimed to have gotten rid of 80 million fake profiles in 2024. Their automated system is supposed to block most of these accounts as they’re created, but is that really enough?
A Larger Issue?
Let's not kid ourselves; crypto scams are everywhere on social media. Other platforms like Facebook, Twitter, and Instagram frequently face the same issue. The nature of these scams, which rely on building trust over time, makes them hard to spot.
Despite LinkedIn’s efforts, the platform is still a prime target for these refined scams. With criminals using social media propaganda and malware to target users, it's a game of cat and mouse where staying informed is key.
Educating Users
LinkedIn and similar platforms need to step up their game in educating users about common scams. Many scams originate on social media, where hackers create or hack profiles to promote pseudo-investment opportunities, often promising impossible returns.
Red Flags
Users should be made aware of red flags, like high-pressure tactics to invest quickly, promises of unusually high returns, and requests to move to a more secure conversation space.
Phishing Tactics
Users should also be educated on phishing and social engineering techniques, where scammers pose as legitimate entities or individuals to trick users into sharing sensitive information or transferring funds.
Reporting Mechanisms
The platform should provide clear mechanisms for reporting suspicious activities or scams, including fake profiles or fraudulent posts.
User Awareness
Finally, promoting user education through guides and safety tips, including skepticism towards crypto opportunities, is essential.
Compliance and Security
Ensuring compliance with regulations related to AML, CTF, and data protection, along with solid security measures like regular audits, can help keep users safe from crypto scams.
By taking all these steps, LinkedIn and other social media platforms can significantly heighten user awareness and protection against crypto scams.
Never Too Careful
While LinkedIn has put in some work to enhance security, including automated detection and removal of fake accounts, the evolving nature of crypto scams means no platform is entirely safe. Continuous user education, vigilance, and using additional security tools like password managers and antivirus software are essential to mitigate these risks.
Compared to other social media platforms, LinkedIn's security measures are solid, but the effectiveness ultimately depends on a mix of platform security, user awareness, and ongoing vigilance.
Stay informed and cautious—protect your digital assets from the lurking dangers of crypto scams on LinkedIn.
