Protecting Yourself from LinkedIn Scams: How to Stay Safe in the Web3 Era
Platforms such as LinkedIn offer professionals a useful place to network, look for work, and build business relationships in today’s connected world. But with the advent of Web3 technologies and the ongoing evolution of the digital landscape, scams aimed at LinkedIn users are getting more complex and widespread…
Authors: Ustas.eth ; Officercia.eth
So, today, me and Ustas.eth will tell you about one of the various scams you may encounter while looking for job at LinkedIn! This article also aims to shed light on the recent LinkedIn scams and provide essential tips to help you stay protected in this new era of decentralized applications and smart contracts.
Photo by Gabriel Varaljay on Unsplash
Let’s get started!
LinkedIn Scam Flow
Scammers first have a brief conversation about the project before sending a link to an archive of a repository:
Because job scams are usually more simple and hackers usually just send a malicious exe file, the victim usually does not suspect anything suspicious:
After receiving a file from the attacker and conducting a quick search of the public and source folders, “next.setup.js” proved to be one of the more intriguing files. It’s obfuscated:
Luckily (for us 😅) Ustas.eth had some experience with de-obfuscation before, so he beautified it via:
Unfortunately, it didn’t decode the strings, so Ustas.eth wrote a tiny script for this purpose, that’s the output:
From this point, we think the purpose of the file is pretty obvious. In order to trigger it, a dev has to install deps with yarn or npm, and run yarn start (for example):
sqlite3 child_process crypto exec request platform tmpdir homedir hostname type dirname get writeFileSync /client /.npl existsSync /store.node accessSync Default Profile /AppData/Local/Microsoft/Edge/User Data Windows_NT SELECT * FROM logins Local State aes-256-gcm origin_url username_value password_value CryptUnprotectData createDecipheriv readFile copyFile Login Data os_crypt encrypted_key Database latin1 U: W: P: unlink utf-8 filename multi_file formData url options value readdirSync statSync isDirectory /Library/Application Support/Google/Chrome /.config/google-chrome /AppData/Local/Google/Chrome/User Data /Library/Application Support/BraveSoftware/Brave-Browser /.config/BraveSoftware/Brave-Browser /AppData/Local/BraveSoftware/Brave-Browser/User Data /Library/Application Support/com.operasoftware.Opera /.config/opera /AppData/Roaming/Opera Software/Opera Stable/User Data Local Extension Settings .log .ldb solana_id.txt nkbihfbeogaeaoehlefnkodbefgpgknn ibnejdfjmmkpcnlpebklmnkoeoihofec ejbalbakoplchlghecdalmeeeajnimhm fhbohimaelbohpjbbldcngcnapndodjp bfnaelmomeimhlpmgjnjophhpkkoljpa hnfanknocfeofbddgcijnmhnfnkdnaad fnjhmkhhmkbjkkabndcnnogagogbneec aeachknmefphepccionboohckonoeemg hifafgmccdpekplomjjkcfgodnhcellj createReadStream /uploads /.config/solana/id.json /keys python p.zi /pdown renameSync rename rmSync tar -xf curl -Lo \.pyp\python.exe p2.zip /node/ path post ������輼♦️�̸������ U↓X[NIt’s also possible that it’s downloading something else via python, as there’s a p2.zip name (see above).
Here is a source file (do not install!):
- drive.google.com/file/d/1ONFrT9BHvtZVoTZEcVTodbQvNMmEuZj2/view?usp=sharing
This, in our opinion, looks quite similar to this attack that Lazarus Group is currently running, but this time the quality of the attack was lower, the script starts collecting data directly, without a loader:
We have reported this incident to the support team and hope that appropriate action will be taken:
Attacks Protections
Scammers’ attempts to take advantage of unsuspecting users have grown more crafty as Web3 technologies gain traction. LinkedIn is one such site where fraudulent activity has increased.
We also promised to talk about recent LinkedIn scams and offer helpful advice on how to avoid falling victim to these kinds of attacks in this article…
So, a few remarks regarding security:
If you work with files — use dangerzone.rocks or analogs like Any.Run or one of these:
-
PayloadsAllThePDFs
-
Entrusted
Below, I would also like to make a gallery of tips that you could explore in your spare time and increase your level of security. The idiom “Forewarned is forearmed” has never yet, in my memory, misfired:
-
Ask everyone who writes to you to upload files in preview mode. Use a separate device for work and try to use a device with QubeOS!
-
Use sandboxing — like sanboxie and VM.
-
Strengthen security of your Web3 wallet as well — install web3antirus.io right now!
-
If you work a lot with files, particularly PDFs, you can use these protective measures or dangerzone.rocks !
-
While you may be wary of third parties trying to steal your information, you should also watch out for insider threats , such as negligent employees and disgruntled workers.
-
We recommend that you follow these 25 rules to safeguard yourself from scammers!
The main goal is to convert a possibly infected PDF to pixels and vice versa. Even with all of the above, always work from a separate computer and virtual machine sandbox !
Scammers often create fake LinkedIn profiles to establish a false sense of trust. Here are some indicators to look out for:
-
Incomplete or poorly written profiles: Genuine professionals usually have detailed and polished profiles.
-
Inconsistent or stolen profile pictures.
-
Limited connections and lack of endorsements or recommendations.
-
Profiles with generic job titles and ambiguous descriptions.
-
Profiles that claim to work for well-known companies, but lack verification.
Many LinkedIn scams involve fake job offers or investment opportunities. Protect yourself by:
-
Being skeptical of jobs that offer unrealistic salaries or promise easy money for minimal effort.
-
Researching the company and the recruiter independently before providing any personal information or making financial transactions.
-
Verifying job offers by directly contacting the company’s official email or phone number, rather than trusting details provided on LinkedIn.
While LinkedIn remains a vital platform for professional networking, it’s crucial to remain vigilant against potential scams. Key strategies to guard against LinkedIn scams include recognizing fake profiles, spotting phishing attempts, being wary of connection requests, being skeptical of job offers, and strengthening account security.
By following these tips, you can navigate the platform safely, allowing you to focus on building meaningful professional relationships!
Staying Safe In Web3
As we navigate the Web3 era, it is crucial to adapt to the evolving threat landscape and protect ourselves from LinkedIn scams. By understanding the risks, recognizing the various types of scams, and implementing the suggested tips, you can fortify your defenses and maintain a secure online presence:
As a digital nomad, owning cryptocurrency offers mobility, flexibility , and financial independence, but it also introduces significant security risks. By implementing the suggested measures and utilizing recommended devices, digital nomads can mitigate these risks and ensure the safety of their cryptocurrency holdings and personal information.
Authors: Ustas.eth ; Officercia.eth
Furthermore, embracing Web3 innovations that offer enhanced security can provide additional layers of protection, facilitating safer interactions within professional networks. By working together, we can strengthen the digital ecosystem and move toward a time when fewer scams occur and genuine connections on sites like LinkedIn are able to grow!
Stay Safe!
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
USDC Treasury destroys 50 million USDCs on Ethereum chain
Worldcoin launches new World ID Passport credential
Japan's new Prime Minister reorganizes Web3 and cryptocurrency policy-making departments