Let's discuss a new phenomenon on LinkedIn - hackers are targeting finance executives with fictitious board member invitations (how nice of them!). While this may seem official; it is just a scam - a clever scam, but a scam.
It seems professional, the sender appears legitimate and the message is complimentary. However, the real problems arise once you click the link in the message.
You are redirected through a couple of websites and end up on a phony page that looks just like LinkedIn or Microsoft, and of course it instructs you to "log into view documents." The second you start typing your username and password - bingo! - the hackers have your login information.
• First of all, it's LinkedIn, not your email. People trust LinkedIn messages more than random emails.
• Then it appeals to the user's ego. Who wouldn't feel good receiving a "board invite"?
• It looks real. The fake pages look as polished as real ones. Even the most tech-savvy people can fall for this.
• Lastly, they use clever tech tricks. The attackers add fake CAPTCHA screens to avoid detection by security technology.
Let's face it — most finance executives are busy. When something sounds so enticing, it's not easy to stop and confirm the request.
They are not just targeting randomly; they are researching their targets. They are finding people who regularly get real invites to a board, and then wrapping something in that some whoever fits into that one person's world.
So, the next time that you receive that exciting "board invite" from a LinkedIn contact, simply take a brief moment to ask yourself, "Is this real, or is it too good to be true?"
Because sometimes a click can open the gate for hackers, and not your next career move.
What Is Going On?
Here is the trick. Some LinkedIn users are receiving messages that are extremely professional in appearance stating something like: "You are invited to join the Executive Board of a global investment group."It seems professional, the sender appears legitimate and the message is complimentary. However, the real problems arise once you click the link in the message.
You are redirected through a couple of websites and end up on a phony page that looks just like LinkedIn or Microsoft, and of course it instructs you to "log into view documents." The second you start typing your username and password - bingo! - the hackers have your login information.
Why Does This Work? Good question.
A few things contribute to the scam's success.• First of all, it's LinkedIn, not your email. People trust LinkedIn messages more than random emails.
• Then it appeals to the user's ego. Who wouldn't feel good receiving a "board invite"?
• It looks real. The fake pages look as polished as real ones. Even the most tech-savvy people can fall for this.
• Lastly, they use clever tech tricks. The attackers add fake CAPTCHA screens to avoid detection by security technology.
Let's face it — most finance executives are busy. When something sounds so enticing, it's not easy to stop and confirm the request.
Who It's Targeting
These scams are primarily targeting finance professionals and executives. These are the organizations' individuals with access to sensitive company information. The attackers want their credentials to steal money and facilitate a more significant cyber event later.They are not just targeting randomly; they are researching their targets. They are finding people who regularly get real invites to a board, and then wrapping something in that some whoever fits into that one person's world.
How To Protect Yourself
Here's what you can do to protect yourself (and perhaps your boss too) -- Check the profile of the person sending you the invite before you reply or click any links.
- Never log directly into links provided in messages, go to LinkedIn or Microsoft directly.
- Enable two-factor authentication (2FA) to assist with leakage of your password, you would be hacked.
- Please alert your team or staff of scams of this nature - increased awareness increases good use of everyone's time.
Final Thoughts
Be aware that, the scam is insidious because it seems both personal and professional. I have even had a few messages come to me in the past that were so prodigious it is still scary to even see these types of close encounters.So, the next time that you receive that exciting "board invite" from a LinkedIn contact, simply take a brief moment to ask yourself, "Is this real, or is it too good to be true?"
Because sometimes a click can open the gate for hackers, and not your next career move.
