There have already been several cyber security companies that have warned users about the dangers LinkedIn If they are not careful with their personal information and what they post on their profiles. This is because the platform for some time It has become one of the favorite sites for cybercriminals to scam people and steal their data.

Jose Rossel, director of S2 Grupo, explains that “the goal of cybercrimes is always the same: to obtain money or Get data because information is worth a lot of money. Many people believe that phishing can only happen with impersonating emails and malicious links, but this is not the case. It has become more sophisticated and we are also finding cases of phishing on LinkedIn.”

The company also reports that there are several cybercrime groups that use well-known professional networking platforms to first reach out to potential victims, such as well-known Lazarus is one of those criminal organizations that tend to “cast their bait on LinkedIn.” In addition, it not only tries to falsify and steal user data, but also conducts cyber-espionage campaigns on the social network.

These are the 4 steps attackers use:

1. Observe the target

As a first step, cybercriminals get an idea of ​​the users they plan to attack, studying their profile and behavior in the network, The information they keep public, the content they share, the contacts they interact with, and what they like or react to.

2. The first approach

After following the person, they will now create the best way to contact them in the first place, probably They will look for a “pretext” related to the interests of the potential victim to ensure that the approach is successful for them.

3. Gain confidence

This is the moment when criminals make the most effort, because they need to keep the attention of customers in the conversation they started and gain their trust. So usually Adopt the image of a legitimate entity or pass yourself off as a very professional organization offering a variety of services such as courses, However, in reality this company does not exist.

4. “The Final Blow”

Infobae defined the last step with this name, the cyber security company called it “delivery”, but in the end they describe the same thing because This is the moment when cybercriminals finally launch their attack and the victim has nothing to do.

They have already contacted him, sent him a message with a supposedly very interesting offer on behalf of a reliable company, even talked to him Now that they have gained your trust, they will send you a link and invite you to open it because it contains important information.

Once this link sent by cybercriminals is opened, there are two attack possibilities, on the one hand This may be a typical form for filling in personal data, In this way, criminals retain valuable information that they can use to extort a person later.

But the worst case scenario is if that hyperlink turns out to be a hidden malware Also referred to as RAT, which is a Software that can take full control of a computer and perform spying and system monitoring activities.

Continue reading: