Kaspersky experts warn against a new wave of phishing scams on LinkedIn targeting people in the Middle East, Turkiye, Africa (META) region, with the promise of a dream job. Specifically, cybercriminals focus on users from the UAE, Turkiye and Nigeria.
High-end fashion brands are facing a concerning trend where cybercriminals pretend to be HR managers, aiming to deceive victims into downloading fraudulent files. Their ultimate goal is to steal credentials for Facebook Business accounts and use them for financial gain by running ads.
Professionals working in digital marketing and sales are particularly vulnerable to this scam. The scammers take an active approach, reaching out to potential victims on LinkedIn and offering enticing salary packages for supposed job positions.
Kaspersky experts conducted an investigation and discovered that the scammers utilized a malware called Ducktail to infiltrate devices. Ducktail is specifically designed to pilfer user logins and passwords for Facebook Business accounts, employing stealthy techniques to remain undetected.
This scam is primarily targeting the META region, with notable detections in the UAE, Turkey, Iraq, Nigeria, and Lebanon.
One victim, Hiba Safadi, a Marketing Manager from the UAE, shared her experience to raise awareness about this ongoing scam. She recounts how the recruiter’s initial contact seemed genuine, with an authentic-looking LinkedIn profile. However, as the conversation progressed, the recruiter persistently insisted on downloading certain files related to the job, raising suspicions for Hiba.
Amin Hasbini, Head of Global Research and Analysis Team (GReAT) for META at Kaspersky, warns that this resurgence of the Ducktail malware is not surprising. He explains that scammers often employ social engineering tactics, such as enticing individuals with dream job offers and attractive salaries. They can impersonate corporate addresses or use compromised accounts, free email services, or phishing domains to communicate. Hasbini emphasizes the importance of remaining cautious, researching employers, utilizing security solutions, and refraining from clicking on links or downloading attachments from unknown or suspicious sources.
To protect employees and organizations with social media business accounts from falling victim to this scam, Kaspersky provides the following recommendations:
- Restrict access to and establish rules for the usage of social media business accounts.
- Create strong and unique passwords, avoiding reuse across different websites.
- Implement two-factor authentication to enhance the security of online business accounts.
- Ensure that BYOD (Bring Your Own Device) devices are adequately protected.
- Install a reliable security solution on personal devices.
- Refrain from accessing business accounts through personal devices.
- Avoid accessing business accounts via public Wi-Fi networks.
Leave a comment