LinkedIn users have been warned of phishing scams targeting individuals in Nigeria and across the Middle East, Turkey and Africa (META) region, according to Kaspersky. 

The cybersecurity company warns that cybercriminals are posing as HR managers from high-end fashion brands, enticing victims with the promise of a dream job. 

The scammers, Kaspersky says, primarily focus on users from Nigeria, the United Arab Emirates (UAE) and Turkey. Their ultimate goal is to steal credentials for Facebook Business accounts and exploit them for financial gain.

The scam primarily targets professionals working in the field of digital marketing and sales. The perpetrators initiate contact with their potential victims on LinkedIn, highlighting a lucrative salary package for an enticing job role. After gaining the victim’s interest, the scammers then proceed to share a malicious link, persuading the candidates to download job-related documents from a cloud storage platform. Unknown to the victims, these files contain malware designed to infiltrate their devices, the cybersecurity company says.

Upon investigation, cybersecurity experts at Kaspersky discovered that the scammers were using a malware variant called Ducktail. This malicious software is specifically designed to pilfer user logins and passwords for Facebook Business accounts, using stealthy techniques to evade detection. The scam has been predominantly observed in the META region, with notable detections in the UAE, Turkiye, Iraq, Nigeria, and Lebanon, according to the tech security company.

Hiba Safadi, a Marketing Manager from the UAE, shared her experience to raise awareness about this ongoing scam. “When the recruiter contacted me,”Safadi says, “I was intrigued. To verify his authenticity, I checked his LinkedIn profile, which appeared genuine with a profile picture and testimonials. However, as our conversation progressed, he insisted on downloading certain files related to the job, and that’s when I sensed something was amiss. His repeated emphasis on the salary package only served as a further red flag.”

Amin Hasbini, Kaspersky Head of Global Research and Analysis Team (GReAT) for META, while commenting on the scam, says that, “this is not the first time Ducktail malware has resurfaced. Tempting individuals with a dream job and an attractive salary is a classic example of a social engineering tactic frequently employed by scammers. They are adept at communicating through accounts that appear corporate but are actually compromised, or by using free email services and phishing domains. While it can be challenging to remain constantly vigilant, it is crucial to exercise caution and adopt basic security measures. This includes understanding how recruiters found you, researching the employer, having a security solution installed, and, most importantly, refraining from clicking on links or downloading attachments from unknown or suspicious senders.”

How to avoid LinkedIn job scams

To protect employees and organisations with social media business accounts from falling victim to this scam, Kaspersky recommends implementing the following measures:

1. Restrict access and establish rules for the use of social media business accounts.
2. Create a strong password and refrain from using the same password for other websites.
3. Companies should use two factor authentication to safeguard online business accounts.
4. Companies should ensure BYOD devices are also protected.
5. Ensure you have a security solution on your personal devices.
6. Do not access business accounts through a personal device.
7. Avoid accessing business accounts via public Wi-Fi.

By implementing these precautionary measures, individuals and organisations can reduce the risk of falling prey to this job scam and safeguard their online presence from malicious cyberattacks, Kaspersky says.