Did some user contacted you on linkedin providing you a job? Did he sent you a document and asked you to check it for some information which includes signing in to some cloned site? Well then, what you are facing is called Phishing.
What is phishing?
Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.https://www.phishing.org/what-is-phishing
How are people targeted on Linkedin?
You are contacted by someone who is posing as a legitimate person on Linkedin. The user offers you a job or a gig with your prices. Since the user is paying your regular charges for the work, you think that the work is legitimate.
But little less you know that you’ll never receive any work. In fact, you are on the verge of losing your personal data including username and passwords.
How did I come across this phishing scam?
I’m a freelancer and I’ve shared my gigs on Linkedin for marketing purposes. I was contacted by a user who claimed to have work of around $100. This is a big amount if you are new in freelancing. You surely don’t want to lose such a client.
The message that I received was:
Hello friend, I see you have fiverr membership. I’m quite interested in patronizing your services. Can we discuss an urgent project I have? Kindly send me an email *********@protonmail.com for the blueprint copy because I’m not always on here. Best regards, Michelle.
Assuming that this was a legitimate job, I emailed her for the blueprint copy.
After waiting for around 3-4 hours, I received her reply.
I expected a blueprint in her reply. Little did I know what I was going into.
I was so manipulated into thinking that I’m receiving some work to do, I didn’t think of this email as a possibility that I’m being a target for phishing.
The reply was:
Thanks for the fast response. Please go through the link below to take a look at this Project Blue print.
The word PROJECT PLAN had a link pointing to some website.
When I clicked on the link, I was redirected to a cloned Google drive site. I was asked to sign in my Google Drive account. (You need to login to your Gmail account to access your Google drive. So, In this case, I was asked to enter my Gmail credentials.)
The site was perfectly cloned, trust me this is how the sign in page looked like. If you are in a hurry, you’ll never suspect that this is not your normal Gmail login page.
I entered my username and password and clicked on sign-in. But it showed incorrect login info. I had no idea of what work is in progress in the background.
I closed that tab and messaged her on Linkedin that I was unable to access the link that she sent me.
The spammer read the message but didn’t reply.
When did I realize I was a victim of a phishing scam?
2 hours after I attempted to sign in to the cloned site, I started receiving OTP on my registered mobile from Google. (Fortunately, I had enabled 2 factor authentication on my Gmail account.)
That was the moment I suspected what was happening. Good news is I didn’t panic. I immediately signed in to my Google account and changed my password.
I scanned my whole PC using the antivirus just in case.
Can you predict possible outcomes if I did not activate 2 factor authentication for my Gmail account?
Well, my email would be hacked. And the email I used to sign in was my primary email to Paypal, Payoneer, and many other financially important sites.
I would have lost everything, my money, my freelancing accounts for which I have worked hard for months and much more.
How to avoid getting trapped in a Linkedin phishing scam?
- Never ever click on any external links that you receive in your email.
- Enable 2 factor authentication on your Gmail and on every important site. Why on every site? So even if your email is compromised, the 2 factor authentication will make sure that other sites are not harmed.
- Use 2 gmail accounts for contacting potential clients who come through Linkedin, Facebook, or other social sites.
Follow above 3 steps and keep an eye out for scammers.
Stay safe! Signing off!!!