LinkedIn Social Engineering: Protecting Your Staff from Fake Recruitment Scams

It starts with a polished approach on LinkedIn — a well-built profile, a credible company name, and a message about an exciting opportunity that matches your role perfectly. The recruiter is friendly, professional, and seems legitimate.

Then comes the push off-platform. They want to move to WhatsApp, Telegram, or email. This is where the official-looking correspondence begins — assessment documents, interview packs, or onboarding materials that are actually malware delivery vehicles.

The pivot comes fast: requests for money (background check fees, equipment deposits), sensitive information (ID documents, bank details for direct deposit setup), or account access (verification codes, login credentials). The pressure never lets up — there's always a deadline, always urgency.

In the job posting: Vague role descriptions, salaries that seem too good, company profiles with little history or few employees listed, and no verifiable job listing on the company's actual careers page.

In the recruiter's behavior: Pushing conversations off LinkedIn quickly, using free email addresses instead of corporate ones, inability to do a video call, and reluctance to share specific details about the role or team.

Hard-stop requests that should end the conversation immediately: Any request for money — period. Requests for government ID, bank details, or verification codes. Asks to install software, download files, or visit unfamiliar links. Requests to share non-public company information from your current employer.

Train your team on four simple rules: Slow down — legitimate recruiters will never pressure you with artificial deadlines. Verify officially — look up the company's careers page and contact them directly. Stay on-platform — real recruiters can conduct the entire initial process on LinkedIn. Treat money and code requests as hard stops — no legitimate employer asks for payment or verification codes during recruitment.

These aren't complex security protocols. They're simple habits that make social engineering attacks dramatically less effective. Share them in your next team meeting — it takes five minutes and could prevent a serious incident.