CNBC – SAN FRANCISCO — Fraudsters who exploit LinkedIn to lure users into cryptocurrency investment schemes pose a “significant threat” to the platform and consumers, according to Sean Ragan, the FBI’s special agent in charge of the San Francisco and Sacramento, California, field offices.
“It’s a significant threat,” Ragan said in an exclusive interview. “This type of fraudulent activity is significant, and there are many potential victims, and there are many past and current victims.”
The scheme works like this: A fraudster posing as a professional creates a fake profile and reaches out to a LinkedIn user. The scammer starts with small talk over LinkedIn messaging, and eventually offers to help the victim make money through a crypto investment. Victims interviewed by CNBC say since LinkedIn is a trusted platform for business networking, they tend to believe the investments are legitimate.
Typically, the fraudster directs the user to a legitimate investment platform for crypto, but after gaining their trust over several months, tells them to move the investment to a site controlled by the fraudster. The funds are then drained from the account.
While LinkedIn is the preeminent business networking tool for professionals, buyers, sellers and marketers alike, the biographic data and context rich information can be an attractive target for modern sophisticated threat actors. A fake profile that is designed to mature over time is seemingly indistinguishable from a legitimate one. The perceived legitimacy of such profiles can increase virally once connections start to be established and proliferated with legitimate identities.
“Like with most complex matters, common sense is the best policy. Just like in real life, don’t accept connections from people you don’t know. Legitimate outreach has tools like InMail and referrals at their disposal that most respectable businesses and professionals utilize. Cross referencing a prospective connection against other data sources or checking with a common connection as well as just asking some pointed questions can help quickly identify questionable requests. Trust your judgement and when in doubt don’t connect!