UPDATE (1/7/2019): We have included an update to the blog as to recommendations if you find your job listings are inaccurate. Specifically, all companies with job openings in the US that involve locations or company names similar to those in Russia (i.e. Saint Petersburg, Moscow) should search the LinkedIn Jobs tab and input “Russian Federation” as the location.
Evolver, as part of our cybersecurity services we provide for our clients, monitors and evaluates social media to detect potential threats. This includes looking for impersonations that could be used in business compromised emails, account takeover and social engineering.
Jobs are being posted for Russia that are not jobs in Russia or were ever intended to be jobs in Russia.
In conducting this work, we discovered a major issue with LinkedIn that could represent a major brand protection and potentially a cyber issue for companies around the world. The issue is that jobs are being posted for Russia that are not jobs in Russia or were ever intended to be jobs in Russia. In some cases, companies are being changed or intermingled with Russian companies and translated into Russian.
How pervasive is this? Evolver has discovered numerous organizations where this has happened, including traditional U.S. companies such as Dollar Tree. The following screenshot shows the LinkedIn page for Dollar Tree jobs in the Russia Federation.
Research indicates that these positions are actually in Saint Petersburg, FL. The problems are not just with location, we also discovered company names being intermingled with Russian company names.
Our initial concern was that this may be a form of social engineering or malware delivery that could put companies at risk. Another possibility is that the issue is a software issue with LinkedIn and associated providers. This also could be a form of click fraud that is running up click totals for payment.
Research by Evolver indicates that the source of the job postings is from a number of contributing job sites. A review of several of these sites indicates they are viable U.S. based organizations. Additionally, the jobs posted on these sites that match the LinkedIn sites appear to be correct in their posting. The issue may be a software issue between LinkedIn and these sites. The actual cause of the issue, however, is still under investigation.
We recommend all companies review job postings on LinkedIn to see if this situation exists for your company. Additionally, if you are in a situation where there is payment based on click-throughs, check to see if any of the responses have come from Russia or other unlikely candidate source.
The close connection between social media and cyber threat activity should be a critical element of any company cyber program. If you would like more information on how to incorporate this element into your cyber program, please contact us.
UPDATE: Companies and entities are encouraged to verify that their job postings on LinkedIn are legitimate and that they are not paying for false postings that have locations in Russia (or elsewhere).
You should work with an account representative at LinkedIn to ensure that you are not or have not been billed for these erroneous job postings. If your company has a LinkedIn Account Representative, you can work with them to resolve the issue, in some cases within 24 hours.
However, not every company has a dedicated Account Representative for LinkedIn. Here are three steps to take if you discover an erroneous and/or malicious attempt to divert job applicants:
♦ Email abuse@linkedin.com and include all relevant information, including link to the false job posting. Note that LinkedIn might not reply back to you, but in previously observed cases, the content was taken down within 2-3 weeks.
♦ Go to the false posting and next to the job title, click on the additional options, revealing a drop down menu showing “Report This Job.” A dialog window will appear with options. Report the posting as “I think it’s spam or a scam” or “I think something is broken or incorrect,” depending on what your intelligence indicates. This could still take more than 1-3 weeks to resolve.
♦ Follow this link https://help.linkedin.com/app/ask/path/nofp to directly contact LinkedIn. This requires details about the false or inaccurate LinkedIn job posting, such as the URL and how you know that the job posting is false. Whenever prompted for attachments, you should attach screen shots of the content.
As we continue to look into the possible causes and intent behind the false or inaccurate job postings, we intend for LinkedIn to become aware of a potential systemic issue.
