The cybercriminals use a wide variety of methods to infiltrate devices of people for the purpose of steal information to generate profit; this time they are using Microsoft, the company of technology, which found through its Threat Intelligence Center (MSTIC) a new scam in Internet.
LinkedIn and the social engineering are the tools used to encourage the download of malware on people’s computers, who are attracted by job offers which turn out to be false.
A statement released by the company in which it talks about its discovery, indicates that the deception is particularly aimed at users with profiles dedicated to different work fields such as media, defense sectors, aerospace engineering and services of information technology (IT) in countries such as the United States, the United Kingdom, India and Russia.
As indicated in the document microsoftthe campaign began approximately in June of this year and generates work proposals that could seem real in the social network with the intention of establishing a level of trust with their victims, whom they convinced to generate a more direct connection through WhatsApp.
Once the contact has been initiated in a closer medium such as the application of instant messagingcybercriminals initiate the download of malware through the programs PuTTY, KiTTY, ThightVNC, Sumatra PDF Reader or muDFP/Subliminal Recording in the devices of the professionals.
In addition, it is claimed that this method has compromised the security of people linked to a wide variety of companies and work fields since its inception in the middle of this year. “This represents a great threat for the security of people and organizations from different regions of the world”, assured Microsoft.
The company also stated that the organization in charge of orchestrating these attacks is called ZINC. These cyber scammers aim to spy on users, steal their information, monetize and destroy their networks.
How the fake job offer scam works
The first step for cybercriminals is to build trust with users and make them believe that the job offer presented to them is real, creating false profiles of supposed recruiters. However, according to microsoftthose that were detected have been removed from the social network.
Once the trust of the victim has been gained and direct contact has been initiated through WhatsAppcybercriminals start with the infiltration of malicious software and the violation of the security people, so it is advisable to take precautions to avoid falling into tricks like this.
How to prevent cyber attack by malware
The best way to ensure accounts and the information is to take a preventive attitude and use a software specialized in detecting threats, such as a antivirus.
That is why it must distrust links sent from unknown accounts, recently created, with little or no activity on social networks or with few followers. It is very likely that these profiles are fake and want to contact the users to turn them into victims.
In the event that a close contact sends a unknown link, it is preferable to check if the person sent the link voluntarily and was not directed to share it by a third party. Also, you should ask what kind of Web page redirects and if it is trusted.
Turning on two-factor authentication is also a preventative measure, so if cybercriminals want to steal information from access to accounts in social networks or emails, you can reject a Login unwanted remotely.