Security News > 2021 > August > You can post LinkedIn jobs as almost ANY employer — so can attackers

You can post LinkedIn jobs as almost ANY employer — so can attackers
2021-08-19 16:52

"Anyone can post a job under a company's LinkedIn account and it appears exactly the same as a job advertised by a company."

If Google's LinkedIn company page is vulnerable, we will be able to post a job on their behalf and add some parameters to redirect applicants to a new website where we can harvest and what not usual tricks of social engineering," Singh further told BleepingComputer.

In 2019, although LinkedIn did release a blog post with some tips on spotting and avoiding common job scams, it falls short of addressing the particular issue described here.

"Posting fake content, misinformation and fraudulent jobs are clear violations of our terms of service. Before jobs are posted, we use automated and manual defences to detect and address fake accounts or suspected fraud."

Until there is a more permanent solution, LinkedIn users and employers should report suspicious job listings as spam or scam for review by LinkedIn.

Update 9:42 PM ET: Changed headline to convey one can post jobs for 'almost' any employer, based on our test with certain employers, that didn't succeed due to the workarounds listed above.


News URL

https://www.bleepingcomputer.com/news/security/you-can-post-linkedin-jobs-as-almost-any-employer-so-can-attackers/