Fraudsters. Attack vector for IT professionals via LinkedIn

It seems that I have just experienced a new vector of attack on IT specialists. Why do I think it’s for IT people? Because through LinkedIn and, obviously, from IT people there is something to take.

Step 1. A person wrote to me on LinkedIn. He said that they were considering my former company as a potential partner. He asked if I knew the name boss and how the company was in general. I said that this person is known to me, and the company is honest. This is absolutely public information, available through sites like rusprofile.

What should have been done? Ignore. When a business chooses a counterparty, it is somehow doubtful that he will go to LinkedIn, which is blocked in the Russian Federation, in search of former employees. I'm the fool here.

Step 2. A month later, my former boss writes to me in TG. As it later turned out, a fake account with the same name and photos, but a slightly different username. And he tells a cool epic. Allegedly, the company was investigated by the FSB in the person of some captain. Allegedly regarding the drain of PD. And supposedly there are also questions for me (at the moment I have not worked for the company for 3 years). And don’t I know what’s the matter? Well, I'm saying that there was a strange conversation on linkedIn. The “boss” writes that the FSB will call you back now, but I didn’t tell you that much. I agreed.

What should have been done? Scroll through the list of contacts and see that I have as many as 2 former bosses. Well, remember about all these stories with FSB checks and also ignore them. The fool himself again.

Step 3. They're calling “from the FSB.” “Captain”, hereinafter K.

First, K says for a long time that times are hard and there are scammers all around and be careful. Next comes the topic.

K: Did you really work for the campaign name?

Me: Yes, I worked.

K: Do you know the boss?

Me: Yes, I know.

K: What can you say about the name chief?

Me: Nothing really. He is the general manager, I am the developer. We communicated extremely rarely.

And then the “captain” gets to the point. Allegedly, someone from the management or accounting department of the name company turned out to be a bad person, leaked my personal data and now there are suspicious financial activities on my behalf.

K: Do you know a certain Evil Snape?

Me: First time I hear it.

K: And this, by the way, is a former FSB officer from Primorye, who defected to the enemy’s side and is now fighting in one of the RDK units.

Me: Okay. I don't know him anyway.

K: But with the help of your leaked PD, a transfer of 500k rubles was made to this person through the bank. The transfer was stopped through the Central Bank. Since the transfer is on your behalf, you are suspected of treason.

Here, at the same time, it makes me shiver (well, it’s not every day that one is accused of treason) and comes to the understanding that a painfully familiar pattern is observed. I come to my senses.

Me: Which bank?

K: I don't know that. Central Bank employees will then contact you and tell you everything.

Me: Wait. Firstly, the Central Bank does not work with individuals. In general, Rosfinmonitoring monitors transfers. How come you don’t know the bank? If I come to the bank with a large sum and try to transfer it to the “wrong” account, then you at the FSB will know everything, right down to what clothes I was wearing at that moment. And you can’t even name the bank.

K moves away from the topic and starts asking again if I understand the essence of the accusations. I say it's clear. Allegedly a leak, supposedly a transfer, supposedly to a bad person.

K: Why do you always say “allegedly”? You do not trust me?

Me: Sorry, but I haven’t seen any documents. Apart from your words, I have no other information, so “allegedly”. Plus, you yourself first told me for a whole minute about scammers.

Next, K realizes his mistake with the bank and tries to find out which banks I use and which ones I’ve been to recently. And I didn’t go to any – I say. Then the conversation loops around one pattern. Do you understand what you are accused of? If you cooperate, we'll cover everything up. Why “supposedly” again? If you don’t cooperate, I won’t connect you with Central Bank employees. Yes, the Central Bank does not work with individuals, but this case is special. Yes, there are no documents yet, because… the case is under investigation.

Several times I ask the “captain” what he is getting at and what he actually wants from me. He starts again with his emotional baton about “do you understand what is treason?” In the end, I understand that it’s a scam and say that let’s wait for events to develop. I hang up.

Next, I finally figured out to look for the old contact of my former boss and found out that it was definitely a fake and a scam.

What should have been done? After the words about translation addressed to evil villains, fully recognize the pattern and end the conversation. Well, it’s not that I’m a fool, but I spent a little more time.

Conclusion. IT specialists are an extremely tasty morsel for scammers. And the famous Soviet poster “Don’t talk” is more relevant than ever.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *