Hackers from North Korea and Russia send messages on Linkedin and other platforms requesting targets to interview for interesting well paying roles. The points below provides some thoughts on how to filter out attacks from genuine roles.

  • Used your personal laptop, and not your work laptop.
  • Used www.scamadviser.com to check all of the URLs that were sent. Even if it looks like a well known URL, check it. URLs can look right but contain special çħaraçtèrs, and lead you to an attack website.
  • Linkedin profile:
    • When was the profile created? Next to “Messages”, click on “More”, and then “About this profile”. It is a big Red Flag if “Joined” is only a small number of months.
    • Is the profile detailed? Is there a long work history, with details of projects. Does the work history match that of a recruiter? What education do they have?
    • What is in “Contact info”? If this has information such as an email address, then it reduces the probability that it is a scam.
  • Do a Google image search of the Linkedin profile picture and the background image. If there are no matches for the images, then it is a Red Flag.
  • Do a web search based on their Linkedin profile handle (the bit of the URL towards the end. For me is peter-robinson-98a0061).
  • Use PimEyes.com to do a facial geometry match. This is likely to yield the person’s real name. Remember to use www.scamadviser.com before clicking on links from PimEyes’ search results!
  • Do a search for the recruiter’s whole name. If it doesn’t come up with any matches, it is a Big Red Flag. Almost everyone has a digital footprint.
  • I could have looked at the recruitment company’s website to see if they had an employee list or profile page, but didn’t do this. Note: use www.scamadviser.com to check this website before going to it!
  • If the name search doesn’t come up with anything, just do a search for the surname. This will give you an indication of which country the person could be from.
  • Any documents that you have to open: open them in Safari in Private Mode (assuming you usually use Google Chrome). This gives isolation between your normal web browsing and viewing this potential malware.
  • If the company has a bitbucket repo, and not a github repo, this is a huge Red Flag. The bitbucket repo likely contains malware that they want you to run on your laptop.
  • When looking at code in a repo, look at the commit history.Only having one commit is a Big Red Flag.
  • If the total package on offer was large, and there wasn’t much push back or discussion about the large amount of $, it is a Big Red Flag.
  • If you really want to protect yourself, do all of this in a virtual machine.