HA few months ago, we told you about the cyber-attacks and scams that were flooding LinkedIn, from ponzi schemes to fake notification emails. However, a few weeks ago, a new scam has spread through this professional network. Now, from fake profiles —quite credible, by the way— we are offered a collaboration on a project or a job opportunity. So far so good, but what’s the problem? Be careful with the files they send us, especially the SCRs!

Nueva estafa en LinkedIn

 

 

What is their modus operandi?

  1. They send you an InMail message asking for your help for an interesting project related to your speciality.
  2. They give you valuable information about the offer so that you can trust it: budget, salary, objectives and working time.
  3. They insist on the need to start as soon as possible, as you are the most qualified person for the job.
  4. Finally, they inform you that they will share with you a 10 MB .RAR file with the details of the project.

 

Beware, this is where the danger begins

When you unzip the file, you will see that there are several documents, including a file with an icon similar to the PowerPoint icon.

But be careful, although it has that image, the file extension is SCR. If you run this script, it will inject a Trojan into your device and steal all your information.

 

Que es un SCR

 

 

What is an SCR file?

SCRs are binary files that store executable code for desktop screen savers.

These files are script files, i.e. something easy to run in a Windows environment, usually simple plain text instructions with little weight.

 

Remember, always be suspicious and do not open
or download files from unknown senders.

To protect ourselves from these scams and cyber-attacks, as LinkedIn users, we should exercise caution when interacting with unsolicited messages and emails. In addition, it is important to verify the authenticity of any job offer before providing personal information. Always check the sender’s email address and company domain to ensure they are legitimate.

It is also advisable to enable two-factor authentication on our LinkedIn account and keep our systems and software up to date to avoid known security vulnerabilities. If we suspect that we have been the victim of a scam or cyberattack on LinkedIn, we should inform the platform and change all our passwords immediately.

In summary, it is important to be aware of cyber-attacks and scams that may affect LinkedIn users. By following the security measures mentioned above, we can significantly reduce the risk of falling victim to these online threats and protect our personal information.