Proceed with Caution!
Scammers will try to take advantage on any platform. Today I was approached by someone via LinkedIn who appeared bona fide and legitimate. But from experience with similar sorts of approaches via email, a few things began to stand out as red flags.
I’m glad this was so because it turned out to be a hoax/scammer approach. He sent me a file to open, and the file was suspiciously intended to be opened on desktop.
How easy is it to be “hooked” into opening files? Well, the idea was to read the file and then prep for a Zoom meeting. So what then happens when they talk you into opening a file?
The zip file is deliberately password-protected – because antivirus programs can’t scan inside password-protected files (since they don’t have the password). When you unzip the folder with the password you see images and what appears to be a PDF. But it isn’t a PDF. It is a type of script. And once you click on the “PDF” – there is suddenly a job in task manager that is running on your desktop.
In my situation, the guy seemed to know that I hadn’t opened the file properly. Possibly because I might’ve had to ask for another password; or he wasn’t able to get remote access to my desktop; or I had not responded to a possible ransomware request.
Whatever the reason, the biggest concern is that it came from the networking environment, which you assume to be safe so it’s easy be far less alert to these kinds of scams.
I share the above to encourage you to be vigilant when it comes to these kinds of scams on all kinds of platforms, and especially from sources that you assume to be trustworthy.
