2025 has brought new types of social media threats that use different methods of online deception. However, the main change has been the volume of threats and quality of the interactions and wording used — often powered by various AI tools.
But before I provide examples and solutions, make no mistake, the threat is very real — even for experts who claim to know better. More importantly, the impacts can be huge, from financial mistakes to foreign nations gaining access to your organization to become insider threats.
Consider these headlines:
IT Pro: North Korean IT workers: The growing threat — “In the U.S. such cases are already racking up, with the attorney’s office of Columbia recently stating that more than 300 companies had been affected by scams of this kind, at a cost of $17m.”
Side note from Dan: I have heard of several state and local governments around the country who have been victims of this fake worker or impersonation scam.
Tech Xplore: Research reveals how fake social media accounts could be the cause of serious security breaches — “New research led by the University of Portsmouth has found that fake social media profiles, particularly LinkedIn accounts, are a leading cause of security breaches among professionals.
"Published in the Security Journal, the paper gathered data from 2,000 participants who use social media for career-related purposes and focused on economic espionage— the illegal act of stealing an organization’s secrets for financial or other malicious purposes. Companies, government agencies and universities are all under attack by hostile state actors.”
LinkedIn: Want a job? Don’t fall for those text scams.
NDTV: Rent LinkedIn Account, Earn Money: New Internet Scam Unfolds — “The woman said she was asked if she would 'rent' her LinkedIn account for a specified time in exchange for monetary compensation.”
WHY CHANGE NOW?
Gone are the days of staff easily detecting phishing emails that contained spelling mistakes, poor formatting that looked strange and unprofessional and/or topics that had nothing to do with their professional role or duties. We've dealt with those over the past two decades, and to a large extent, organizational anti-phishing and anti-spam tools have curtailed their effectiveness by marking emails with warnings of untrusted sources, putting them in spam folders, or disabling links or other dangerous threats.
This new generation of online scams can now come at us via social media accounts like LinkedIn and Facebook. Also, texts arrive on our cellphones that threaten civil penalties, offer jobs or ask us to deliver funds to needy families.
For example: In the past week I have received three job offers from unknown LinkedIn contacts who were able to send me targeted messages because they were Premium LinkedIn members. These individuals “wanted my services for lucrative opportunities from a wealthy foreign CEO who needed a USA partner like me to help for only a few hours a week.” The pay was outstanding (even excessive, which was a clue). But beyond the professionally written offer, the person sending me the messages had fewer than four LinkedIn connections on their profile — which gave them away as frauds in all three cases.
In other situations, I have been offered money to fill out surveys, be a consultant for $500-plus an hour and other similar roles. I have learned that all of these are a huge waste of time, and I do not even consider these unsolicited requests for many of the reasons listed below. However, to the untrained eye, these offers may be just the scam to attract an unemployed tech worker.
HELP, PLEASE!
Here are a few good resources to help identify misinformation, scams and time-wasters. (Please see the details at each link provided.)
BBC: The 'Sift' strategy: A four-step method for spotting misinformation
1. S is for… Stop
2. I is for… Investigate the source
3. F is for… Find better coverage
4. T is for… Trace the claim to its original context
Reader's Digest: 4 Most Common LinkedIn Scams and How to Spot Them — "'The cardinal rule of the internet ought to be ‘If it’s too good to be true and it costs you money, it’s probably a scam,' says Monica Eaton, CEO of Chargebacks911."
Also, consider taking some free classes from the Federal Trade Commission, National Cybersecurity Alliance and others. Here are some of those:
FTC: How To Recognize and Avoid Phishing Scams
National Cybersecurity Alliance: What Is Phishing and How To Avoid It
Scam Watch (Australia): Help to spot and avoid scams
CNET: 5 Online Scams Google Warns to Look Out For — The list includes the following areas with details on each at the website:
- Customer support scams
- Malvertizing
- Fake travel websites
- Package-tracking scams
- Toll road scams
CNBC: Fake job seekers are flooding U.S. companies that are hiring for remote positions, tech CEOs say — “When voice authentication startup Pindrop Security posted a recent job opening, one candidate stood out from hundreds of others.
"The applicant, a Russian coder named Ivan, seemed to have all the right qualifications for the senior engineering role. When he was interviewed over video last month, however, Pindrop’s recruiter noticed that Ivan’s facial expressions were slightly out of sync with his words.
"That’s because the candidate, whom the firm has since dubbed 'Ivan X,' was a scammer using deepfake software and other generative AI tools in a bid to get hired by the tech company, said Pindrop CEO and co-founder Vijay Balasubramaniyan.”
FINAL THOUGHTS
There are numerous articles and tips available online covering fake applicants and things to watch out for. However, when making such an important decision, you may want to consider hiring an outside firm that specializes in verifying applicants and their identity information.
While there are articles online that offer tips for spotting fakes — such as this one from Inc. about how to scare off North Korean scammers — companies that concentrate on doing background checks on remote employees can offer a valuable service for reasonable prices.
