We've had fake recruiters that claim to work for us running basically the same scam. These are great fake profiles: LinkedIn Premium, tons of relevant posts, etc... but they don't work for us, and we get angry messages from people saying our recruiter tried to scam them. No, they're not our recruiter despite showing up on our company page on LinkedIn. No number of reports could get them taken down.
I finally got it solved by buying drinks for a buddy of mine that works for LinkedIn, but not all startups have that connection!
He got a huge package.
Everyone lived happily ever after.
(LinkedIn eventually locked and then deleted his account, https://awesomeatyourjob.com/1140-bringing-more-laughter-fun...)
https://www.theverge.com/news/771210/linkedin-recruiter-exec...
How would LinkedIn validate that your email domain belongs to the company you claim to work for?
- a startup with legacy personal email addresses from one or two universities
- a spin-off sharing the email domain (and the whole IT infrastructure) of the parent company
- cheapskates using six approved free email services
They want me to upload a govt id and blink my eyes in a video to get unlocked.
They can go jump.
That it requires you to buy your buddy a drink says it all. They should have taken the general issue to their higher ups, fixed it for you and then bought you a drink. Or dinner, on LinkedIn's dime.
It isn't at all a neat solution, but you could maintain a list of users on LinkedIn that are authorised to speak for your company, linked prominently on your profile with a warning that anyone else claiming to work for the company is likely a scammer but LinkedIn offers no way for you to stop them claiming to be part of your company.
If that became a common pattern it could highlight how much of a scammer paradise LI can be and maybe they'd be more likely to do something about that particular vector.
The only way this could be abused is if the administrator accounts on LinkedIn itself get hacked and temporarily other email domains are added to the whitelist (or if an approved user themselves got hacked on LinkedIn [or their work email for that matter]). These are all the usual vulnerabilities in any system.
I understand that it would be too extreme to only allow users to claim they worked at a company if this verification is done, but maybe putting a warning if you get a message from a recruiter/someone that has not verified they work at their 'present' company could go a long way (instead of right now tucking away the verified logo quietly on their profile page).
I had the opposite problem: my company name was equivalent to the owner of an online casino. It took me a year to figure out that the enormous amount of spam I was getting about ‘guest post placement’, and people contacting me about deals was because Linkedin put me among the list of the casino employees. As I was Director of my company, I was the most valuable prey for business spam.
I fixed the problem by deleting my account, but now I’m in all the shittiest of spam lists for eternity. I don’t know how do they even harvest emails from Linkedin.
Reported them to LI and nothing was ever done about it. Eventually the accounts disappeared as I guess they were either shut down or repurposed.
I'd like people to understand that this is a form of corruption. We've normalized many like it. LI knows that the only way to force them to fix the issue is to go through a drawn-out legal process, save a spate of bad press (RIP 60 Minutes), so of course they won't.
AWS did this for us at the time but the 3 people in the company that used AWS services never got to go to these things. So I doubly don't get it.
Not that relying on this is a good idea.
False. [0] If the bank teller demands a bribe to let you withdraw from your account, that's corruption, even though they aren't working for the government.
> Corruption is the dishonest, fraudulent, or criminal use of entrusted authority or power for personal gain or other unlawful or unethical benefits. Corruption occurs in politics, business, education, media, and other social and economic fields.
Legally ‘corruption’ doesn’t exist, as in there is no single law saying ‘corruption is illegal’. (What is ‘corruption’ exactly?)
There are laws against bribery, which does generally only apply to the government, but in many locations applies to pseudo-government roles like notaries, apostiloes, lawyers, etc.
There are laws against embezzlement (a type of corruption), and those definitely apply to private individuals.
There are laws against insider trading, a type of corruption. Those generally only apply to businesses/private folks, not the government, with some exceptions.
Then there is the various kinds of fraud, blackmail, etc. Most people would consider them corruption too. Those apply to private individuals and government agents too.
And many more. It’s a smorgasbord.
The Penal Code, in Article 317, defines the crime of passive corruption as "soliciting or receiving, for oneself or for others, directly or indirectly, even if outside the function or before assuming it, an undue advantage, or accepting a promise of such an advantage." [0]
Active corruption, committed by an outsider, who offers or promises an undue advantage, is provided for in Article 333 of the Brazilian Penal Code. [1]
a: dishonest or illegal behavior especially by powerful people (such as government officials or police officers) : depravity
b: inducement to wrong by improper or unlawful means (such as bribery)
c: a departure from the original or from what is pure or correct
Embezzlement is better typified under theft. Same goes for most of the others: fraud is fraud, blackmail is blackmail. They may acquire a "corrupt" character when they are done in direct exchange of personal material gains. There are discussions about whether insider trading should be illegal.
Generally speaking, corruption is primarily a crime against public administration because it involves the government, which (supposedly) represents the people. Private companies represent themselves, so they get to (more) trivially decide who is on the line or not.
[0] https://en.wikipedia.org/wiki/Passive_corruption
[https://www.jusbrasil.com.br/topicos/10598684/artigo-317-do-...].
I remember getting an office manager, working from Dubai (I think), for my one-person, basically nonexistent company, working from my living room, in New York.
She may still be there. I never bother checking into LI, except making an occasional post, every few months.
I assume you mean the LinkedIn legal dept. The problem there is that these companies are so big that a 'complaint' or 'cease & desist' to them would be like a mosquito bite, if that, & most likely get lost in the 10s of thousands of other complaints.
It's the same with FB & Insta, etc. One of my daughters had a FB acct taken over that she had accumulated quite a following (~100k plus) with her custom hand drawn artwork. It was impossible to get any acknowledgement of the issue let alone get a suitable solution. And, unfortunately these large companies do not care. Sometime makes you wonder if LinkedIn & the like are even worth it
Edit: typos
or linkedin
But you still end up with the code on your machine and risk it being ran.
Bigger issue is giant, inscrutible dependency trees.
In this example, if they tried to run the test suite or application, they'd have been in the same boat.
Afaik all or most languages have some way to run arbitrary code at install time but it seems node is the main one getting targeted. I think the bigger issue here is just people running untrusted things.
If pulling down your company repo and running `npm install` can lead to a compromise, something has went terribly wrong with your company's security setup.
All my current projects have all the code needed in the repo (unless impossible, and aside from a compiler which I guess could also be compromised)
never got serious ones before, the occasional, useless headhunters who are clearly not based in the same country, but these were different. They were big companies in Canada, ones I'd definitely heard of and even applied to in the past. They were direct, were recruiters for those companies themselves, and were plugged in, able to answer questions, and engaging.
they constantly sent job ads, but only via .pdf files. I even pushed back on one and said I don't open random pdfs, send me a link and they declined. Same recruiter hit me up for a similar role a month later, also via pdf.
Multiple other members of the IT org, esp. the security and infra teams, also reported similar, aggressive recruitment efforts with pdfs. This was around 2020-2021.
Last I recall was a download of a windows scr (screensaver masquerading) file.
Linkedin is a new low, and I'm sure the platform doesn't really care (look, more jobs), just as ad network companies (Google, Meta) don't really care about scam ads.
It's the least surprising thing once you've put yourself out there, very strange watching people here think it's novel, I expect it by default at this point, a stranger handing you code needs to go into a vm, would you let them hand you some candy with a wink too?
Bold strategy cotton, let's see if it pays off.
That's all you need to know they're criminals and frauds.
I hate how normalized it became for "HR" to require you having a LI page for a job. I don't think its as bad now but for a while it was essentially not possible to get a job without putting all your personal info on linkedin.