How do cybercriminals act on Linkedin?

• S2 Grupo has pointed out that organized international cybercrime groups use this social network to obtain money or data through cyber espionage.

• Experts from the cybersecurity company have warned that there are currently numerous cases of phishing through LinkedIN.

• The modus operandi of cybercriminals in this environment usually follows four steps: study of the victim, tailored approach, generation of trust and delivery of the malware.

Valencia, July 12, 2022.- The Valencian company S2 Grupo, specialized in cybersecurity as well as cyberintelligence and critical systems management, has warned that cybercriminals are increasingly active in social networks, such as Linkedin, which puts people and the environments in which they work in a vulnerable situation.

"The goal of cybercriminals is always the same, to get money or obtain data, because information is worth a lot of money. Many people think that phishing cases can only happen through phishing email, spoofing and malicious links, but this is not the case. This has become more sophisticated and we also find cases of phishing on LinkedIN, for example", explained José Rosell, managing partner of S2 Grupo.

"There are cybercrime groups such as the Korean Lazarus that, precisely, make intensive use of networks such as LinkedIN to generate a first contact with their victims. This requires us to take extreme precautions in the use of these social networks to avoid falling into their trap, which is often oriented towards cyber espionage", said Miguel A. Juan, managing partner of S2 Grupo.

The cybersecurity company's team of experts has pointed out that the modus operandi of these cybercrime groups is usually as follows:

1. First, they make a study of the target profile. They analyze the victim in order to approach them "without suspicion". In this way, they study their interests, their environment, contacts, the company they belong to, etc.

• The second step is to make a tailor-made approach. "With the victim studied, a message is sent or an initial tailored contact is made. For example, if my interests are X or my job is Y, depending on my profile, the approach will be appropriate to that job, interests, profile, etc. This will increase the chances of success," assured José Rosell.

• Thirdly, trust is key. Cybercriminal groups initiate an exchange of seemingly innocuous messages to gain the victim's trust.

• The fourth step is the delivery. Once contact has been established, and there is a certain degree of trust and confidence in the conversation, they take the opportunity to send a malicious code. This message may include attachments or links that allow the cybercriminal to take full control (for example, by deploying a RAT, software capable of spying on and monitoring the infected computer) or partial control (for example, by capturing valid credentials) of the victim.

More information: prensa@s2grupo.es