What to look out for
Why you should think before you link
In this section, we hope to provide you with some insights into the campaign. It is important to note that no single behaviour or hallmark should be taken in isolation. Rather, a combination of these factors should be considered indicative of a potential malicious approach.
How do they trick you?
Typically, hostile actors and criminals contact the target posing as an interested ‘employer’ or recruitment consultant presenting a unique business opportunity. They ask for further details about the target’s background, try to “sell” the business opportunity, and insist on discussing it privately, away from the initial website.
This kind of engagement is an attempt to understand the level of access the individual has to sensitive information, draw it out from them, and build a longer term relationship. Most of the time the target is not aware of the real purpose of the approach. In some instances, they believe they are providing information to develop a legitimate business opportunity.
Why do some people engage?
These online approaches work in a similar way to other ‘scams’ (e.g. romance, financial, cyber scams). It may be increasingly difficult to suspect the scam as it progresses as you become psychologically invested and therefore reluctant to reassess your previous decisions. Many people may ignore their concerns and choose to focus on the so-called business opportunity.
1. Profile picture
Picture of highly attractive individual in a formulaic business setting such as an office. Largely detectable with reverse image search.
2. Company affiliation/description
Generic, non-descript consultancy or recruitment company. Reference to government contacts, ‘state owned’ enterprises. Similar content to other suspicious profiles.
3. Profile name
Typically this is a common western first name followed by a foreign surname.
4. Unrealistic job roles
Very senior or high-profile job roles, with a young profile picture.
5. Mutual contacts
Contacts with mutual friends may have been made to make the profile appear more legitimate. Many people don’t fully check the profiles of new requests before accepting.