We have received several reports of a new type of cybercrime gaining steam over the Internet involving LinkedIn, mystery shopping scammers and university professors. The way it works is thieves are hacking into the LinkedIn accounts of respected university professors and targeting their colleagues and former students with a proposition to earn easy extra cash for market research.
Knowing that professors command a certain level of respect and authority it is a scam that works based on trusted relationships not only with the faculty whose accounts are hacked, but also with LinkedIn as a trusted business social media network. Many users buy a subscription to LinkedIn, so it should have better security, right? Wrong.
When the hackers take over these accounts and a few things can happen; the faculty member has no idea and is ignorant of the mystery shopping scam; the faculty member finds out and reports it but LinkedIn does not freeze the account and instead makes it very difficult for the account holder to prove their identity, meanwhile the scam continues using their profile; or after some lengthy back and forthing the account holder does gain control of their account. LinkedIn doesn’t do much to monitor or prevent these impersonator hacks in the first place and is not doing enough to prevent these crimes. Once hackers have control they can send emails as the faculty member using their LinkedIn account at will.
The hackers use the LinkedIn account to phish the faculty member’s network using a very credible looking mystery shopping market research proposition using much of the language and procedures of actual market research firms. It is an intricate set up of shell company names, emails, addresses and websites that appear to be real to trick victims. The crooks ask victims for some personal information and a mailing address to send a tracked packet. Because a packet is mailed, mail fraud is involved which is a federal offense, but victims have said authorities have little bandwidth to do anything other than accept filed reports.
Once the packet arrives it contains a check of several thousand dollars and instructions for the victim to “keep” 30% of the check and use the rest of the money to complete the assignment/scam. Students are particularly vulnerable to the scam, often with limited income streams. In between traditional market research questions specifying which store to go to, which product to buy, and which questions to ask the salesperson is a plot to get money. The victim is then harassed by text and email to urgently complete the assignment before they realize the check will bounce.
We have reports where mystery shoppers were asked to buy prepaid money cards and email the redemption code on the back; to buy check printing software to print and deposit checks; and to send a MoneyGram to a Puerto Rico location.
When mystery shopping victims trust their relationships with university faculty and LinkedIn enough to move forward and get ripped off there is little recourse. Due to a pandemic of cyber crime, we have reports that the authorities and companies involved do nothing and are unwilling to follow the money trail.
If you have anymore information related to a LinkedIn mystery shopping scam, please send us an email to firstname.lastname@example.org.