Don’t Open Unsolicited File Attachments From LinkedIn
You know not to open unsolicited file attachments. The rule remains in effect whether you receive them via email, as a link in a public message on a social network, or accidentally send them in a chat application: never open a file you did not expect to receive. And even if you expected it, you should be careful when opening files from someone you have never spoken to before.
(Of course, even when someone you know sends you a file that might be legitimate, but because of its timing, file name, file size, or other general weirdness, slightly lifts the hair on your neck, you should keep your skepticism and do it just in case. virus scan.)
When it comes to computer security, this is one of the first and easiest rules to remember. However, I can see how this process can be easily interrupted when you receive the file on LinkedIn. After all, this is LinkedIn, right? ” Professional ” social network! And this recruiter telling you about this awesome (contract) job opportunity won’t be fooling you. They want to hire you! Now just click on this handy app to view the job description and …
No, don’t do this. You should still be careful if you receive a .DOCX or .PDF message that could otherwise be hyperlinked to a website or simply copied and pasted into a message or subsequent email. And as eSentire points out , definitely don’t open an attachment if it’s, say, a .ZIP file that was sent to you out of the blue. A recent malware campaign uses this very technique to create problems:
“The eSentire research team, Threat Response Unit (TRU), found that hackers were victims of spear phishing with a malicious zip file using the position listed on the target’s LinkedIn profile. For example, if a LinkedIn member’s job is listed as “Senior Account Manager – International Transport”, the malicious zip file will be named “Senior Account Manager – International Transport Company” (note the “title” added at the end) … Upon opening a fake job offer, the victim unwittingly initiates a silent installation of the fileless more_eggs backdoor. Once downloaded, the sophisticated backdoor can load additional malicious plugins and provide practical access to the victim’s computer. The threat group behind more_eggs, Golden Chickens, is selling the backdoor as part of a Malware Delivery Agreement (MaaS) to other cybercriminals. Once more_eggs is on the victim’s computer system, seedy Golden Eggs clients can log in and infect the system with any type of malware: ransomware, credential theft, banking malware, or simply use the backdoor as a foothold on the victim’s network to exfiltrate data. “
If you really need to open a file attachment that you received from someone you don’t know, or that you didn’t expect, download it and scan it thoroughly for viruses and malware before opening it. There are tons of free tools you can use to do this too. I would even say that it is worth being extra paranoid and opening the specified file in a sandbox – a temporary virtual environment, the contents of which cannot cause a disaster on your real system. Usually, when you close the specified sandbox, everything that happened in it disappears; start another sandbox and your virtual environment will be fresh and new again.
If you’ve already opened a seemingly suspicious attachment from LinkedIn or elsewhere, make sure your antivirus and antimalware apps are up to date as possible, perform a full scan of your system, and send the file you downloaded to a service like VirusTotal for a little extra help in confirming that you were hit. Be prepared to clean and reinstall your computer if you find that you are indeed infected.
Common sense is best in these situations. If someone refuses to just copy and paste the contents of a document when asked, especially if they suddenly extort you, ask yourself why they are so reluctant. If you argue with them about the need for a .ZIP file, and they chat, it means that there is something strange about the alleged “proposal” that they present.