I just got a scam attempt by a Linkedin "recruiter"
Contents
I just got a scam attempt by a Linkedin "recruiter".
Here's how eager devs can get hacked easily today, and how you can mitigate it. To be clear, 10 years ago as an eager young pup I would have absolutely fallen for this.
Let's dive in. ๐งต๐
cc @Vladimir S. | Officer's Notes @Tay ๐ @ZachXBT
It starts with an overly verbose message out of the blue.
This is the first red flag - the amount of text is designed to distract. Usually, recruiters will be very evasive about which company they're even representing until a call (which is itself a different red flag).
The message tries to convey a sense of urgency and importance, but since the primary objective is to get you to run malicious code as soon as possible, the repo link is given immediately.
Opening this link (https://bitbucket.org/ventionteam/gameplatform/src/main/server.jsโฆ), I begin to inspect the code.
Another immediate red flag is the date of โฆ
Here's how eager devs can get hacked easily today, and how you can mitigate it. To be clear, 10 years ago as an eager young pup I would have absolutely fallen for this.
Let's dive in. ๐งต๐
cc @Vladimir S. | Officer's Notes @Tay ๐ @ZachXBT
It starts with an overly verbose message out of the blue.
This is the first red flag - the amount of text is designed to distract. Usually, recruiters will be very evasive about which company they're even representing until a call (which is itself a different red flag).
The message tries to convey a sense of urgency and importance, but since the primary objective is to get you to run malicious code as soon as possible, the repo link is given immediately.
Opening this link (https://bitbucket.org/ventionteam/gameplatform/src/main/server.jsโฆ), I begin to inspect the code.
Another immediate red flag is the date of โฆ