Tell HN: LinkedIn is automatically importing job postings into company profiles
It appears that LinkedIn is automatically importing job postings from other places on LinkedIn and other sites such as angel.co if the company name of the job posting matches your company name on LinkedIn.
After importing, the job postings will display your company logo, company description, profile pictures of your connections that already work there, etc, just like a real job posting. The "Apply" link redirects to the original job posting such as from angel.co.
The only reason I was able to tell these are not legitimate is because the descriptions of the posts clearly describe a different company.
So it seems to be a phishing opportunity is to create a profile on LinkedIn or angel.co with a company name that matches your target company. Write some job postings with descriptions that look like a job posting that the company would actually hire. And now those job postings will be reposted onto the official LinkedIn pages of the company, and applicants will be redirected to your phished webpage.
165 comments
[ 5.6 ms ] story [ 218 ms ] threadEhh, not sure how I'm targeting the company by doing that? If I understand correctly, you're actually targeting an applicant here.
https://news.bloomberglaw.com/privacy-and-data-security/link...
February 2022: LinkedIn sue Mantheos.
April 18, 2022: TechCrunch runs an article [0] stating that a U.S. appellate court affirms the legality of scraping publicly available data.
So IIUC, LinkedIn was consistently playing to the apparent law.
EDIT: oops, forgot the link!
[0] https://techcrunch.com/2022/04/18/web-scraping-legal-court/
Initially crawling them was very easy (we had ~100m profiles). With time crawling became harder and harder on the technical front. They obviously invested millions of $ in technology to stop being crawled.
When opening a link it would only show a popup telling you what app tried to open what link and it gives you the option to choose what app/browser to open it or just to copy it. On mobile it would also have a share button.
It would be a completely offline app.
Just these features, nothing more.
Edit: actually it sounds like a good first Android app...
Google Jobs' site [1] suggests the data sources are likely from integrations with other platforms (2).
> There are two simple options to make sure your jobs appear on Google.
> 1. I post or aggregate jobs on my website - ...
> 2. I use a third-party to post jobs - Check to see if your job provider is already participating in the job search experience on Google.
https://jobs.google.com/about/
Or a recruitment SaaS that recruiter is using?
(Recruitment seems to be numbers game for a lot of people. And I've noticed a few questionable integrations and duct-tape workflows going on around LinkedIn. I wouldn't be surprised if the phenomenon you noticed was an accident of one of those.)
I believe GP's intended direction was that there may be very different conversations there depending on whether this is (1) a platform potentially abusing its users vs. (2) a platform's _user(s)_ potentially abusing other users.
I'm hoping someone else can find the article I read. What I remember about it was: It said it was a beta feature gradually being rolled out, but if you wanted access sooner there was a link to contact LinkedIn to enable it for your company. The other thing I remember from the page is that it said it would automatically import 2 jobs per month for free, which is good because this is in addition to the 1 free job you can post per month.
Secondly, if I dreamt about this article or something and this isn't actually a LinkedIn feature, then I apologize as the title and content of my post is misleading. However it is still a problem that somehow other companies are able to post jobs on your company's official LinkedIn that link away from LinkedIn to another page.
I'm sure there's a way to opt-out of all of this (or at least I'd hope so). The problem is that we didn't _opt_in_ which is why I think people need to know.
Surely this kind of thing will eventually come back to haunt them?
I get hundreds per year.
Maybe 1 in 50 are decently relevant.
Many are mass spams. A good amount will be in tech I have no interest in, haven't worked in in over a decade, or have never worked in. It's clear the messages are sent without ever actually reading your profile or even job titles.
I wish there were a way to control only the handcrafted / non-spam messages reaching my inbox.
There are seem to be some techniques for verifying existence of an email address without actually emailing it.
https://stackoverflow.com/questions/565504/how-to-check-if-a...
I tried the below services with a custom G Suite domain and, to my surprise, they successfully worked, even for addresses that I know have never been posted publicly (!).
https://email-checker.net/validate
https://clean.email/verifier/how-to-check-if-an-email-is-val...
All the automated messages address me as if Dr was my actual first name, So “hi Dr” or “Dr,…”
So it’s a good filter for all the machine created messages, which is a very very high percentage of them.
For my intent it kinda works the exact way I want it to, but I really only ever login when I'm looking for a job.
(In my case the extra material is relevant... I've run pricing at five companies, which is usually a massively cross-functional job. Unlike my typical competitor, I've also mastered most of the supporting technical, accounting, and commercial disciplines... which makes me a one stop shop for serious pricing problems.)
I doubt it. Network effects matter and nobody is switching from LinkedIn for fear of missing out. There is no other work-related social network like it.
It's different with FB/Instagram that there isn't much at stake so people will just switch to test something and then stay. With LinkedIn, the "what if I miss a job opportunity?" factor means there's pressure to ignore the UI issues and just stick it out.
I don't see a disruptor in this industry, do you know of any?
Network effects is not an impenetrable fortress. It just means your product has to have a really good reason for people to switch, and I dont see anyone in the work network space doing anything really better than LI. I wish someone was.
The folks in my field (ML/applied math/scientific computing) are all on there, and moreover those reaching out to me are always technical folks rather than recruiters.
(Twitter gets a bad rap, but the academic/dev parts of it are the single best way I've found to track the Zeitgeist of fields and topics I'm interested in.)
'tech twitter' is full of junior developers, developer advocates, and students, all trying to sell e-books to each other or virtue signal their way into a dev advocate role. I only found content creator and tech influencer sales pitches.
I think tech Twitter quality is heavily dependent on being thoughtful of who you follow.
Often network effects dominate this sort of thing, so that's probably not true.
I am relatively lucky, because I am now old enough to have friends, colleagues and some reputation so I do not need it ( amusingly, my profile was flagged for something recently and I have not looked back ), but I remember when I did and recruiters were the least painful way to get my foot in the doors
They probably just decided, we may as well do it too.
omg, I had that feeling too (and I actually removed my profile): good: I thought I was alone :)
I'm not a lawyer so I don't really know what this is. Maybe trademark infringement? But you probably "signed" something giving them a perpetual irrevocable license to do stuff like that. "Tech companies being irritating in the third degree" is the best I have here. Not illegal yet, sadly.
> Using a “gate-up, gate-down” analogy, the Supreme Court said that when a computer or website’s gates are up — and therefore information is publicly accessible — no authorization is required.
> The Ninth Circuit, in referencing the Supreme Court’s “gate-up, gate-down” analogy, ruled that “the concept of ‘without authorization’ does not apply to public websites.”
[1]: https://techcrunch.com/2022/04/18/web-scraping-legal-court/
The company's LinkedIn (with our logo, connections, etc...) would show job openings for cooks and waiters.
I found it funny, at the time, and even went to the restaurant to try it out.
"Sounds great, when can you start?"
Do we know that in fact LinkedIn is scraping? Could it be that the LinkedIn data science team is erroneously matching company names with job titles that are added to its website? E.g., someone from YMCombinator posts a page to LinkedIn and puts the application link to angel.co. Then LinkedIn mistakenly sees YMCombinator as YCombinator and adds the logo (no scraping involved).
Google search results are indexed content.
Google magic answer boxes are often scraped content.
Taking OP's claim at face value this looks like scraping to me.
Here's a very real series of events I'm privy to:
- Bad guy gets a domain name confusingly similar to the target company (maybe tack on "inc" or "llc").
- Bad guy gets access to a LinkedIn account (doesn't matter who or if they're connected to the company; stands to reason that a hacked account with existing connections adds credibility) and updates the title to CEO of target company.
- Bad guy posts an "Easy Apply" ad for a remote job with target company.
- That job listing automatically appears on target company's LinkedIn page.
- Bad guy begins receiving contact info for the job and gets to work.
- Following a weak interview process conducted entirely over IM or email, the candidate is hired.
- New hire provides identity documentation at bad actor’s request.
- Bad actor sends new hire a check with instructions to buy equipment for their home work area from a specific vendor who is also the bad actor.
- New hire deposits check and bank makes funds available before the check clearance process actually completes.
- New hire buys a few thousand dollars’ of equipment from a vendor that doesn’t exist with money they don’t actually have.
- Check bounces and the jig is up.
By the time target company found out, LinkedIn has removed both the job ad and the profile that created it, but did not and would not reach out to the applicants to warn them of the scam nor provide those applicants to the target company (y'know, the company the applicants thought they were applying to; citing "privacy reasons").
While [1] says LinkedIn can do something to restrict who can post jobs on behalf of your company, it's wholly undocumented (and I suspect may not work well for companies relying on both internal and external sourcing). The only defensive measure I've identified is setting up a job alert for your company, specifically for Easy Apply and/or Remote positions as that seems to track with the scam.
[1] https://www.bleepingcomputer.com/news/security/you-can-post-...
It won't permanently throw away your data, allowing you to revert if you so desire.
I discovered one day that I am getting recommended "Long distance truck driver" jobs through email and some of the re-targeted ads. First, I ignored them, but in a week or two, it became apparent that it was not just a coincidence. After some research, I realized that I had listed "Device Driver" programming as a skill on my LinkedIn and personal website. I suspect it must have been crawled, and the word "Driver" was matched to send me those recommendations.
2 weeks later: See your new recommendations for job opportunities in Delphi!
you may want to apply for the job to see what happens
See for yourself: https://www.linkedin.com/company/facetdev/people/
How are these accounts not being automatically flagged as fake?