alt Hacker NewsThis type of attack has been happening a lot the past 2 years. I've seen one that was very well done...the GitHub account of a fairly well known security researcher had been compromised...their identity and code was being used as part of the recruitement. I reached out to the person...who was understandably embarrassed and told me they had reported this to LinkedIn + Github but saw no action.
This is the part that really irks me: LinkedIn and Github know this is the end goal of many of the rampant supply chain attacks but they a) don't have a first class mechanism for reporting b) don't seem to be improving their systems or even warning people. I have been hit be this enough times that I follow along to get screenshots of the scammer. One might think with all the surveillance systems Microsoft/LinkedIn/Github/Google-Meet/Calendly have in place that a potential victim reporting it along with an actual picture of the scammer could get us somewhere.
Call it a conspiracy theory, but I think a lot of these businesses actively avoid making serious efforts because even trying creates expectations. Ones that they don’t want to be on the hook for.
Like the Facebook problem. They were never in more trouble with people and legislators than when they were spending mountains of gold trying to police content.
It’s much easier to shrug and say, “Sorry folks, it’s the internet. Good luck.”