Beware fake LinkedIn profiles, threat actors are using them to hack you

Pierluigi Paganini December 04, 2015

According to the Symantec firm, a growing number of threat actors in the wild are targeting professionals on LinkedIn with fake LinkedIn profiles.

LinkedIn is a privileged platform for intelligence gathering, a growing number of hackers are targeting professionals to collect information about their activities and networks. I daily refuse dozens connection from fake LinkedIn profiles that try to link me and my networks to gather intelligence.

By mapping the connections related to a specific account, criminals can entice users to give up personal details, target them with spear phishing attacks, redirect them to websites serving malware, and much more.

Social media platforms are powerful instruments for cyber espionage, recently numerous campaigns relying on fake LinkedIn profiles were uncovered by security experts. In October, the experts at the security firm Cylance revealed that the Cleaver group is managing a well-developed network of fake LinkedIn profiles for cyber espionage purpose.

In September, security researchers have uncovered a group of fake recruiting accounts on LinkedIn used for intelligence gathering about security experts.

talent-src LinkedIn fake recruiters 2

Now, the security firm Symantec launched the alarm, its experts uncovered dozens fake LinkedIn profiles on the social network targeting professionals across a variety of industries. Also in this case, the attackers are posing as recruiters, the fake accounts allow them to map the networks of business professionals and gather information.

Symantec has collaborated with the company to identify the LinkedIn bogus profiles and remove them.

“Under the guise of a recruiter, these fake LinkedIn accounts have an easy entry point into the networks of real business professionals. Real recruiters already use the service as a way to find potential candidates. LinkedIn users expect to be contacted by recruiters, so this ruse works out in the scammers’ favor.” states Symantec in a report.

The alarming news is that most of the bogus accounts have been quite successful in gaining a significant network, some got endorsements from victims increasing their reputation.

“We investigate suspected violations of our Terms of Service, including the creation of false profiles, and take immediate action when violations are uncovered.” said LinkedIn.

“We have a number of measures in place to confirm authenticity of profiles and remove those that are fake. We encourage members to utilise our Help Center to report inaccurate profiles and specific profile content to LinkedIn.”

The researchers found that the fake LinkedIn profiles tended to be made up of text that had been copied and pasted from the profiles of real professionals. They used photos, often of women, pulled either from stock image sites or of real professionals.

They also used keywords such as “reservoir engineer”, “exploration manager” and “cargo securement training” which are likely to gain them visibility via the site’s built-in search engine.

Many of the terms related to the logistics, information security and oil and gas industries, Symantec said.

fake LinkedIn profiles

Most of these fake accounts follow a specific pattern:

  1. They bill themselves as recruiters for fake firms or are supposedly self-employed
  2. They primarily use photos of women pulled from stock image sites or of real professionals
  3. They copy-paste text from profiles of real professionals for their summary and experience
  4. They keyword-stuff their profile for visibility in search results

this means that it could be easy to uncover them, as explained by Symantec researcher Dick O’Brien.

“You can do a reverse image search by dragging and dropping the profile picture into Google Images and see what it brings up.” Dick O’Brien suggests.

“Copying and pasting the job information in Google can also reveal whether it has been taken from somewhere else.”

Let me close with polemics against Wikipedia, the alleged open source of knowledge. More than 4 years ago I have coined the term “Social Network Poisoning,” detailing the possible misuse of a social media platform. At that time, the “experts” at Wikipedia UK deleted my voice despite I have produced all the necessary arguments to support my concept. I was considered a stupid visionary, evidently too far ahead for them! After a few weeks, Wikipedia banned me, fortunately, the Italian version of the version is still online “Social_Network_Poisoning.”

Let me invite you to create again the term in Wikipedia citing me and my story, and let me suggest you this interesting post on the topic.

Pierluigi Paganini

(Security Affairs – fake LinkedIn profiles, cyber espionage)

you might also like

leave a comment