Foreign hackers are creating fake LinkedIn profiles and connecting with those close to you.
Professionals all around the world use the business-oriented social networking service, LinkedIn, to connect with colleagues, clients, and to form other business related relationships. According to the LinkedIn website, LinkedIn has over 380 million registered users in more than 200 countries and territories. Over 118 million of them are in the United States, making LinkedIn one of the best sources of information on American professionals on the face of the planet. It is a treasure trove of data on individuals including names, job titles, work history, academic careers, and professional social relationships.
Creating fake profiles to take advantage of unsuspecting targets like you.
Recently, security researchers with the Dell SecureWorks Counter Threat Unit (CTU) identified fake LinkedIn profiles that are linked to a group of Iranian hackers, they are calling Threat Group-2889 (TG-2889). The CTU has found substantial evidence that the purpose of these fake LinkedIn profiles is to target potential targets through social engineering.
Social engineering is a non-technical hacker method, usually involving tricking the victim into doing something that gives the hacker unauthorized access to systems and data. It is one of the greatest threats to individuals and organizations.
The researchers found that there were two types of fake accounts: fully developed profiles (with hundreds of LinkedIn connections) and supporting profiles (with a much lower number of LinkedIn connections). Many of these fake profiles will include names, photos, and job titles.
Accepting invitations from these hackers provides them with significant information about you, your organization, and your contacts.
Once you accept an invitation from one of these hackers, not only is your data at risk, but they are also able to view your contacts which could lead to them making additional friends and contacts based on who is in your contact list. This enables them to further their data gathering.
What does this mean?
You are looking for a new position and receive an invitation to connect from a recruitment consultant with connections at respectable companies, one of which you would like to join. They also have 25 other connections in common with you. In the invitation message, they say that they have an interest in you and your work. What's the harm in connecting with them? Besides, you have 25 other people in common, one of which is your buddy, John. Also, another colleague, Sam, has endorsed the profile. So, you connect with them. Unbeknownst to you, they do not actually know your colleagues and you have just become another piece of a malicious cyber espionage ruse. Now these hackers are using you to get to your other colleagues and gather additional information about you, your colleagues, and your organization. This is all a part of a cyber espionage mission. It could be quite damaging to your reputation to be the person responsible for a data breach, simply because you accepted an invitation from the wrong LinkedIn profile.
What can you do to protect yourself and your professional relationships?
- First, search your network for known fake profiles. Find a list of those fake profiles here, as reported by Dell SecureWorks Counter Threat Unit.
- Do NOT accept invitations from people that you do not know.
- Regularly remove unnecessary LinkedIn connections.
- If you receive an invitation, do a Google Search on the person, their company, and their position. Does anything come up? If not, this could be a sign that the profile is fake.
- Adopt a position of vigilance when engaging with "friends of friends" on social media. In some cases, your friend doesn't actually know the person and fell victim to a scam.
- When considering employment opportunities from LinkedIn, seek a confirmation of legitimacy from the individual's purported employer.
- If you see a profile that you suspect to be fake, report it to LinkedIn. Creating fake profiles is a breach of LinkedIn's terms and conditions.
Read the full technical report here.