LinkedIn is a free service that allows professional people to network with each other. Often, a LinkedIn member will receive an e-mail from another LinkedIn member “inviting” them to join their network. Sometimes, the inviter is someone the recipient doesn’t know, but the recipient will link up anyways. And that’s the problem.
A report at www.secureworks.com says that Dell SecureWorks Counter Threat Unit™ (CTU) researchers discovered 25 phony LinkedIn profiles.
With this particular phony network (called TG-2889), most of the intended victims live in the Middle East. The profiles are convincing, including some having over 500 connections.
Signs of Fraudulence
- Profile photos appear on other, unrelated sites.
- Duplicate summary profiles, some duplicated from other sites.
- “Supporter persona” profiles use same basic template and have other similarities.
Using phony profiles, the scammers aim to lure legitimate LinkedIn users into giving up personal information that the “threat actors” can then use either against them (like getting into their bank account) or scamming their associated company out of money.
Or, as evidenced by that one-fourth of the targets work in telecommunications, the scammers may be planning on stealing data from telecommunications companies.
TG-2889 is doing a pretty good job of maintaining the fake profiles, as they regularly make revisions, continues the secureworks.com report. This suggests that a new campaign is planned, perhaps one targeting the aerospace industry, since at least one fake profile mentions Northrup Grumman.
It’s also likely that some TG-2889 profiles have not been identified, and let’s also assume that LinkedIn is tainted with even more bogus profiles from other threat actors.
For Legitimate LinkedIn Users
- If you suspect a profile is fake, cyber-run for the hills.
- Link up with profiles of only people you know.
- Be leery of interacting with members you don’t know even if they appear to be part of the network of someone you do know.
- If you get a job offer through LinkedIn, don’t respond via that conduit. Instead contact directly the employer for verification.
- For employers: Have you instructed your employees in proper use of the LinkedIn system? Are you sure they are not abusing it (either intentionally or non-intentionally), which could put your company at risk?
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- How to avoid Online Fundraising Scams
You’ve probably heard of the gofundme.com site, where all sorts of stories are posted of people seeking donations. Some are tragic, others are trite. You may be touched by a particular story, perhaps one in which an entire family is killed in a house fire. You click the “Donate Now” button and donate $50. So just
- Lonely Hearts Target of Dating Scams
Online dating websites are aware that scammers use their platforms to defraud men and women looking for love. With the holidays around the corner, many unsuspecting people will be used and abused by scammers, who will break their hearts, their bank accounts, or both. Many of the stories of heartbreak and fraud look like this: “After chatting
- Should Dating Sites Require Background Checks?
It’s no secret that there are kooky people in the world, and those kooky people seem to gravitate to the Internet. My theory is that those with ulterior motives relish the anonymity of the web, which allows them to lure in their victims more easily. I can see why they’d appreciate that. It’s easier to
- LinkedIn Gone Wild: Invades Inboxes
Did you know there is a setting on LinkedIn where they will email your entire contact list in your behalf to let everyone know about a new position you have taken with a company? I didnt. Until I got all kinds of “Congratulations” in my inbox. Apparently there is a new setting that by default is left “On”
- Fake Friends Fool Facebook Users
The word friend is defined as “one who entertains for another such sentiments of esteem, respect and affection; an intimate associate.” But that definition seems to have gone out the window with the advent of social networks. Studies show 50% of people will accept a Facebook “friend” or LinkedIn invitation from a total stranger. So do you consider