Beware fake LinkedIn profiles (and how to spot one)
So, I had no idea that fake LinkedIn profiles were a thing. Until now.
According to Info World, earlier this year, researchers from Dell SecureWorks Counter Threat Unit identified a network of at least 25 well-developed fake LinkedIn profiles.
At first I was confused about what the point would be of a fake LinkedIn profile? To get a job, then not show up on the first day of work because – Ha! Joke’s on them, you don’t exist? Because that seemed like a strange motivation.
No, the goal is actually to target victims through something they’re calling “social engineering,” with presumably the same goals as usual – breaching security, accessing information, stealing stuff, ruining everything.
The assumption is that the bad guys are building relationships and relying on the fact that that people tend to trust others within their network and would be more likely to fall for a spear phishing email or suggested website if it appeared to come from someone they knew.
This particular network was set up to target individuals in the Middle East, North Africa, and South Asia.
The profiles were ultimately identified as bogus based on specific factors. While some featured full fake educational histories and detailed information about fake current and previous jobs at real companies, others weren’t very well developed and had five connections and a simple description for one job. Some of the profile pics were obvious stock photos which appeared elsewhere on the internet, including several adult sites.
Phishing is nothing new. Canadian writer Hannah Sung lost more than $20,000 through a phishing email in 2009.
She clicked on an email purported to be from her bank and then, she writes:
“I clicked “Reply.” No, I did not give them my PIN or confirm my birth date… All I did was write, “In light of Internet fraud, phone your customers, don’t email.” Oh, the irony.”
Shortly after that her accounts were all drained.
The lesson here? Don’t even reply. And maybe look at LinkedIn connection requests before approving them. I have to admit I don’t usually do that last thing.
An important part of the LinkedIn story is that the fake profiles claimed to be recruiters. As far as victims to, most LinkedIn users would not be suspicious of an unsolicited email from a recruiter.
So be careful out there, guys. Keep your actual email address private, and try to find out if someone is legit before replying.
This article, meanwhile, suggests that there might be other motivations for fake LinkedIn profiles such as dating, sales, and corporate espionage. It also features examples of fake profiles. Here is one of them.
The author writes: “‘Alex’ leaves a lucrative Geomatic Surveyor role for stints as a Volunteer Advocate, Travel Writer/Photographer and ends up as a Recruiter. Recruiter is a popular fake profession on LinkedIn because we tend to lower our guard for recruiter connection requests. Says he became a Recruiter in March 2014 but I have a screenshot which proves that he just added that role to his profile 2 days ago.”