Now hackers are targeting the business-oriented social networking service, LinkedIn to seal users information. Hackers are using fake LinkedIn profiles and posing as career recruiters to connect with professionals and lure them to their phishing campaigns. The hackers have also been seeking to connect with professionals from various industries such as oil and gas, and information security.
Symantec discovered that the fraudulent accounts allow hackers to gain trust in them and map networks of business professionals and then direct them to malware-loaded websites where they can get their email addresses and launch spear-phishing efforts. LinkedIn has teamed up with Symantec to remove the identified fake accounts.
“Most of these fake accounts have been quite successful in gaining a significant network – one had 500 contacts. Some even managed to get endorsements from others,” — said Dick O’Brien, Symantec researcher.
Specific Pattern Follow by Fake LinkedIn Profiles
According to Symantec, most of these fake LinkedIn profiles follows a specific pattern:
- They bill themselves as recruiters for fake firms or are supposedly self employed.
- They primarily use photos of women pulled from stock image sites or of real professionals.
- They copy text from profiles of real professionals and paste it into their own.
- They keyword-stuff their profile for visibility in search results.
Fake LinkedIn profiles are mostly posing as recruiters because that make an easy entry point into the networks of real business professionals. Real recruiters already use the service as a way to find potential candidates. LinkedIn users expect to be contacted by recruiters, so this ruse works out in the scammers’ favor. Many of these fake LinkedIn accounts use unoriginal photographs. Their profile photos were found on stock image sites, other LinkedIn profiles, or other social networking sites. And these accounts also have copy and pasted summary and experience from real professionals on LinkedIn. The fake LinkedIn accounts stuff their profiles with keywords like “Reservoir Engineer”, “Exploration Manager”, and “Cargo Securement Training” to gain visibility through the site’s built-in search functionality. And Symantec also warns users that if you never met the person before, don’t just add them.
How to Identify Fake LinkedIn Profiles
Symantec also provide some tips to users to identify these fake LinkedIn profiles :
- Do a reverse-image search or download the TinEye browser plugin to cross check the photos from suspicious accounts.
- Copy and paste profile information into a search engine to locate real profiles.
- If someone you know is already connected with one of these fake accounts, reach out to them and find out how they know them.
And also if you suspect that you’ve identified a fake LinkedIn account then report it through this link and help to remove them from LinkedIn.