LinkedIn Scammers Target Users With Fake Profiles

Users of the business social network LinkedIn are being targeted by scammers, according to Symantec, which has discovered a number of fake profiles.

The security firm’s investigation revealed a growing number of incidents involving these fake LinkedIn profiles, and it has warned users to be very sceptical of who they add to their network.

Data Gathering

Symantec said it has worked with LinkedIn to take down some fake accounts that were uncovered during its research.

So what are the scammers hoping to gain? Well it seems that once a connection is established to an unsuspecting victim, the scammers attempt to gather as contact information (phone numbers, emails etc) from users as possible. This information can then used to send spear-phishing emails for example.

The fake LinkedIn accounts often pose as recruiters, and they reportedly map business professionals’ networks and establish a sense of credibility in order to reach more people. They often use photos of women pulled from stock image sites or of real professionals.

“Boasting over 400 million users, LinkedIn is a prime target for scammers looking to connect with professionals in a variety of industries including Information Security and Oil and Gas,” wrote Symantec’s Satnam Narang.

“The primary goal of these fake LinkedIn accounts is to map out the networks of business professionals,” he said. “Using these fake LinkedIn accounts, scammers are able to establish a sense of credibility among professionals in order to initiate further connections.”

So both Symantec and LinkedIn are offering users the following advice…be very sceptical.

“Users of LinkedIn should be very sceptical of who they add to their network,” said Narang. “If you’ve never met the person before, don’t just add them. We weren’t surprised to learn that these fake LinkedIn accounts received endorsements from real users.”

Password Breach

LinkedIn has suffered security scares before this. The most famous of which was in June 2012 when reports emerged that almost 6.5 million LinkedIn passwords had been stolen and published online.

A Russian hacker had acquired password hashes, cracked many of them and posted them on a Russian website. Following the breach, LinkedIn announced “a long-planned transition” to a password database system that both hashes and salts the passwords, to provide a double-layer of security.

The social network also apologised and enlisted the help of the FBI in the matter, but that did not stop a class action lawsuit. The social network paid $1.25m (£810,000) to settle the legal claim earlier this year.

In late 2010, LinkedIn (and others) asked their users to change their passwords, after a data breach at online publisher Gawker Media resulted in about 200,000 login details being compromised.

Are you a security guru? Try our quiz!