LinkedIn can be a hacker’s treasure trove and job seeker’s nightmare.
The IT security company Symantec revealed that dozens of fake accounts on social networking sites are being used by hackers pretending to be recruiters. The accounts holders let hackers plot a network of business professionals and achieve the professional’s trust.
By building a connection with the professionals, criminals can easily request for their personal information.
If hackers succeed in getting their email addresses, they launch spear-phishing by which they can get your Credit Card and bank account numbers, passwords and all the financial information available in the computer. However, if they fail to achieve the email, they direct them to malware-loaded websites.
In a report, Symantec said, “LinkedIn users expect to be contacted by recruiters, so this ruse works out in the scammers’ favour.”
Luckily, the security firm has worked along with LinkedIn and has removed all accounts identified as fake. Symantec’s researcher Dick O’Brien told BBC: “Most of these fake accounts have been quite successful in gaining a significant network – one had 500 contacts. Some even managed to get endorsements from others.”
LinkedIn responded to it as: “We investigate suspected violations of our Terms of Service, including the creation of false profiles, and take immediate action when violations are uncovered. We have a number of measures in place to confirm the authenticity of profiles and remove those that are fake. We encourage members to utilise our Help Centre to report inaccurate profiles and specific profile content to LinkedIn.”
The researchers who were chasing the fake accounts found out that these fake profiles usually used photos of women taken from the profiles of real professional or the stock pictures from the internet. They also that these profiles totally had the same text as other original professionals which means they just copied it from the other’s profiles and posted it on their fake ones.
The criminals did also carry out a deep study on LinkedIn and used the keywords which can easily make them prominent through website’s own search engine. The keywords used were like, “exploration manager” or “reservoir engineer” and most of the terms used were regarding logistics and the oil and gas industries.
Mr O’Bried said that other social media platforms like Facebook and Twitter are also facing the same problems but they seem much more interested in LinkedIn. He also provided some guidelines for the LinkedIn users who after knowing this, would doubt if they have a hacker friend in their profile which are:
“You can do a reverse image search by dragging and dropping the profile picture into Google Images and see what it brings up. Copying and pasting the job information in Google can also reveal whether it has been taken from somewhere else.”
The danger of fake LinkedIn profiles trying to fraud is not new. In October, Dell’s counter-threat unit researchers found at least 25 fake profiles working together which had more than 200 real professionals working in defence, telecommunications, government and utilities. These fake accounts linked back to Iran-based hackers.
Social media is the best for cyber criminals to gather personal data of the user. In some cases, the criminals can even get hold of credit card data if the users sign up for online shopping.
In the past, Linkedin was targeted with Blackhole malware designed to steal login credentials.