‘Cybercriminals using fake LinkedIn accounts to scam users’

December 07, 2015 05:20 pm | Updated 07:54 pm IST - New Delhi

LinkedIn Corp., the professional networking Web site, displays its logo outside of headquarters in Mountain View, California. File photo.

LinkedIn Corp., the professional networking Web site, displays its logo outside of headquarters in Mountain View, California. File photo.

Cybercriminals are using fake LinkedIn profiles to map out the networks of business professionals to scrape contact information and later use these to send spear-phishing emails, security solutions firm Symantec said on Monday.

LinkedIn, which has over 400 million users globally, is a prime target for scammers looking to connect with professionals across a variety of industries, including information security and oil and gas, it said on its official blog.

Scammers copy information from real LinkedIn profiles to pose as recruiters and attract new connections, it added.

“Over the last year, we have seen a growing number of incidents involving fake LinkedIn accounts targeting members of the business-oriented social networking service. We worked with LinkedIn to take down some fake accounts that we had come across during our research,” it said.

Symantec said most of these fake accounts followed a specific pattern. They bill themselves as recruiters for fake firms or are supposedly self employed and primarily use photos of women pulled from stock image sites or of real professionals.

“We were able to confirm this by using reverse image search tools like TinEye and Google’s Search by Image,” it said.

The scammers copy text from profiles of real professionals and keyword-stuff their profile for visibility in search results, the blog added.

Symantec said the primary goal of these fake LinkedIn accounts is to map out the networks of business professionals.

“Using these fake LinkedIn accounts, scammers are able to establish a sense of credibility among professionals in order to initiate further connections,” it said.

Scammers scrape information

In addition to mapping connections, scammers can also scrape contact information from their connections, including personal and professional email addresses as well as phone numbers.

This information could be used to send spear-phishing emails, it added.

Symantec said LinkedIn users should be very skeptical of who they add to their network.

“If you’ve never met the person before, don’t just add them. We weren’t surprised to learn that these fake LinkedIn accounts received endorsements from real users,” it said.

Also, users can do a reverse-image search (e.g. tineye.com or Google Image search) or copy and paste profile information into a search engine to identify whether the accounts are real or fake, it said.

Reaction

When contacted, LinkedIn Head of Communications India and Hong Kong Deepa Sapatnekar said the company has a number of measures in place to protect its members, including violations to ‘User Agreement’ such as fake profiles.

“We investigate violations and take immediate actions where necessary. We also encourage members to utilise our Help Center to report violations,” she added.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.