Hackers befriend LinkedIn users

A fake LinkedIn accountImage copyright

Image caption

The scammers set up fake accounts, often using stock photos of women

A growing number of hackers are targeting professionals on LinkedIn, according to security firm Symantec.

Its investigation uncovered dozens of fake accounts on the social network, across a variety of industries.

Posing as recruiters, the fake accounts allow hackers to map the networks of business professionals and gain the trust of those in them.

The security firm has worked with LinkedIn to remove all of the fake accounts it identified.

By making these connections, criminals can entice users to give up personal details, direct them to malware-laden websites and, if they can get their email addresses, launch spear-phishing campaigns – targeted emails that aim to steal personal information.

“LinkedIn users expect to be contacted by recruiters, so this ruse works out in the scammers’ favour,” it said in its report.

“Most of these fake accounts have been quite successful in gaining a significant network – one had 500 contacts. Some even managed to get endorsements from others,” Symantec researcher Dick O’Brien told the BBC.

The researchers found that the fake profiles tended to be made up of text that had been copied and pasted from the profiles of real professionals. They used photos, often of women, pulled either from stock image sites or of real professionals.

They also used keywords such as “reservoir engineer”, “exploration manager” and “cargo securement training” which are likely to gain them visibility via the site’s built-in search engine.

Many of the terms related to the logistics, information security and oil and gas industries, Symantec said.

Image copyright

Image caption

Some fake profiles copied information from real profiles

The social network was contacted for comment but had not replied by the time of publication.

Mr O’Brien had some tips for LinkedIn users worried that they might have befriended a hacker.

“You can do a reverse image search by dragging and dropping the profile picture into Google Images and see what it brings up.

“Copying and pasting the job information in Google can also reveal whether it has been taken from somewhere else.”

Iranian hackers

Twitter and Facebook also have problems with fake accounts but LinkedIn seems to be particularly attractive to hackers, said Mr O’Brien.

“It reveals the greater sophistication of cyber-criminals that they are prepared to play the long game by gaining information for future attacks in this way,” he said.

It is not the first time that researchers have pointed out the dangers of fake LinkedIn profiles.

In October, researchers from Dell’s counter-threat unit identified a network of at least 25 fake profiles that had links to over 200 legitimate ones, belonging to people working in defence, telecommunications, government and utilities.

The fake accounts were linked back to an Iran-based hacker group.

Article source: http://www.bbc.co.uk/news/technology-34994858#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa

Other Related posts:

  1. Medical devices attract hackers Image copyright Getty Images Image caption The researchers set up...
  2. Hackers target 250,000 Twitter users 2 February 2013 Last updated at 12:11 GMT Please turn...
  3. LinkedIn tests Chinese language site 25 February 2014 Last updated at 04:37 GMT LinkedIn is...
  4. Steam game service hit by hackers 11 November 2011 Last updated at 11:25 GMT Steam is...
  5. Hackers breach Evernote security 2 March 2013 Last updated at 18:34 GMT Evernote insists...