Advertisment

Have you accepted any friend request on LinkedIn of late?

Scammers are copying information from real LinkedIn profiles to pose as recruiters and attract new connections

author-image
Sonal Desai
New Update
ID

MUMBAI, INDIA: Scammers are on a prowl, and these days, they are targeting unsuspecting LinkedIn users.

Advertisment

According to a new Symantec survey, scammers copy information from real LinkedIn profiles to pose as recruiters and attract new connections.

Over the last year, there has been a rise in the number of incidents involving fake LinkedIn accounts targeting members of the business-oriented social networking service. With more than 400 million users, LinkedIn is a prime target for scammers looking to connect with professionals in a variety of industries including Information Security and Oil and Gas, the study notes.

As per the report, most of these fake accounts follow a specific pattern:

Advertisment

•    They bill themselves as recruiters for fake firms or are supposedly self employed

•    They primarily use photos of women pulled from stock image sites or of real professionals

•    They copy text from profiles of real professionals and paste it into their own

Advertisment

•    They keyword-stuff their profile for visibility in search results

The modus operandi:
Recruiters: Under the guise of a recruiter, the fake LinkedIn accounts have an easy entry point into the networks of real business professionals. Real recruiters already use the service as a way to find potential candidates. LinkedIn users expect to be contacted by recruiters, so this ruse works out in the scammers’ favor.

Fake profile photos: Many of these fake LinkedIn accounts use unoriginal photographs. Their profile photos were found on stock image sites, other LinkedIn profiles, or other social networking sites. Confirmations were obtained by using reverse image search tools like TinEye and Google’s Search by Image.

Advertisment

Copy and pasted summary and experience: When reviewing these fake LinkedIn accounts, we observed that the text used in the Summary and Experience sections were usually lifted verbatim, though were sometimes modified, from real professionals on LinkedIn.

Keyword-stuffing profiles: The fake LinkedIn accounts stuff their profiles with keywords like Reservoir Engineer, Exploration Manager and Cargo Securement Training to gain visibility through the site’s built-in search functionality.

Goal: Mapping networks, future spam opportunities: The primary goal of these fake LinkedIn accounts is to map out the networks of business professionals. Using these fake LinkedIn accounts, scammers are able to establish a sense of credibility among professionals in order to initiate further connections.

Advertisment

In addition to mapping connections, scammers can also scrape contact information from their connections, including personal and professional email addresses as well as phone numbers. This information could be used to send spear-phishing emails.

Steps to safeguard you:
•    Be very sceptical of who you add to your network.
•    If you’ve never met the person before, don’t just add them.

Symantec lists down a few ways users can identify fake accounts:
•    Do a reverse-image search (eg, tineye.com offers a browser plugin)
•    Copy and paste profile information into a search engine to locate real profiles
•    If someone you know is already connected with one of these fake accounts, reach out to them and find out how they know them.
•    If you suspect that you’ve identified a fake LinkedIn account, you should report it.

linkedin must-read security tech-news symantec