Scammers using fake LinkedIn profiles to hack professional networks

Online scammers are posing as career recruiters on LinkedIn to scrape email addresses and other contact information for use in phishing campaigns, security researchers say.

{mosads}“Under the guise of a recruiter, these fake LinkedIn accounts have an easy entry point into the networks of real business professionals,” the security firm Symantec writes in a blog post this week.

LinkedIn, the social media platform for business connections, boasts over 400 million users, making it “a prime target for scammers looking to connect with professionals in a variety of industries,” including information security and oil and gas, Symantec says.

The primary goal of the fake accounts is to map out the networks of business professionals, the firm says. Using these profiles, scammers can establish a sense of credibility in order to further their networks and collect more information.

The fake accounts use stock profile photos or images stolen from other social media sites. The Summary and Experience sections in the fake account profiles are typically lifted verbatim from real professionals on LinkedIn.

Scammers also cram their profiles with searchable keywords to gain visibility. Symantec found recruiter accounts with keyword terms tied to the logistics and oil and gas industries.

In October, Dell reported that it was tracking an Iran-based group that had created “convincing profiles from a self-referenced network of seemingly established LinkedIn users” in order to  “target potential victims through social engineering.”

In September, some senior security researchers noted that they were being targeted in a similar campaign.