Scammers Use Fake LinkedIn Contacts to Develop Spear Phishing Campaigns

recently, LinkedIn spear phishing scams have been discovered. Efforts are being made to gather information from LinkedIN that an be used against peoples – or organizations – to carry outhighly convincing spear phishing campaigns.

Spear phishing on the other hand is not random, like normal phishing. Individual victims are aimed for. Spear phishing campaigns are often very realistic, and emails are sent including data that is likely to triick a specific individual – or small group of individuals- into handing over passwords, login details, security codes or other data. These campaigns are also highly effective at making users to visit links to malicious websites, or open malware-infected email attachments.

In order to trick users into installing malware or hand over their sensitive information, those individuals must take a specific action unwittingly. To increase the chances of that happening, the criminals behind the campaigns need some nuggets of data. These could be gathered from social media websites. People hand over a wealth of information about themselves on Twitter and Facebook, and some leave their accounts open for anyone to view.

LinkedIn is similarly being used by cyber criminals to gather information about users, with the data gathered being utilized in future phishing and spamming campaigns. Data is gathered on users, and used to devise phishing emails including malicious software or links to malware-infected websites, or fake websites which trick users to handing over their sensitive details.  

LinkedIn Used by Hacker to Gather Sensitive Data

One of the most recent scams identified includes the creation of fake LinkedIn contacts. Accounts are created by hackers, and then used to make connections with people in similar sectors. Sadly, connecting with these individuals will permit them to obtain a wealth of information on you, such as your employment and education history, phone numbers and whatever data yo include on your profile. In many instances, you will be handing over your entire CV to a hacker by approving them as a contact. Fake LinkedIn contacts are now a major issue as they pose a big security risk.

This means that every contact must be reviewed and assessed before you agree to a making them a connection, and who has the time to do that?

How to Spot Fake LinkedIn Contacts: Tell Tale Indications

  1. No photograph has been added
  2. Stock Photographs Used
  3. Stolen Photographs Used

Many fake accounts have been established with the individuals claiming to be directors of businesses. By day, they are the CEO of two or three different firms, by night they supplement their income by producing internet porn (Images have been obtained from adult sites and used for LinkedIn). Unlikely perhaps, that CEOs would feel the need to do so.

Not all fake LinkedIn accounts seem to be suspicious. Many have a lot of contacts, and a realistic profile. However often times that data has been taken from other websites. Sometimes a photo will not have been used elsewhere on the Internet, but frequently the text has. One way of reviewing this is to cut and paste small section of their profile and pasting it in Google. It may show that the data has been copied from an authentic LinkedIn account or other social media site.

There are a number of reasons why hackers go to the trouble of developing fake LinkedIn contacts. Jackers can use LinkedIn to obtain email addresses. Criminals can gain data to begin phishing campaigns and information can be gathered to carry out identity theft. If a scammer can convince you they are authentic, they may create a fake job for you and get you to hand over some very sensitive data.

Of course the only way to be certain that you are not approving fake LinkedIn contacts is to only link up with people you know, but that kind of defeats the whole aim of the platform. it is smarter to complete a rudimentary ensure the person you are about to share information with is in fact authentic.

Link copied to clipboard
Photo of author

Posted by

Elizabeth Hernandez

Elizabeth Hernandez is a news writer on Defensorum. Elizabeth is an experienced journalist who has worked on many publications for several years. Elizabeth writers about compliance and the related areas of IT security breaches. Elizabeth's has a focus data privacy and secure handling of personal information. Elizabeth has a postgraduate degree in journalism. Elizabeth Hernandez is the editor of HIPAAZone. https://twitter.com/ElizabethHzone