No doubt you've received a LinkedIn invitation from someone you don't know -- or you're not sure you know. Next time, you might want to think a little harder before accepting.
Researchers from Dell SecureWorks Counter Threat Unit have identified a network of at least 25 well-developed LinkedIn profiles as part of a targeted social engineering campaign against individuals in the Middle East, North Africa, and South Asia. The fake profiles were linked to 204 legitimate profiles belonging to individuals working in defense, telecommunications, government, and utility sectors. A quarter of the victims worked in the telecommunications sector in the Middle East and North Africa. Fortunately, the fake profiles have already been removed from LinkedIn.
The fake network was created to help attackers target victims via social engineering. The group likely relied on the fact that people tend to trust people within their personal network and would be more likely to fall for a spear phishing email if it appeared to come from a fellow member. The victims would also be more likely to visit a website if a member of their network suggested it.
The network had eight leader profiles, with full (fake, of course) educational histories and detailed information about current and previous jobs. The remaining profiles form a supporting network for the six leaders to make the network seem legitimate. The profiles claimed to belong to employees at companies at major organizations, including defense contractor Northrop Grumman, technology firm TeleDyne, Malaysia's RHB Bank, and South Korean holding firm Doosan. Five of the leader personas claimed to be recruiters for Teledyne, Doosan, and Airbus, and the other three claimed to work for Doosan and Petrochemical Industries.
Dell SecureWorks was able to identify the profiles as being fake based on specific factors. For one, the supporter profiles weren't very well developed, as they all had just five connections and a simple description for one job. Some of the profile photos were found "elsewhere on the Internet associated with different, seemingly legitimate, identities," Dell SecureWorks said. One of the leader profiles appeared on several adult sites, for example. Several of the leader profiles also had text from genuine job advertisements copied into the job description fields.
Attackers have long used social networking as part of their reconnaissance activities. They cull personal information posted on these sites to craft targeted attacks that have a higher chance of succeeding. The fake LinkedIn profiles "significantly increase" the likelihood of these social engineering attacks paying off, researchers said.
SecureWorks listed the fake names and descriptions associated with the profiles in their report. If requests arrive from individuals with the same name, try to verify outside of LinkedIn the person is legitimate before accepting requests.
Sign up for CIO Asia eNewsletters.