Attackers have used hundreds of fake profiles on LinkedIn - many very convincing - to target professionals at companies in Saudi Arabia, not only for financial fraud, but to convince employees in specific roles to provide sensitive corporate information.
In a presentation at the Black Hat Middle East and Africa conference last month, researchers said they uncovered nearly a thousand fake profiles created with the aim of reaching out to companies in the Middle East, using well-connected synthetic identities.
The nearly 900 million users on LinkedIn from more than 150 countries make the platform a goldmine for attackers, containing extensive data on organizations and their employees.
Attackers can easily construct fake profiles that are difficult to distinguish from real people.
With generative AI's capabilities to create realistic synthetic profile images and more effectively translate into multiple languages, the profiles are getting even better.
As essentially a repository of crowdsourced information on workers, LinkedIn is increasingly valuable to cybercriminals and state-sponsored attackers, says Jon Clay, vice president of threat intelligence at cybersecurity firm Trend Micro.
LinkedIn: Popular Among Cyberattackers For targeted attacks, LinkedIn allows threat actors to gather information and then deliver fraudulent links and malware to credulous employees more effectively.
During the coronavirus pandemic, for example, LinkedIn scams targeted out-of-work users with malicious scripts.
In 2022, LinkedIn topped the list of brands used in social engineering attacks.
In the case of LinkedIn profiles targeting Saudi professionals, almost all of them appeared to be young women in their 20s with Muslim names, and usually they claimed to work in Southeast Asia, often India, according to the STC investigations.
The researchers encountered a number of types of schemes that used LinkedIn profiles.
Finally, the fake profile was often its own product, and the scammer would attempt to sell access to high-quality LinkedIn accounts, STC's Khan says.
Other attacks include enhancing phishing by using LinkedIn smart links that appear to link to a legitimate website, but actually redirect to an attacker-controlled site, which - according to email security firm Cofense - is the No. 1 way that LinkedIn is being abused.
Companies Need Specific LinkedIn Policies The spear-phishing campaigns underscore the dangers posed by employees oversharing information on the LinkedIn social network, and serve as a reminder to consider from whom they accept connections.
LinkedIn began combating fake profiles in earnest in late 2021, taking down 11.9 million fake accounts during registration and another 4.4 million that the service identified on its own, according to a Trend Micro report on LinkedIn threats.
LinkedIn could be doing more, such as giving users more tools to manage their contacts and connections, that could help them improve their security posture, Trend Micro's Clay says.
While LinkedIn has done a lot to harden the platform, especially against data scraping, having exceptions for verified researchers - allowing them to do deep searches, for example - could improve the security of the platform.
Companies should turn on the LinkedIn feature that verifies any user who claims to be an employee of the company.
Companies should also create a specific LinkedIn policy, and consider giving employees guidance to not share business email publicly, beware of clicking shortened links, and limit mentions of specific internal company names and technologies.
Finally, employees need to be trained to report fake LinkedIn profiles, not just be able to identify them, says STC's Khan.
This Cyber News was published on www.darkreading.com. Publication date: Mon, 11 Dec 2023 21:25:15 +0000