Over the last year, we have seen a growing number of incidents involving fake LinkedIn accounts targeting members of the business-oriented social networking service. We at Symantec worked with LinkedIn to take down some fake accounts that we had come across during our research. Boasting over 400 million users, LinkedIn is a prime target for scammers looking to connect with professionals in a variety of industries including Information Security and Oil and Gas.
Most of these fake accounts follow a specific pattern:
- They bill themselves as recruiters for fake firms or are supposedly self employed
- They primarily use photos of women pulled from stock image sites or of real professionals
- They copy text from profiles of real professionals and paste it into their own
- They keyword-stuff their profile for visibility in search results
Under the guise of a recruiter, these fake LinkedIn accounts have an easy entry point into the networks of real business professionals. Real recruiters already use the service as a way to find potential candidates. LinkedIn users expect to be contacted by recruiters, so this ruse works out in the scammers’ favor.
Fake profile photos
Many of these fake LinkedIn accounts use unoriginal photographs. Their profile photos were found on stock image sites, other LinkedIn profiles, or other social networking sites. We were able to confirm this by using reverse image search tools like TinEye and Google’s Search by Image.
Copy and pasted summary and experience
When reviewing these fake LinkedIn accounts, we observed that the text used in the Summary and Experience sections were usually lifted verbatim, though were sometimes modified, from real professionals on LinkedIn.
The fake LinkedIn accounts stuff their profiles with keywords like “Reservoir Engineer”, “Exploration Manager”, and “Cargo Securement Training” to gain visibility through the site’s built-in search functionality. During our investigation, we found recruiter accounts keyword-stuffing terms tied to the Logistics and Oil and Gas industries.
Goal: Mapping networks, future spam opportunities
The primary goal of these fake LinkedIn accounts is to map out the networks of business professionals. Using these fake LinkedIn accounts, scammers are able to establish a sense of credibility among professionals in order to initiate further connections.
In addition to mapping connections, scammers can also scrape contact information from their connections, including personal and professional email addresses as well as phone numbers. This information could be used to send spear-phishing emails.
LinkedIn advice: Be skeptical
Users of LinkedIn should be very skeptical of who they add to their network. If you’ve never met the person before, don’t just add them. We weren’t surprised to learn that these fake LinkedIn accounts received endorsements from real users.
Symantec lists down a few ways users can identify these types of accounts:
- Do a reverse-image search (e.g., tineye.com offers a browser plugin)
- Copy and paste profile information into a search engine to locate real profiles
If someone you know is already connected with one of these fake accounts, reach out to them and find out how they know them.
If you suspect that you’ve identified a fake LinkedIn account, you should report it.