Users of the business social network LinkedIn are being targeted by scammers, according to Symantec, which has discovered a number of fake profiles.
The security firm’s investigation revealed a growing number of incidents involving these fake LinkedIn profiles, and it has warned users to be very sceptical of who they add to their network.
Symantec said it has worked with LinkedIn to take down some fake accounts that were uncovered during its research.
So what are the scammers hoping to gain? Well it seems that once a connection is established to an unsuspecting victim, the scammers attempt to gather as contact information (phone numbers, emails etc) from users as possible. This information can then used to send spear-phishing emails for example.
“Boasting over 400 million users, LinkedIn is a prime target for scammers looking to connect with professionals in a variety of industries including Information Security and Oil and Gas,” wrote Symantec’s Satnam Narang.
“The primary goal of these fake LinkedIn accounts is to map out the networks of business professionals,” he said. “Using these fake LinkedIn accounts, scammers are able to establish a sense of credibility among professionals in order to initiate further connections.”
So both Symantec and LinkedIn are offering users the following advice…be very sceptical.
“Users of LinkedIn should be very sceptical of who they add to their network,” said Narang. “If you’ve never met the person before, don’t just add them. We weren’t surprised to learn that these fake LinkedIn accounts received endorsements from real users.”
A Russian hacker had acquired password hashes, cracked many of them and posted them on a Russian website. Following the breach, LinkedIn announced “a long-planned transition” to a password database system that both hashes and salts the passwords, to provide a double-layer of security.
The social network also apologised and enlisted the help of the FBI in the matter, but that did not stop a class action lawsuit. The social network paid $1.25m (£810,000) to settle the legal claim earlier this year.
In late 2010, LinkedIn (and others) asked their users to change their passwords, after a data breach at online publisher Gawker Media resulted in about 200,000 login details being compromised.
Are you a security guru? Try our quiz!
AI push sees Alphabet's Google saying it will consolidate its AI teams in its Research…
Beijing orders Apple to pull Meta's WhatsApp and Threads from its Chinese App Store over…
Key milestone sees Intel Foundry assemble ASML's new “High NA EUV” lithography tool, to begin…
Oracle's huge AI, Cloud investment in Japan will meet growing local demand and address digital…
People who create sexually explicit ‘deepfakes’ of adults will face prosecution under a new law…
Protest at cloud contract with Israel results in staff firings, in addition to layoffs of…