LinkedIn has become one of the major targets for hackers to connect with people using fake accounts. The main objective of the hackers, who seek to connect with professionals from industries including information security, oil and gas, is to map out the networks of business professionals.
Security firm Symantec, which had worked in conjunction with LinkedIn to remove the fake accounts, observed that the fake accounts follow a similar pattern. They usually pose themselves as recruiters of some firms that might not exist or as self-employed. Being a recruiter, the hackers get a passway to access the networks of the real business professionals.
Another behaviour common among the fake accounts is the use photos of women from stock image sites or real professionals. Their profile photos were found on stock image sites, LinkedIn profiles or from the social networking sites. "We were able to confirm this by using reverse-image search tools like TinEye and Google's Search by Image," says Symantec. To make their profile real and attractive, the fake accounts run the same texts found in the Summer and Experience section of the real professionals.
Another common trait is their profile is rich with keywords such as reservoir engineer, exploration manager and cargo securement training to gain visibility through the built-in search functionality of LinkedIn. "During our investigation, we found recruiter accounts keyword-stuffing terms tied to the Logistics and Oil and Gas industries," notes the security firm.
What should you do to protect yourself?
- Be wary of the new connections you add into your network.
- If you get request from a user who you find is completely unknown to you, do not add them.
- Genuine users fail to recognise and endorse the accounts of fake LinkedIn users. Make sure that you are not one among them.
"We investigate suspected violations of our Terms of Service, including the creation of false profiles, and take immediate action when violations are uncovered," LinkedIn told BBC in its response about the fake accounts.
"We have a number of measures in place to confirm authenticity of profiles and remove those that are fake. We encourage members to utilise our Help Center to report inaccurate profiles and specific profile content to LinkedIn."
While other social networks such as Twitter and Facebook have the same problems with fake accounts, hackers target LinkedIn in particular in pursuit of their prey.
"It reveals the greater sophistication of cyber-criminals that they are prepared to play the long game by gaining information for future attacks in this way," said Dick O'Brien, a researcher at Symantec.
How to trace fake accounts out
There are a few ways you can trace out these accounts. Use TinEye browser plugin to cross check the images from the suspicious account. Alternatively, copy the profile information and paste it into a search engine to spot the real profile. If you have identified a fake account, head over to the LinkedIn site to report the profile.