Fakes, Frauds and Phishing – How Fake LinkedIn Contact Requests are Used to Fuel Attacks!

Posted by Geraldine Hunt on Wed, Jul 15th, 2015

As one of the most popular professional online networks, LinkedIn is being used by scammers to amass data for future phishing and identity theft type attacks. Once the data is collected the scammers then either infect your computer with malicious software or steal your personal information. One common scam is an email inviting you to connect with another LinkedIn member where their account is in fact fake. As if we weren’t busy enough, there’s the added  hassle of reviewing the every increasing daily collection of these LinkedIn invitations.

Stock Photos

Here’s just a small sample of the invitations that have been making the rounds.It’s disappointing: you’d think you could trust LinkedIn premium members to be real people, but this photo is for sale all over the Internet. Of course, it’s always possible that this is perfectly legit.  Maybe Michael was a model before becoming a research associate. 

The photo below is also all over the Internet, and the gentleman’s name seems to be Vitali Klichko, or Klitschko. He is, in fact, a famous boxer and the mayor of Kiev.

Multiple Identities & Several Jobs

It’s hard to see how this man could have two identities and live in both Austin and the Ukraine (with the same clothes!).

But this woman pulls off a feat that might be even more difficult.  This photo can also be found all over the Internet, on—ahem—sites that are  not suitable / safe for work (NSFW). But that’s not all. While she’s not posing on the Internet, look at the jobs this woman holds. This talented woman is a director at three different companies simultaneously. Even more impressive, she does all this directing while living in Willcox, Arizona, which has a population of around 3000 people. Maybe all these companies have branches in Willcox because Mary is just so amazing.

Perhaps not as amazing as Anna. Anna’s photo is also on hundreds of NSFW sites.  She’s probably the only programmer in North Dakota who moonlights on Internet porn sites in her spare time. 

Not All Fake Accounts Look Suspicious

Anna is so busy that she sometimes forgets her own name.  Under “New project in Dubai” (this programmer based in North Dakota  is advertising jobs in Dubai?)  she gives her contact information, and her name, mysteriously, has changed. You’d almost suspect that this is a very sloppy cut-and-paste job, and that the text has been lifted from someone else’s profile.

Yes, there seem to be an incredible number of fake accounts on LinkedIn, but not all of them even look suspicious. A few weeks ago there was an invitation making the rounds from a gentleman with a very impressive LinkedIn profile. A little investigation revealed that it was an exact copy of someone else’s profile with the name changed just slightly. 

What is the attraction of creating fake people on LinkedIn? Collecting email addresses to spam—and to sell to spammers--seems to be the primary attraction. There’s also the scary possibility of these scammers being able to gather enough information to pull off identity thefts and advanced phishing attacks. 

Scammers are also creating fake or semi-fake business profiles. For instance, a sole-proprietor company has a stock photo of four people sitting around a conference table on its “About” webpage. Someone—the owner?—is creating fake LinkedIn IDs using the faces of the people in the stock photo, presumably so that it looks as if he has these totally fictitious people working for him. This may be simply an attempt to make his company look more impressive, but fake LinkedIn companies can be as dangerous as phony individuals. Fake companies that create fake jobs can—and do--collect all kinds of data from applicants.   

Recognising a Fake Linkedin Account

There’s lots of information online about how to recognize a fake LinkedIn ID, and sometimes it’s fairly easy, unless you’re inclined to believe that a well-known Ukrainian boxer is also a mental health worker in Austin.

There are warning signs:

• no photo
• a stock photo
• contact information that doesn’t match the name
• job history that makes no sense or is practically non-existent

The only way to be perfectly safe is to only accept invitations from people you know. You can research an invitation until you’re sure it’s legitimate, but be aware—there’s always a certain amount of risk in accepting an invitation from a stranger.    

Take our Security Training Awareness Quiz