Scammers, hackers use fake LinkedIn profiles to target users

Update on August 16, 2022: Added LinkedIn spokesperson's statement in response to our queries.

On Sunday, Changpeng Zhao, the chief executive of global cryptocurrency exchange Binance posted a tweet saying there are 7,000 profiles of “Binance employees” on LinkedIn, but only 50 of those were real.

Zhao, however, is hardly the only one who has found such profiles on the professional networking site. Over the past year, numerous reports from cyber security firms, and even advisories from government bodies, have highlighted how uncontrolled fake profiles on LinkedIn have led to various scams. These include cryptocurrency scams, fake job postings, identity theft, phishing attacks, misleading marketing campaigns, and so on.

At Black Hat 2022, a cyber security conference in the US that ended on 1 1 August, Allison Wikoff, director of global threat intelligence at consultancy firm PricewaterhouseCoopers (PwC), said state-sponsored hacking groups have been taking to LinkedIn to target a growing range of users for various purposes. While some, such as North Korea’s Black Alicanto hacking group is targeting the global crypto community to steal tokens, Iran’s Yellow Dev 13 and Charming Kitten are accused of identity theft and espionage.

All of them have one common modus operandi—fake profiles on LinkedIn.

These groups deploy a range of tactics to appear as actual employees of genuine companies. For instance, Yellow Dev 13 used artificial intelligence-generated faces to create employee profiles of trainers and recruiters of companies that did not exist. In March, a research project by Stanford Internet Observatory found that the use of AI to generate facial profiles, which are then used to create dubious profiles on LinkedIn, is an increasingly common affair.

So much, that in April, cyber security firm Check Point Research’s Brand Phishing Report for Q1 CY22 found that LinkedIn was the most used platform used to spread phishing attacks around the world—with 52% of all phishing attacks tracked by Check Point during this period seeing LinkedIn being used as a platform to scale such attacks.

In response to Mint, a LinkedIn spokesperson said that the company does a "very clear" enforcement of its policies. "Fraudulent activity including fake accounts or false information is not allowed on LinkedIn. We work everyday to keep our members safe, and this includes investing in automated and manual defenses, coupled with human reviewers and member reporting, to detect and address fraudulent activity," the spokesperson added.

However, LinkedIn's statement does not explain if it plans to enforce any process to prevent users from adding company names to their work experiences without any verification process.

“These attacks are extremely common — not just on LinkedIn, but literally on all social platforms,” said Sandip Panda, founder and chief executive of Indian cyber security firm, Instasafe. He said that such attacks are classified as "social engineering baits" that leverage a "lack of awareness among users".

Omer Dembinsky, data research group manager at Check Point, said the rise of such phishing attacks are “attacks of opportunity”—and hackers primarily rely on the scale of impersonation to convince their victims.

According to data from LinkedIn's transparency reports published earlier this year, it banned nearly 32 million user accounts and removed over 137 million spam or scam posts in 2021. As of writing, the platform claims to have over 830 million users around the world.

Panda added that with LinkedIn being geared as a professional platform, it is even more effective for scammers to target it since it already has a layer of “perceived trustworthiness” among users.

In response to this, global law enforcement agencies have also begun to take notice of LinkedIn’s use as a medium to distribute scams. In June, Sean Ragan, a special agent with the US Federal Bureau of Investigation (FBI) told CNBC that LinkedIn has become a “significant threat‘’ to cyber security, particularly in the cryptocurrency field. In this, hackers typically gain a user’s trust over a span of months by offering investment advice and crypto trades through legitimate exchanges.

Once such trust is established, the hackers convince victims to transfer their funds to a fraud exchange or wallet that is controlled by these attackers — and subsequently disappear with the transferred funds.

LinkedIn, on its part, stated in its bi-annual Community Report published on 2 June, that it uses a mix of AI-driven content and profile filtering, as well as human curation, to ban fake accounts, and scam and spam posts, from the platform.

However, despite LinkedIn’s filtering, the presence of scammers appears to be quite widespread. Granit Mustafa, founder of crypto news and education platform Crypto Academy, highlighted in response to Binance’s Zhao’s tweet that on top of unverified users impersonating companies, companies themselves do not have any way to remove or stop employees from using their name on the platform.

Instasafe’s Panda added that the only recourse that a company like LinkedIn can have in response to the rise in social engineering attacks is to “raise the bar” for user verification and authentication. “Establishing a recurring and frequent process to authenticate users with verified IDs is another way to start cracking down on the growth of fake accounts,” he said.