Scammers are using fake LinkedIn profiles to map out networks of business professionals to scrape contact information and later use these to send spear-phishing emails, security solutions firm Symantec disclosed on Monday.
LinkedIn is a prime target for fraudsters looking to connect with professionals across a variety of industries, including information security and oil and gas, according to a Symantec report. Symantec said that most of these fake accounts followed a specific pattern. They bill themselves as recruiters for fake firms or are supposedly self-employed and primarily use photos of women pulled from stock image sites or of real professionals.
"We were able to confirm this by using reverse image search tools like TinEye and Google's Search by Image," it said. Over the last year, Symantec said that it has seen a growing number of incidents involving fake LinkedIn accounts targeting members of the business-oriented social networking service. "We worked with LinkedIn to take down some fake accounts that we had come across during our research," the report said. Scammers copy text from profiles of real professionals and keyword-stuff their profile for visibility in search results, it added.
Symantec said that the primary goal of these fake LinkedIn accounts is to map out the networks of business professionals. Using these fake LinkedIn accounts, scammers are able to establish a sense of credibility among professionals in order to initiate further connections, it said. In addition to mapping connections, scammers can also scrape contact information from their connections, including personal and professional email addresses as well as phone numbers.