Security analyst, Pierlugi Paganini explains that the “exploitation of social networks for intelligence gathering, especially professional social media like LinkedIn, is a common practice of threat actors.” The perpetrators gain users trust by having a seemingly credible recruitment profile, including a picture and links to other platforms such as Twitter or Facebook.
Isight Partners suggests that these “credible persona’s, often those of attractive women, connect with their victims to gain access to all of their information. The purpose of hacking into these social profiles is not yet known, but is thought to be an attempt to map people’s social graphs, to extort money out of users, as well as for spying on company secrets, particularly those involved in government or political positions.
Client recruitment specialist Karan Kapil Kella, advises those looking for jobs on social platforms should confirm the companies details via Google, as well as to be aware of any “recruiters” promising big jobs with well-known companies that sound too good to be true. The same can be said if you ever receive an email asking for a deposit, or any type of funds to secure a position in a company; it should be deleted and reported as spam. If you think you are being scammed, visit the recruiter’s Twitter profile, those with very few followers, and an egg as their profile picture are sure signs of a fake account.
Once you have connected and interacted with these fake recruiters, it can be difficult to trace them and delete them. They often change their profile picture within a few days and trying to find them in your list can be tricky, particularly if you have a lot of LinkedIn connections. Have you been approached by any fake recruiters? We’d like to hear about it.
***Sources***
Pierlugi Paganini- LinkedIn Intelligence
Karan Kapil Kella- Client recruitment specialist
Sean Sullivan- F-Secure news from the lab