Sexy sock puppets seduce security suckers

Eager types 'endorse' LinkedIn infosec probers wearing models' photos as avatars

Phishers have been targeting security researchers with fake LinkedIn profiles built on re-purposed photos of models and company logos, according to F-Secure hacker Sean Sullivan (@5ean5ullivan).

The threat-finding bod said that would-be recruiters, linked to a network of phoney cryptographers and security types, were successfully gaining an entry point into infosec circles by tricking researchers into connecting with fake LinkedIn profiles under their control.

"Multiple LinkedIn accounts recently targeted numerous security specialists in an attempt to map their social graphs," Sullivan said.

"Several of our researchers received these LinkedIn invitations themselves."

One fake LinkedIn recruiter profile working for "Talent Src" re-purposed the logo for an online Indian education company and pinched an image of what appeared to be beauty blogger, Rivka Dic.

That since-altered profile contained skills like malware reverse-engineering and forensics, and was connected to a string of would-be security profiles and had received endorsements from tricked security researchers.

The scammers' intention was unclear but assumed to be an information reconnaissance mission.

Connecting with researcher profiles would help attackers map relationships between targets, view otherwise hidden personal information, and potentially open lines of communication through which valuable data may be disclosed.

Cursory reverse image searches reveal the woman's likeness had been used for many LinkedIn profiles.

The name of a fake profile appeared to change after connections had been confirmed in what may be a bid to frustrate friend removal by hiding within a victim's many LinkedIn connections.

LinkedIn fake profiles are not as benign as it may seem to hardened security minds. Penetration testers have routinely used fake profiles to connect with security bods at a client organisation to help them build a solid social engineering base known as a pretext.

In 2012, security firm Symantec detailed how LinkedIn love rats were spamming smokey-eyed victims with premium SMS spam messages after connections were made.

Profiles can contain valuable information, too. This year transparency bods gleaned information on intelligence operations like the infamous X-Keyscore from some 27,000 blathering LinkedIn spooks. ®


Biting the hand that feeds IT © 1998–2017