Report: LinkedIn Flooded With Fake CISO Profiles


LinkedIn has been targeted with a wave of fake profiles for chief information security officer (CISO) positions at the world’s biggest companies.

As Brian Krebs of Krebs On Security reported Thursday (Sept. 29), the “Who?” and the “Why?” behind the fake profiles are unclear, although they have begun to confuse search engines.

For example, Krebs writes, a search for the CISO at Chevron, leads people to a person named Victor Sites, whose profile places him in Westerville, Ohio. The real Chevron CISO is named Christopher Lukas.

When Krebs searched on Thursday, Sites was the first result returned. (When PYMNTS did the same search Friday morning, Lukas had regained his rightful place at the top, with Sites just below him in the results.)

LinkedIn has said its policies “prohibit fake profiles and require that members are real people who represent themselves accurately and contribute authentically,” according to the company’s transparency report, published earlier this year.

The report says LinkedIn’s automated defenses blocked 96% of the more than 15 million fake accountants stopped between July 1 and Dec. 31 of last year.

See also: Fake Social Profiles Blur Line Between Scamming, Legitimate Marketing

In the same report for the first half of last year, the automated defenses caught 97% of the fake accounts stopped by LinkedIn. More than 11 million attempts were detected and blocked at registration, while nearly 86,000 were restricted after being reported by members, and 3.7 million suspect accounts were restricted proactively.

PYMNTS reported in March that the digital shift and connected economy have given rise to the use of artificial intelligence (AI) to create convincing deepfakes of employees — or even whole companies.

Making matters worse is the belief that some of this activity comes from legitimate companies using well-crafted bot profiles to scale lead-generation efforts at low cost. Distinguishing between real and fake profiles is difficult.