Beware of strangers bearing gifts — or LinkedIn invites.
The Wall Street Journal reported Wednesday (Oct. 7 ) that cybersecurity experts have uncovered a “network of fake LinkedIn profiles” created by hackers based in Iran, with an eye on building a consortium of trusting victims with which to springboard into illegal activities.
[bctt tweet=”Beware of strangers bearing gifts — or LinkedIn invites.”]
The Iran-LinkedIn link was disclosed in a report issued by Dell SecureWorks. The malicious LinkedIn invites, a form of “social engineering” exploitation, help open the door for hackers to lure the unsuspecting social network contact into divulging personal information.
The Dell SecureWorks report offered up, by way of example, 25 fake profiles, which were connected to a further 200 legitimate LinkedIn profiles. Those 200 people, according to the Dell report, were mainly based in the Middle East and generally worked in sectors such as defense and telecom, where personal info or corporate info would be alluring to cyberthieves.
So, just who is behind the LinkedIn ploy? According to Dell SecureWorks, it may be the group that let loose malware last year that offered up fake résumé applications, which then opened the door for computers to be taken over and controlled remotely. In another connection between social engineering and Iran, there had been, at least allegedly, other attacks launched as a dedicated campaign against high-ranking U.S. officials who had been active on social media networks, including LinkedIn.
In reference to the latest ploy that Dell SecureWorks said on Wednesday originated from Iran, via LinkedIn, a spokeswoman for the social media company told WSJ that the fake profiles disclosed in the Dell SecureWorks report had been taken down and added that LinkedIn maintains a dedicated team charged with protecting its members from social engineering risks.
To check out what else is HOT in the world of payments, click here.