LinkedIn users being warned of ‘catfish’ profile scammers

4 Dec 2015

It seems even LinkedIn can’t escape the armies of spammers that exist online, with hundreds of fake accounts being created on a daily basis.

While spammers have usually targeted the more popular social media services like Facebook to create fake profiles with the aim of ‘catfishing’ someone to give up their financial details, it now seems that they’ve just copped on to the fact wealthy business people exist on LinkedIn.

According to Symantec’s latest blog post, the online security company has helped the networking site control the numbers of spam accounts, which are mostly targeting people employed in the security and oil and gas industries.

As it turns out, though, all the spam accounts follow a very similar pattern whereby they pretend to be recruiters for fake firms or self-employed people, who aim to entice people to add them as a connection by using photos of women pulled from stock image sites.

Of course, Google reverse image search is not their friend, with a quick click-and-drag of the photo into Google Images revealing that it is obviously a stock image used time and time again on various websites.

LinkedIn copying and pasting

An example of where a spam account has copied and pasted someone else’s profile. Image via Symantec

Likewise, they don’t even have a complicated system when it comes to filling out the profile, deciding that it’s not worth their time to generate seemingly original details, rather they copy and paste from one profile into theirs with an occasional change thrown in here or there.

From Symantec’s research, however, the key to their attempts at pulling in bait lies in the use of keywords including “Reservoir Engineer”, “Exploration Manager”, and “Cargo Securement Training” ad nauseam.

“The primary goal of these fake LinkedIn accounts is to map out the networks of business professionals,” Symantec said. “Using these fake LinkedIn accounts, scammers are able to establish a sense of credibility among professionals in order to initiate further connections.

“In addition to mapping connections, scammers can also scrape contact information from their connections, including personal and professional email addresses as well as phone numbers. This information could be used to send spear-phishing emails.”

Symantec’s advice? Don’t add connections that are clearly fake and use reverse image search functions like the one provided by Google to double-check.

Casting a net image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic