NEW DELHI : On Sunday, Changpeng Zhao, the chief executive of global cryptocurrency exchange Binance posted a tweet saying there are 7,000 profiles of “Binance employees” on LinkedIn, but only 50 of those were real.
Zhao, however, is hardly the only one who has found such profiles on the professional networking site. Over the past year, numerous reports from cyber security firms, and even advisories from government bodies, have highlighted how uncontrolled fake profiles on LinkedIn have led to various scams.
These include cryptocurrency scams, fake job postings, identity theft, phishing attacks, misleading marketing campaigns, and so on.
At Black Hat 2022, a cyber security conference in the US that ended on 1 1 August, Allison Wikoff, director of global threat intelligence at consultancy firm PricewaterhouseCoopers (PwC), said state-sponsored hacking groups have been taking to LinkedIn to target a growing range of users for various purposes.
While some, such as North Korea’s Black Alicanto hacking group is targeting the global crypto community to steal tokens, Iran’s Yellow Dev 13 and Charming Kitten are accused of identity theft and espionage.
All of them have one common modus operandi—fake profiles on LinkedIn.
These groups deploy a range of tactics to appear as actual employees of genuine companies.
For instance, Yellow Dev 13 used artificial intelligence-generated faces to create employee profiles of trainers and recruiters of companies that did not exist.
In March, a research project by Stanford Internet Observatory found that the use of AI to generate facial profiles, which are then used to create dubious profiles on LinkedIn, is an increasingly common affair. So much, that in April, cyber security firm Check Point Research’s Brand Phishing Report for Q1 CY22 found that LinkedIn was the most used platform for spreading phishing attacks around the world—with 52% of all phishing attacks tracked by Check Point during this period seeing LinkedIn being used as a platform to scale such attacks.
LinkedIn did not respond to email queries till press time.
“These attacks are extremely common—not just on LinkedIn, but literally on all social platforms,” said Sandip Panda, founder and chief executive of Indian cyber security firm, Instasafe. He said that such attacks are classified as “social engineering baits” that leverage a “lack of awareness among users”.
Omer Dembinsky, data research group manager at Check Point, said the rise of such phishing attacks are “attacks of opportunity”—and hackers primarily rely on the scale of impersonation to convince their victims. According to data from LinkedIn’s transparency reports published earlier this year, it banned nearly 32 million user accounts and removed over 137 million spam or scam posts in 2021. As of writing, the platform claims to have over 830 million users around the world.
Download The Mint News App to get Daily Market Updates & Live Business News.