LinkedIn has become a prime target for hackers due to its popularity as a professional networking platform. Setting up fake LinkedIn accounts allows hackers to conduct various types of cybercrimes and scams. Here are some of the main motivations behind hackers creating fake LinkedIn profiles.
Conducting Social Engineering and Phishing Attacks
One of the primary reasons hackers set up fake LinkedIn accounts is to conduct social engineering and phishing attacks. By creating profiles that appear legitimate, hackers can connect with other users and gain their trust. Once a connection is made, the hacker can send messages containing malicious links or attachments to harvest login credentials or infect devices with malware.
Hackers often copy images and information from real profiles to make their fake profiles seem more authentic. They tend to target executives, managers, and other influential users who have access to sensitive company information. By posing as a coworker, recruiter, or other trusted contact, the hacker can trick the target into handing over valuable data.
Types of Attacks
- Spear phishing messages containing malicious links or files
- “LinkedIn connection” requests used to distribute malware
- Impersonation of coworkers or recruiters to obtain sensitive info
- Fake job offers and interviews to harvest credentials and financial data
Spreading Malware
In addition to phishing attacks, fake LinkedIn accounts may be used to spread malware such as spyware, ransomware, viruses, and more. This can be achieved by sending infected files or coercing targets to download malware by exploiting social engineering techniques.
For example, a fake account could message targets claiming a document or link needs to be opened for an “urgent business matter.” However, opening the file infects the victim’s computer and network. Hackers can then steal data, encrypt files for ransom, or hijack the target’s system resources.
Common Malware Spread Through Fake Profiles
- Spyware – Tracks keystrokes, activities, screenshots
- Ransomware – Encrypts files until ransom paid
- Trojans – Malicious software masked as legitimate
- Viruses – Self-replicates throughout networks and systems
Corporate Espionage
Fake LinkedIn profiles are commonly used for corporate espionage. By posing as headhunters, competitors, or other industry contacts, hackers can gather insider information about a company’s strategies, financials, intellectual property, and more.
Hackers may offer fake jobs to lure employees into divulging confidential data during mock interviews. Or they might impersonate a company’s own HR department to trick personnel into handing over sensitive internal documents and communications.
All of this data can then be leveraged by competitors to undercut, replicate, or sabotage a company’s plans and products. Fake accounts provide an anonymous avenue for evading security measures and extracting proprietary intel.
Types of Information Targeted
- Product specifications and roadmaps
- Source code, software, and other IP
- Customer lists and pricing
- Mergers, acquisitions, and investments
- Sales pipelines and order details
Reconnaissance for Other Attacks
Fake LinkedIn accounts are commonly used in the reconnaissance phase of a broader cyberattack. By connecting to employees, hackers can map out corporate org charts, collect insider information, and identify high-value targets for more advanced attacks.
This allows them to tailor spear phishing campaigns, malware distribution, and social engineering scams to specific individuals and departments. With insider information like job titles and responsibilities, hackers can precisely impersonate the types of contacts each target is likely to respond favorably to.
Fake accounts used for reconnaissance are carefully crafted to avoid suspicion while gathering as much useful intel as possible. This intelligence is aggregated into dossiers on the target company’s personnel, technologies, and security.
Types of Information Gathered
- Names, titles, and bios of key personnel
- Department names and responsibilities
- Internal jargon, acronyms, codenames
- Tech stacks, software, services, and vendors
- Organizational hierarchies and job functions
Circumventing Security Controls
Many cybersecurity protections focus on blocking risky IP addresses, domains, applications, and content. By creating fake LinkedIn accounts associated with benign profiles, hackers can bypass many of these controls.
For example, a corporate firewall may block any incoming connections from suspicious foreign IP addresses. But if the hacker sets up a fake profile and communicates using LinkedIn’s platform, their messages come from LinkedIn’s known, trusted servers instead of the hacker’s dubious IPs.
In essence, fake accounts allow hackers to “trojan horse” their attacks in via an approved domain. All the network traffic looks legitimate since it originates from a mainstream professional platform.
Security Layers Bypassed
- IP address blacklists
- Email domain filters
- Web application firewalls
- Anomaly detection systems
- Gateway antivirus scanners
Boosting Perceived Legitimacy
Beyond technical attacks, fake LinkedIn accounts can also establish credibility and legitimacy for social engineering scams. Profiles with dense connections, a long tenure, and positive engagement often appear more trustworthy.
Hackers will invest time gradually connecting with others and even posting benign content to make their personas seem genuine. Some may even mix in hacked real accounts to further mask their fake profiles.
When it comes time for a social engineering attempt, the target is more likely to comply with a request from an apparently established professional with 500+ connections versus a sparse, unknown profile.
Factors That Boost Perceived Legitimacy
- Active since a previous year like 2012
- 500+ connections
- Active engagement with other users
- Group memberships and volunteer history
- Awards, honors, and recommendations
Stealing and Selling Valuable Data
The data harvested via fake LinkedIn profiles can be incredibly valuable to hackers. Far beyond just enabling cyberattacks, this insider information can be sold to competitors, political groups, government agencies, and more.
High-level organizational charts, product designs, source code, customer lists, and financial models can command huge sums on black markets and dark web sites.
Fake accounts provide a reusable, anonymous platform for patient hackers to gradually extract this valuable corporate intel over time. The data can then be aggregated, packaged, and sold for profits, blackmail, or insider trading.
Most Valuable Data for Sale
- Source code
- Product specifications/roadmaps
- Merger & acquisition plans
- Financial statements/models
- Customer lists and order data
Establishing Trusted Fake Identities
Beyond short-term attacks, fake LinkedIn profiles can also be cultivated over years to build deep credibility. Hackers invest substantial time gradually connecting with others and posting content to appear trusted.
Over months or years, these fake identities become established professionals with extensive connections. This enhances their credibility for social engineering attacks and gathers intrinsic value as “trusted” personas.
Once deeply rooted, these fake accounts become invaluable assets. They can repeatedly be leveraged across different companies and targets while evading suspicion. Like a fine wine, they become more potent over time.
Cultivating a Fake Identity Over Time
Month 1 | Claim work history at reputable companies |
---|---|
Month 6 | Build out experience summaries and job details |
Year 1 | Connect with 300+ users in target industries |
Year 3 | Engage consistently with quality comments and posts |
Year 5 | Established professional persona with 500+ connections |
Conclusion
Fake LinkedIn accounts offer hackers an effective vector for cyberattacks and illicit data harvesting. By patiently building out fake personas, hackers can establish credibility to conduct sophisticated social engineering. These accounts bypass many technical defenses since they originate from LinkedIn’s approved platform.
Information gathered via fake profiles provides intelligence for ransomware, phishing, and corporate espionage. It can also be sold for profit on dark markets. Overall, LinkedIn’s popularity and business focus make it a prime environment for hackers seeking valuable data and access.
Companies must train employees to identify and report fake accounts. Robust cybersecurity defenses should include social media monitoring to detect imposters gathering intel. With vigilance and awareness, organizations can better guard against the threats posed by fake LinkedIn profiles aimed at infiltration.