Earlier this month, security researchers with Dell SecureWorks Counter Threat Unit published a report titled ‘Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles.’ The report, which is available online, details how hackers believed to be operating out of Iran as a part of a group designated as Threat Group-2889 established multiple fake profiles on LinkedIn to build up a network of accounts used to lure victims in. Whether this was just an elaborate plot designed to deliver malware disguised as a resume application to victims, or to go deeper, is yet to be determined, but there are some alarming trends that may mean big things are afoot.
With five or more primary accounts created, and another twenty set up in “supporting” roles, the intricacy of this group is fairly impressive. The five accounts the Dell CTU designate as leader accounts have very well-developed online profiles, some with over five hundred connections, and various endorsements from the twenty supporting roles. The gist of this “network” appears to be targeting users in the US, UK, Israel, India, Pakistan, and numerous Middle-Eastern countries, with fake companies from oil, heavy industry, and defense. Companies that the group appears to be faking profiles for include Teledyne, Doosan, and Northrop-Grumman.
During the CTU’s research, they observed some of the primary or leader accounts updating names and companies, which is interesting to note that LinkedIn allows users to do that, without changing their profile’s past or connections. It seems you can create a profile, and use it with a number of aliases all the while appearing to be legitimate.
The write-up from Dell Secure Works (linked above) is an interesting read, and well worth your time if you are interested in the anatomy of a large-scale social engineering hack. But even if you are not, here are some tips to help you protect yourself from being a victim, or being used to hunt other targets, on LinkedIn.
1. Don’t let others see your connections
Set viewing of your connections from “your connections” to “only you.” That way, if one of your connections’ account is compromised, or you perhaps accept invites from just about anyone who asks, you aren’t opening up your other connections.
Go to Privacy and Settings, click on Profile and choose “Select who can see your connections.”
2. Don’t overpost on LinkedIn
Sure, you may be excited about the new project you’re working on, but consider what you are posting on LinkedIn. You don’t want to overshare and reveal things your company is not ready to go public about.
3. Stay anonymous with third-party applications
This is LinkedIn, not Facebook, so it seems a little disappointing that there are apps in LinkedIn, let alone that you might have your personal information shared with them.
Go to Privacy and Settings, then into the Groups, Companies and Applications settings and click “Turn on/off data sharing with applications.” By default, this is on.
4. Beware of random requests to connect
Unless you are a recruiter or are known as a hiring manager, be wary of requests to connect from people you do not know. You’re not that popular. Well, maybe you are, but if someone from another country and working for a company you’ve never dealt with asks to connect with you, ponder what their motivations are before clicking “Accept.”
5. Verify any recruiters and job offers
Lots of recruiters use LinkedIn InMail to reach out to job seekers or potential candidates. Since the email is generated by LinkedIn, you cannot simply look at the headers to see if it comes from the purported sender or their company, so do some homework to make sure anything you get unexpectedly is legitimate before you start providing PII.
LinkedIn is a great self-marketing tool, but it’s not a popularity contest, and if you are not careful, it can quickly become a source of great information about you that can be used to phish you, or others. As with anything online, it can be used for both good and evil, and it’s up to you to protect yourself.