Fake recruiters on LinkedIn spy on security experts

Pierluigi Paganini September 05, 2015

Security researchers have uncovered a group of fake recruiting accounts on LinkedIn used for intelligence gathering about security experts.

A group of fake recruiter accounts is abusing the LinkedIn professional social network to send invitations to security professionals in various industries. The fake recruiters attempt to deceive targets usually by using a LinkedIn profile with a picture of an attractive woman.

The security professionals targeted in the campaign might receive multiple recruitment invitations per day from the group.

The alarm was raised by the expert Yonathan Klijnsma at Fox-IT security firm a few weeks ago, later the Security Advisor from F-Secure Sean Sullivan analyzed in detail the bogus LinkedIn accounts used by the group. Sullivan discovered that they belong to individuals supposedly working for Talent Src (Talent Sources).

talent-src LinkedIn fake recruiters 2

The bogus accounts used images of a number of legitimate LinkedIn accounts or picture took from Instagram.

Sullivan noticed that the logo of the company Talent Scr was also a fake, it seems that the same bogus company has used Twitter account that hasn’t been updated since January and that posted just two tweets.

Which is the goal of the fake recruiting group?

The threat actor behind the group is trying to map the network of connections of cyber security experts.

The exploitation of social networks for intelligence gathering, especially professional social media like LinkedIn, is a common practice of threat actors.

A few months ago, researchers from iSIGHT Partners uncovered a group of Iranian hackers who was using more than a dozen fake profiles to infiltrate social networking websites with cyber espionage purpose.

“These credible personas then connected, linked, followed, and “friended” target victims, giving them access to information on location, activities, and relationships from updates and other common content,” iSIGHT Partners explained.

Iranian spies used a network of fake accounts (NEWSCASTER network) on principal social media to spy on US officials and political staff worldwide, as reported in the analysis published by iSIGHTPartners.

Pierluigi Paganini

(Security Affairs – LinkedIn, intelligence)

you might also like

leave a comment