New Delhi : On Sunday, Changpeng Zhao, chief executive of global cryptocurrency exchange Binance, posted a tweet saying that there are 7,000 profiles of “Binance employees” on LinkedIn, but only 50 of them were genuine.
However, Zhao is hardly the only one who has found such profiles on a professional networking site. Over the past year, several reports from cyber security firms and even advice from government bodies have shed light on how unchecked fake profiles on LinkedIn have led to various scams.
These include cryptocurrency scams, fake job postings, identity theft, phishing attacks, deceptive marketing campaigns, etc.
At Black Hat 2022, a cybersecurity conference in the US that ended on August 1, Alison Wickoff, director of global threat intelligence at consultancy firm PricewaterhouseCoopers (PwC), said state-sponsored hacking groups are taking to LinkedIn to target the growing threat. are going. range of users for different purposes.
While some, such as North Korea’s Black Alicanto hacking group, are targeting the global crypto community to steal tokens, Iran’s Yellow Dev13 and Charming Kitan are accused of identity theft and espionage.
They all have a common modality – fake profiles on LinkedIn.
These groups employ a variety of gimmicks to appear as genuine employees of real companies.
For example, Yellow Dev 13 used artificial intelligence-generated faces to create employee profiles of trainers and employers from companies that did not exist.
In March, a research project by the Stanford Internet Observatory found that the use of AI to create facial profiles, which are then used to create suspicious profiles on LinkedIn, is an increasingly common case. So much so, in April, cyber security firm Check Point Research’s Brand Phishing Report for Q1 CY22 found that LinkedIn was the most commonly used platform for spreading phishing attacks worldwide — tracked by Check Point during the period. With 52% of all phishing attacks conducted. LinkedIn is being used as a platform to mount such attacks.
LinkedIn did not respond to email queries by press time.
“These attacks are extremely common—not just on LinkedIn, but literally across all social platforms,” said Sandeep Panda, founder and chief executive of Indian cyber security firm InstaSafe. He said such attacks are classified as “social engineering fodder”. Take advantage of the “lack of awareness among users”.
Check Point’s data research group manager Omar Dembinski said the rise of such phishing attacks are “attacks of opportunity” — and hackers primarily rely on the scale of impersonation to convince their victims. It banned nearly 32 million user accounts and removed more than 137 million spam or scam posts in 2021, according to data from LinkedIn’s Transparency Report published earlier this year. At the time of writing, the platform claims to have over 830 million users worldwide.
catch all technology news And updates on Live Mint. download mint news app to receive daily market update & Live business News,