Explore Our Latest Insights on Artificial Intelligence (AI). Learn More.
AI: Governance and Oversight – Navigating the New Frontier of Financial Services
by Mark Turner, Richard Taylor, Richard Kerr
Fri, Oct 28, 2022
Explore Our Latest Insights on Artificial Intelligence (AI). Learn More.
The nature of LinkedIn’s professional environment facilitates communication among individuals from various backgrounds across industries. However, threat actors have been known to exploit the business networking platform for malicious aims, including intelligence gathering, identity theft and spear phishing. A number of fake profiles identified on the site have been observed targeting individuals in diverse sectors, particularly those with roles in government, cyber security and education. This type of social engineering attack is geared towards gaining personal information about a victim in order to steal their identity or exploit them for financial gain.
Intelligence gathering via fake LinkedIn profiles is a favored strategy as it has proved much more efficient than physically dispatching spies worldwide. A common tactic uses profiles supposedly of women in headhunting firms with experience in HR management, consulting, national policy or academia, or who have a background working for a foreign think tank. Upon contact through these profiles, perpetrators seek to establish a relationship with victims and gauge their overall value in terms of the personal and professional information they could provide. High-value individuals are sometimes offered all-expense trips in exchange for travel to foreign countries or speeches.
In one instance, a LinkedIn user who maintains a LinkedIn newsletter grew suspicious after a few curiously similar profiles joined his follower count within a short period of time: all profiles presented themselves as women, had abstract banner images, listed one previous job and three known languages, and claimed to have a master’s degree.Employing some basic search terms, he eventually discovered hundreds of profiles that raised similar red flags (Figure 1). He suspects many of these profiles aimed to acquire resumes, thereby accumulating troves of personal information, or served as a means of advertising for their represented companies.
Figure 1 – August 31, 2021, Duplicate LinkedIn Profiles (Source: Bruce Johnston)
An investigation conducted by the Stanford Internet Observatory uncovered more than 1,000 LinkedIn profiles whose user accounts displayed profile pictures likely generated by artificial intelligence. The investigation was conducted after one of the researchers received a message purportedly from “Keenan Ramsey,” (Figure 2), whose profile picture was noticeably missing a left earring and some strands of hair and had perfectly centered eye alignment (Figure 3).
Figure 2 – Suspect Profile Header (Source: Stanford Internet Observatory/NPR)
Figure 3 – Suspect Profile Picture (Source: Stanford Internet Observatory/NPR)
On further investigation into this profile, the researcher was unable to find any trace of a “Keenan Ramsey” working at the reported place of employment or any records of her obtaining a degree from New York University, as listed in her profile.
NPR, which published the Stanford Internet Observatory findings, additionally contacted 28 universities listed in 57 of the likely fake profiles uncovered in the investigation. Twenty-one universities responded, who reported they were unable to find “any records of the supposed graduates.”
In this particular case, many of the artificially generated profiles appeared to be used for digital telemarketing—automated profiles would send messages to users, and those who responded were redirected to a real salesperson.
In Kroll’s investigative experience, fake profiles have also been used for impersonation and identity theft. Users have found their profiles entirely duplicated by perpetrators who had sent invitations to connect, then turned around to re-connect with all the victim’s publicly listed contacts. Perpetrators are known to have used their newly adopted identity and reputation to engage in communication with the victim’s contacts to gain information or send malicious links. Additionally, in order to make initial contact with a potential victim, actors will pose as a friend of a friend by connecting with several of the target’s connections in order to appear more legitimate. Victims may be more likely to accept the request if they see the perpetrator has connections to people in their own network.
Attackers also connect with individuals to collect email addresses, telephone numbers and public information, such as interests, titles and reporting structures, to aid in spear phishing attempts . There have also been instances where an attacker looking to target a specific organization will pose as a candidate for a security position in order to gain a better understanding of the tools and protocols the organization has in place. This can aid an attacker in preparing a more catered approach when targeting their victim.
Kroll experts have observed a rise in social engineering attacks, with a notable increase in vishing and smishing attacks. These attacks aim to gain the trust of victims to exploit them financially or to impersonate the victims and steal their identity. It is important to be vigilant on social media platforms by verifying the identity of your connections and vetting their profiles. If you think you’ve had your identity compromised by a threat actor, our Kroll experts are available to assist 24x7 via our hotlines or our contact us page.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Deftly navigate a host of risk and reputational landmines caused by a cyber crisis with a full suite of strategic communications support for incident response, preparedness and training.
Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle.
Our expertise allows us to identify and analyze the scope and intent of advanced persistent threats to launch a targeted and effective response.
by Mark Turner, Richard Taylor, Richard Kerr
by Ken C. Joseph, Esq., Jonathan "Yoni" Schenker, Ana D. Petrovic
by Ken C. Joseph, Esq., Ana D. Petrovic, Jonathan "Yoni" Schenker, Jack Thomas, Justin Hearon
by Nicole Sette, Joe Contino