CISO Update #36
LinkedIn Fake Profile Scam
Social Media is an inescapable part of our personal and professional lives. We use career-oriented services to post articles and update resumes, and we use personal services to share family information and talk about issues of the day. LinkedIn, the career-oriented social media site, is all about building your network and accepting outreach from others. But how do you know who you can trust? It is important to realize that digital criminals don’t stop with just Facebook and Twitter, they also take advantage of users on LinkedIn where connections carry greater professional gravity.
Recently members of the FIT community received a LinkedIn connection invitation from someone who claimed to be a former student or employee (the profile is not clear). It appears though that the profile is fake: The photo doesn’t match other online photos of the individual, and while they claim to be associated with FIT, there is no record of the individual as an employee or student. In the spirit of trying to support former community members, some people at FIT accepted the invitation, even though they didn’t know the individual. And the more FIT contacts the fraudster has, the more likely the next FIT person is to accept the invitation. This growing network of contacts enables targeted phishing attacks and potential malware in the form of attachments from a “trusted” contact.
As summer approaches, students and recent graduates will try to build their networks on LinkedIn to help them land jobs and internships, so we would like to remind you to be diligent and provide some helpful tips on how to stay safe.
What can you do?
If you have reason to believe that you received an invite from a fake profile on LinkedIn, you can flag that profile by reporting it to LinkedIn.
Only accept social media connection requests from people you know. We realize this can be contradictory when trying to grow your network or make professional connections on LinkedIn. If you have accepted requests from people you don’t know or have reason to suspect, end the connection.
If you have any reason to suspect the validity of a request or message, especially if it has links or attachments, contact the individual through other means to verify. Make sure the details of the connection request match what you know about the individual, and be wary of any inconsistencies.