The picture gets clearer at an individual company level. But due to LinkedIn’s privacy settings, which make certain profiles inaccessible to users who don’t share connections, it’s difficult to gauge the scope of the problem across the platform. Following the reporting, Apple and Amazon’s profile pages were purged of hundreds of thousands of fake accounts. In September last year, security reporter Brian Krebs found a flood of fake chief information security officers on the platform and thousands of false accounts linked to legitimate companies. It’s likely that scam and spam accounts are much more common on LinkedIn than those connected to any nation or government-backed groups. The LinkedIn messages sent by the scammers didn’t contain many grammatical errors or other typos, he says, which made the attack more difficult to catch. But the programming challenge was a scam designed to deploy malware to the target’s computer, Kalnai says. They started by asking the target how their weekend was before inviting them to complete a programming challenge to continue the hiring process, says Peter Kalnai, the senior malware researcher at security firm ESET who discovered the account. In one previously unreported example, a fake account connected to North Korea’s Lazarus hacking group, pretended to be a recruiter at Meta. Often these approaches start on LinkedIn but move to WhatsApp or email, where it may be easier to send phishing links or malware. One person acting on behalf of China, according to court documents, found that the algorithm of one “professional networking website” was “relentless” in suggesting potential new targets to approach. The UK government said in May 2022 that “foreign spies and other malicious actors” had approached 10,000 people on LinkedIn or Facebook over 12 months.
0 kommentar(er)
