The security software company conducted a study with LinkedIn to take down fake profiles, after a number of researchers discovered sophisticated groups purporting to be recruitment consultants so they could identify potential victims.
According to Symantec, scammers pose as recruiters for fake firms or are supposedly self-employed. They use photos of women stolen from stock image websites, and copy and paste text from the profiles of real professionals for their summary and experience.
They also fill their profiles with keywords for visibility in search results.
Satnam Narang, senior security response manager at Symantec, explained in a blog post: “The primary goal of these fake LinkedIn accounts is to map out the networks of business professionals. Using these fake LinkedIn accounts, scammers are able to establish a sense of credibility among professionals in order to initiate further connections.”
“In addition to mapping connections, scammers can also scrape contact information from their connections, including personal and professional email addresses as well as phone numbers. This information could be used to send spear-phishing emails.”
LinkedIn users should be sceptical about “who they add to their network”.
“If you’ve never met the person before, don’t just add them. We weren’t surprised to learn that these fake LinkedIn accounts received endorsements from real users,” said Narang.
In September, Dell's counter-threat unit identified 25 fake LinkedIn accounts linked to an Iran-based hacking group.
Many of the fake profiles listed high-profile companies, such as Teledyne, Doosan, Northrop Grumman and Petrochemical Industries Co, as places of employment.
Dell recommended: “Organisations may want to consider policing abuse of their brand on LinkedIn and other social media sites. If an organisation discovers that a LinkedIn persona is fraudulently claiming an association with the company, it should contact LinkedIn. Creating false identities and misrepresenting an association with an organisation is a breach of LinkedIn's terms and conditions.”