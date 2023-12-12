Attackers have taken advantage of the expansive user base and extensive information available on LinkedIn to target professionals in Saudi Arabia and beyond. Hundreds of fake profiles on the platform have been used to not only attempt financial fraud but also to manipulate employees into revealing sensitive corporate information.

Researchers recently discovered nearly a thousand fake profiles on LinkedIn that were specifically created to target companies in the Middle East. These profiles were designed to appear legitimate and well-connected, making it difficult for users to distinguish them from real profiles.

The success rate of these campaigns was surprising, with professionals readily accepting contact requests from the fake profiles. By default, if users haven’t changed their LinkedIn settings, their contact list and other information become visible to anyone on their network.

LinkedIn has become a treasure trove for attackers due to its vast user base and the wealth of data it holds on organizations and their employees. Unfortunately, cybercriminals and state-sponsored attackers are increasingly utilizing the platform to gather information and carry out targeted attacks.

In the case of the profiles targeting Saudi professionals, the majority of them were young women in their 20s with Muslim names, claiming to work in Southeast Asia. However, many of these profiles were incredibly convincing, making it difficult to identify them as part of a threat campaign.

Various types of schemes utilizing these fake LinkedIn profiles have been identified. Some fraudsters attempted to use their reputations to sell fake certificates or training programs to their victims. Others targeted employees with access to specific information and tried to manipulate them into disclosing confidential data. Additionally, some scammers offered to sell access to high-quality LinkedIn accounts.

Another common attack method involves using LinkedIn smart links, which appear to lead to legitimate websites but actually redirect to attacker-controlled sites. This techniquepasses secure email gateways and is one of the primary methods of abuse on the platform.

LinkedIn has made efforts to combat fake profiles, but more can be done to improve user security. Providing users with more tools to manage their contacts and connections, as well as implementing exceptions for verified researchers, could enhance the platform’s security posture. Additionally, companies should have specific LinkedIn policies in place, educate employees about the risks, and encourage them to report any suspicious profiles they come across.

As LinkedIn continues to be a popular platform for professionals around the world, it is crucial for both individuals and organizations to be vigilant and take steps to protect themselves from potential cyberattacks.