It is widely known that LinkedIn has been commonly used by threat actors to initiate contact with targets to distribute malware, perform cyberespionage, steal credentials, or conduct financial fraud. LinkedIn is taking steps to combat these attempts by threat actors by introducing three new features in the hopes of reducing the number of fake profiles and malicious use of the platform. The first step to fighting fake accounts on LinkedIn is introducing a new “About this profile” section that gives users meta-information about the account. This information includes the date on which the user created their profile, if the account holder has verified their number, and if the account holder has linked a work email. The second step is to use AI to catch accounts using AI-generated images as profile photos to give a false sense of authenticity, which is a clear sign of fraudulent activity. Lastly, LinkedIn now displays warnings when a chat participant proposes to take communications outside the platform.
Analyst Notes
Fake accounts, fake job offers, and phishing attacks are all common tactics of threat actors using LinkedIn to target individuals. Threat actors may message individuals asking them to visit a company site which is reality, a fake site designed to steal credentials. Users should always be cautious if sent an external link on LinkedIn. Additionally, users should be wary of any files sent on LinkedIn from unknown users — threat actors will often use this technique to send malicious software to potential victims. LinkedIn’s new feature should help users identify fake accounts; incomplete profiles, limited connections, suspicious work history, and poor spelling and grammar can help individuals spot a fake account.
https://www.bleepingcomputer.com/news/security/linkedins-new-security-features-combat-fake-profiles-threat-actors/
