Hackers using LinkedIn to spread malware

This new strain of Qbot malware is tougher than ever to find and destroy
April 12, 2016
URL shorteners could offer shortcut to malware infection, study claims
April 14, 2016

LinkedIn has a fake profile problem.

Hackers are using fake profiles to make connections with people at work. It can lead to some bad things for their employers.

CEOs, hiring managers and human resources representatives use LinkedIn as way to announce job openings and search for potential new employees.

In recent months, researchers at Dell’s counter threat unit found 25 fake LinkedIn profiles being used by hackers in the middle east. The profiles look identical to other profiles on the network, which include a head ­shot profile picture, resume, current job and responsibilities.

The owners of the fake accounts will send out connection requests to other users. Many times when those requests are accepted, users will receive information of new job openings. When they click on a link, it can install malware on the users computers.

As hackers increasingly attack businesses and corporations, the risk is great. Hackers can install that malware on one computer and, in a matter of seconds, it can infect the entire computer network.

“I think what most companies don’t understand is the depth,” said Jeremy Hopwood, a cyber security expert who works with companies to lock down networks and find harmful malware or viruses on company computers. He said sometimes malware will sit inside the network for days, weeks and even months before being launched.

“Once they’ve been weaponized and detonated within the business, it spreads within seconds,” Hopwood said.

Dell uncovered the fake LinkedIn profiles and identified what it terms leaders and supporters. By connecting with themselves, it gives the impression the profiles are legit and other users are more likely to accept the connection request.

LinkedIn is now asking users to report any suspicious connections that might be fakes. The best practice is to only accept requests from people you know for a fact are real.

Request Demo