Fake LinkedIn profiles are using AI-generated headshots to impersonate companies
Date:
Thu, 06 Oct 2022 20:17:13 +0000
Description:
Malicious LinkedIn accounts with authentic images are almost impossible to detect as fake.
FULL STORY ======================================================================
Creating fake social media accounts to trick people is hardly a new tactic, but theres something sinister about this new campaign that makes it stand out from the crowd.
An in-depth analysis posted to the KrebsOnSecurity blog claims cybercriminals have been using artificial intelligence (AI) to create profile pictures of non-existent people, and pairing that information with job description stolen from actual people on LinkedIn .
That way theyre creating fake profiles which, for most people, are almost impossible to identify as fake. Numerous use cases
Users have spotted a growing trend where suspicious accounts attempt to
access various invite-only LinkedIn groups. Group owners and administrators are only able to spot whats going on after getting dozens of such requests at once, and seeing that almost all of the profile pictures look the same (as
in, same angle, same face size, similar smile, etc.).
The researchers say they have reached out to LinkedIns customer support, but so far, the platform hasnt found its silver bullet. One of the ways its going about this challenge is requesting certain companies send a full employee list, and then banning all accounts that claim to be working there.
Besides not being able to determine who is behind this onslaught of fake professionals, the researchers are also struggling to understand what the point of it all is, exactly. Apparently, most of the accounts arent
monitored. They arent posting things and arent responding to messages. Read more
LinkedIn has a problem with fake profiles
An elaborate LinkedIn scam led to one of the largest heists in crypto
history
Here's our rundown of the best antivirus programs right now
Cybersecurity firm Mandiant believes hackers are using these accounts to try and land roles in cryptocurrency firms, as the first stage in a multi-stage attack whose goal is to drain the companys funds.
Others think this is part of the old romance scam, where victims are lured by pretty pictures into investing into fake crypto projects and trading platforms.
Furthermore, there is evidence of groups such as Lazarus using fake LinkedIn profiles to distribute infostealers, malware, and other viruses, among job seekers, especially in the cryptocurrency industry. And finally, some believe the bots could be used in the future to amplify fake news.
Responding to KrebsOnSecuritys research, LinkedIn said it was considering the idea of domain verification, to tackle the growing problem: This is an
ongoing challenge and were constantly improving our systems to stop fakes before they come online, LinkedIn said in a written statement.
We do stop the vast majority of fraudulent activity we detect in our
community around 96% of fake accounts and around 99.1% of spam and scams. Were also exploring new ways to protect our members such as expanding email domain verification. Our community is all about authentic people having meaningful conversations and to always increase the legitimacy and quality of our community. These are the best privacy tools around
Via: KrebsOnSecurity
======================================================================
Link to news story:
https://www.techradar.com/news/fake-linkedin-profiles-are-using-ai-generated-h eadshots-to-impersonate-companies/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)