Want a Cyber Security Job But Know Zero? Will a Fake LinkedIn Profile Help You?

October 17, 2022

LinkedIn has unwittingly become a vector for the spread of false information. Krebs on Security reports, “Fake CISO Profiles on LinkedIn Target Fortune 500s.” A slew of fake LinkedIn profiles mysteriously appeared for Chief Information Security Officers purportedly serving at high-profile companies. Some were entirely original fabrications, but at least one lifted a description from the actual CISO’s profile. See the write-up for screenshots of a few offending profiles.

Who is fooled? Organizations looking for cybersecurity professionals. And not just on LinkedIn. Apparently other sources unwittingly perpetuated the lies, sources like Google Search, Apollo.io, Signalhire, Cybersecurity Ventures, and Cybercrime Magazine’s CISO 500 list. Whoever is behind the effort must have been delighted. It was apparently Honeywell’s former CISO Rich Mason who first noticed the trend and sounded the alarm. Krebs notes:

“Again, we don’t know much about who or what is behind these profiles, but in August the security firm Mandiant (recently acquired by Google) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at crypto currency firms. None of the profiles listed here responded to requests for comment (or to become a connection). In a statement provided to KrebsOnSecurity, LinkedIn said its teams were actively working to take these fake accounts down.”

We are sure they are. The article suggests some ways the site could make things easier on themselves in the future. Maybe even catch and remove such fabrications before they make it to other media channels. We are told:

“LinkedIn could take one simple step that would make it far easier for people to make informed decisions about whether to trust a given profile: Add a ‘created on’ date for every profile. Twitter does this, and it’s enormously helpful for filtering out a great deal of noise and unwanted communications. The former CISO Mason said LinkedIn also could experiment with offering something akin to Twitter’s verified mark to users who chose to validate that they can respond to email at the domain associated with their stated current employer. … Mason said LinkedIn also needs a more streamlined process for allowing employers to remove phony employee accounts.”

It is unlikely that we’ve seen the last of this tactic. LinkedIn should bolster its safeguards and streamline its reporting process. Meanwhile, other sources must learn to verify information they find on the site. Safeguarding one’s reputation for accurate data should be worth the effort.

Cynthia Murrell, October 17, 2022

Comments

One Response to “Want a Cyber Security Job But Know Zero? Will a Fake LinkedIn Profile Help You?”

  1. LinkedIn Helps Users Spot Fake Accounts it Lets Slip Through : Stephen E. Arnold @ Beyond Search on November 11th, 2022 5:10 am

    […] LinkedIn accounts are a fact of life. One might wonder how it is a professional social media site does not require […]

  • Archives

  • Recent Posts

  • Meta