LinkedIn Fakes Targeting You
Update July 27, 2020
How a Chinese agent used LinkedIn to hunt for targets
By Kevin Ponniah BBC News 26 July 2020
Yeo made his crucial contacts using LinkedIn, the job and careers networking site used by more than 700 million people. The platform was described only as a “professional networking website” in the court documents, but its use was confirmed to the Washington Post.
Update July 20, 2020
No.
Update January 8, 2020
Yeah. No. There are other tells in the listing, but for this one I used the Yandex.com image search engine, which found the original picture and more from the same shoot.
Update August 24, 2019
Update June 13, 2019
Experts: Spy used AI-generated face to connect with targets (Associated Press)
“British , French and German officials have all issued warnings over the past few years detailing how thousands of people had been contacted by foreign spies over LinkedIn.”
This is an excellent article that covers real-world spy usage of LinkedIn (including comments from LinkedIn) and artificially created images.
Update March 29, 2019
LinkedIn is becoming China’s go-to platform for recruiting foreign spies
Written by Jeff Stone Mar 26, 2019 | CYBERSCOOP
“ But a string of recent cases demonstrate how suspected Chinese spies are exploiting LinkedIn, a networking site inherently meant to facilitate professional communications, to gather information about potential sources.”
https://www.cyberscoop.com/linkedin-china-spies-kevin-mallory-ron-hansen/
Update March 12, 2019
Jessica has doubled down (see March 7 update). Her bio now reflects that she is a student, “studying for my biology degree in finance….”
Update March 7, 2019
The picture here is not Jessica Yarikadi, sales specialist at Portland, Oregon ad agency Fish Marketing’s Ghana office. It’s porn star Janessa Brazil. Don’t ask me how I know. Okay, I’ll tell you — Tineye came up with the goods with references to sites like RomanceScamsNow (89 matches) and even J-Date.
I don’t know why Fish Marketing was targeted but they clearly have become a popular company for fake LinkedIn accounts.
Here is Indrasish Bose, an aquarium in their India office. Indrasish’s two interests are Fish Marketing and the International Fisheries Network. Or so he says.
Fish Marketing’s “people” page on LinkedIn includes, in addition to (real) Chairman Doug Fish, Afghani storekeeper “juned shegle,” seven people in Indonesia, seven in Nigeria, four in Iran, a server, a janitor, and a fisheries biologist. A number of these appear to be either coding errors by real people who clicked Fish Marketing the business instead of fish marketing the career or perhaps a LinkedIn algorithm that’s a little too aggressive. Others, like Jessica, are obviously fake and being used to make connections for sketchy purposes. If you maintain a business page on LinkedIn, you might check and see who are listed as employees.
Update January 5, 2019
So here we are in the middle of the federal government shutdown, and a young lady at the US Department of Education has taken the time to invite me to link with her? Nope. On the left (below) is the invitation. I tried a reverse image search with Tineye which was unproductive, but Google Image Search found that the pictures belong to Angie Varona’s Instagram account. I will let her know.
I’m letting you know because “Monique” is clearly targeting government/legislative types. Of her 25 connections (it just went up to 28), I’m a “1st” (direct connection) with nine people, all current top legislative, executive branch or influential lobbyist in Texas. Monique’s bio is brief but credible; something about the pictures and the name (is that the singer for the ska band Save Ferris?) made me check.
Update October 31, 2018
Some 4,000 individuals have been targeted in recent months and “hundreds” have been bamboozled by offers of jobs or collaboration from fake LinkedIn accounts run by Chinese spies masquerading as “head hunters, consultants or think tanks”.
Thank you https://twitter.com/trapwire for the tip.
Update June 29, 2018
Not today, Vladimir. I’m not aware of any state departments of transportation that employ models who live across the country. However, I have worked for the Texas Department of Transportation, which leads me to think some targeting is involved here.
Update February 16, 2018
“This email claims that business social network LinkedIn has sent you a private message and urges you to click a link to view and reply to the supposed message. However, the email is not from LinkedIn. If you click the link, you will be taken to a Russian based spam website that attempts to sell you various pharmaceutical products without the need for a prescription.”
Fake LinkedIn Notifications Link to Spam Website, Brett M. Christensen, February 16, 2018
http://www.hoax-slayer.net/fake-linkedin-notifications-link-spam-website/
Update December 12, 2017
“Chinese intelligence services are active on networks like LinkedIn and have been trying for a while to extract information and find intelligence sources in this way,” including seeking data on users’ habits, hobbies and political interests, they said.
I think this email notification I received is more of a hacked account than a fake account. Shared for your information.
Update September 15, 2017
Phishers Spread Malicious Links Via Hacked LinkedIn Accounts
Info Security, 9/15/2017
Researchers are warning of a new phishing campaign using hijacked LinkedIn accounts to send malicious links in private messages and InMail. Jérôme Segura, lead malware intelligence analyst at Malwarebytes, made the discovery, revealing that the fraudulent messages sometimes come from hacked Premium accounts. “The fraudulent message includes a reference to a shared document and a link that redirects to a phishing site for Gmail and other email providers which require potential victims to log in,” he explained. “Those who proceed will have their username, password, and phone number stolen but won’t realize they were duped right away. Indeed, this phishing scam ends on a tricky note with a decoy document on wealth management from Wells Fargo.” The phishing messages in question abuse link shortening service ow.ly and free hosting provider gdk.mx to redirect to the phishing page, which is hosted on a hacked website, Segura added.
Update March 16, 2017
Apparently, Saudi Arabian Princess Ameerah bint Aidan bin Nayef Al-Taweel Al-Otaibi is a well known personality, which makes her an unusual choice for a fake LinkedIn profile with over 500 contacts, much less multiple fake profiles, but here we are.
Update September 18, 2016
Here is another fake with over 500 connections, conflicting and minimal information, and a penchant for targeting homeland security individuals.
There is no presence for an Arianna Jonathan on the Internet in America (there does appear to be one in Italy), although there are instances of Arianna and Jonathan getting married. The picture returns zero instances from both Tineye and Google Image Search.
She lists her job as being at Ronato Inc. in one place and at Harman International B in another. There is a Harman International; the B is unexplained but even if you assume it’s a typo that leaves us Ronato, which dissolved in 1990 (https://www.corporationwiki.com/p/2o0648/ronato-inc). Regardless, would someone with an MBA list it as a certification without at least putting the university (under Education she put “Bachelor’s degree, Human Resources Management and Services” from Arizona State University)?
I recognized a well-known homeland security writer in the list of shared connections and asked for a vouch for Arianna. This is the response I received:
“She sent me a request a couple of weeks ago and I accepted. After receiving your message, I reviewed our “mutual” acquaintances and it appears that she is linking in with homeland security folks. I just removed the connection.”
Update September 10, 2016
The Department of Defense has a series of “Smart Cards” with advice for online privacy settings. There are no security restrictions on these cards, so they can be shared publicly. One addressing LinkedIn is available from the Public Intelligence website.
The card has two pages of advice such as:
- Only establish and maintain connections with people you know and trust. Review your connections often.
- Assume that ANYONE can see any information about your activities, personal life, or professional life that you post and share.
- Ensure that your family takes similar precautions with their accounts; their privacy and sharing settings can expose your personal data.
It also suggests specific profile privacy settings. For example, regarding your connections: “Select who can see your connections. Set to Only You. Note: People will still be able to see connections who endorse you and connections they share with you. Don’t want your endorsements visible? Just choose to opt out. “
The document is online in Adobe Acrobat (.pdf) format here.
Update August 15, 2016
Debra Phifer is a fake profile. A search of her avatar using tineye.com reveals the picture is of a woman named Stephanie who is the subject of a documentary about Latina graduates (http://www.pbs.org/independentlens/videos/latina-student-faces-present-day-school-segregation/).
The company “Debra” works for does not exist outside of Indonesia. Her entire listing has one job and one degree. Yet, somehow, “Debra” has conned over 500 people into linking, including high ranking state officials and tech leaders.
This is the first fake I have seen that purchased the premium membership, though. This addition apparently makes the listing the first among equals — if you search LinkedIn for Debra Phifer, this listing comes up first of ten Debra Phifers.
Who Cares/So What?
Why is any of this noteworthy? Two reasons: first, linking provides a direct communication method to individuals that bypasses many security provisions in place for other methods, and second, it gives the requester access to information about an individual’s background, habits, and relationships, which can be used for doxxing (see for example http://www.vachiefs.org/index.php/news/item/doxxing_the_new_threat_posting_personal_info_of_officers_and_their_families).
Final note for this entry: in addition to the new tactic of purchasing premium memberships, some fake accounts are also “endorsing” people for skills and expertise. I know this because I was asked to link with an account I knew was fake and I notified several friends who had accepted the link. The fake account had started endorsing my friends, which the actual person had not done, and my friends are now deciding which one they like better.
Update August 10, 2016
How to report Fake Profiles (as of August 2016)
To flag inappropriate or fake profiles directly on LinkedIn, (i.e. profiles that contain profanity, empty profiles with fake names, or profiles that are impersonating public figures), please follow these steps:
- On the profile you want to report, hover your cursor over the Dropdown arrow next to Send a Message or Send InMail/View in Recruiter in the top section of their profile.
- Select Block or Report.
- Click the box next to Report.
- Select a reason for flagging the profile.
- Click Continue.
- Select Agree.
Meanwhile, on Facebook:
James, we both know the answer to this, don’t we?
Update July 28, 2016
Someone has too much time on his or her hands.
Update July 6, 2016
Dear Former House Majority Leader @EricCantor: a fake LinkedIn account had the good taste to use your picture and has conned 59 people so far. Thought you would want to know.
Update May 23, 2016
Josh Peppertown can’t keep the name of his employers straight. Sad because he’s worked there eight years. Not. This one is a first for me, though, because the LinkedIn presence is the ONLY place on the Internet you will find Mr. Peppertown.
An Internet search using a popular search engine turned up only 45 results, and all of them, I mean ALL of them, are LinkedIn accounts. Web searches usually pick up multiple LinkedIn accounts because they appear on other LinkedIn pages as people who were also viewed or searched or you might want to look at.
Of the other results, I’ve already introduced you to the nonexistent Todd Betterworth and, in fact, his profile has disappeared from LinkedIn. Sarah mills weeks might be someone with a playful sense of humor and over 500 friends, but more likely is a somewhat more elaborate fraud. She has two twitter accounts that issued a few tweets and retweets then stopped. She also has a Facebook page that is current and active, but it’s almost all reposts that appears automated.
That leaves Tom Smith, and you can draw your own conclusion:
Update May 5, 2016
Asheesh Singh is clearly a fake, but at least it’s an entertaining one, as he describes himself as a personal business analyst in Cameroon who likes photography, with no further details, absolutely none. A reverse image search this time leads us to another LinkedIn account, a gentleman who appears on multiple websites and whose LinkedIn bio is well filled out. You can see the difference below.
It’s not immediately clear who or what is being targeted. Asheesh at this point has 270 connections, but only two are linked to me, so I have a sample of three to work with. It appears his visible current connections and I share only two things: living in Texas and being named Steven. Is there some conspiracy against Stevens?
Update April 22, 2016
Yeah, Jack Middleton, who left Waco for NYU but flunked spelling and returned to Waco, you don’t exist. Not only that, but you used a picture of a member of the Vietnam Helicopter Pilots Association (#722, McElheny and Tucker). And you’ve conned one state senator, three state representatives, a reporter, a ton of lobbyists — over 500 people into linking to you with little more than that.
And here’s Kaye Bean, who also doesn’t exist. The creator of this persona wants you to think Kaye was a legislative staffer in Pennsylvania who moved to Texas to work for a moving and storage company, but keeps an interest in politics. Kaye is new here, didn’t even list a college. But yes, the picture is from a porn site.
Update April 21, 2016
Arriving today in the inbox: ANA Harvey, who does not exist but according to Tineye.com bears an astounding resemblance to Kelly Clarkson. She shares a connection with me — a retired police chief who will be hearing from me shortly.
The company she claims to work for, TMDGLLC, has a company listing on LinkedIn with more than 40 very photogenic employees. Pulling some out, “AMANDA” Black appears to be an accountant who moonlights as a model for no-iron blouses.
Hazel Romero and Cassandra Lambert are stock photos. Rich Krueger appears to be real. Yay Rich!
Feel free to try your hand at this.
Original article posted April 17, 2016
The picture is too perfect, it screams stock photography. I got curious and searched on the name, picture, and company.
April Karr https://lnkd.in/bgX75D7 doesn’t exist. That picture is a Shutterstock photo. The company listed doesn’t exist. There’s minimal info in the LI profile. It’s a fake. A fake that more than 500 people so far have bought in to.
Whoever’s behind it has an active program aimed at government professionals. LinkedIn says 304 of my largely government-related connections have accepted April’s invitation. I’ve received at least three invitations from her.
The fakes get better
And then there is Sally Kosboys: https://lnkd.in/bRhvC8U .
Same story — minimal info, appears to be a government person, invite sent to government types. 311 of my friends bit on that one.
One twist here is that Sally also has a fake Twitter account (https://twitter.com/Kosboys) with one suggestive tweet from 2012 to her credit (“Entertaining clients at Aureole’s tonight”) and 249 followers.
Another twist is the source of Sally’s picture. Here it is in context:
And here’s the equally bogus Paul Kosboys https://lnkd.in/b2n5fVU. Poor Paul — in 39 years as head of a public relations firm, he has yet to set up a company website, and on LI he’s only managed 28 connections.
Here’s a clever LinkedIn fake that further evidences the targeting of government employees: Teresa Kraft https://lnkd.in/bCJaBfF.
Just enough info in the fields to look legit but be hard to check. The motive for this one seems clearer than the other ones — sell a product to government professionals and wannabes.
Are you spending endless hours searching for political and government jobs in Washington D.C? What if you could stop the endless search and go to a one stop shop to begin or advance your political career. Find the jobs that are usually only available to insiders on the #1 political job aggregator in Washington D.C…
The picture is stolen from another LI account, Sara Beery https://lnkd.in/btJn4DM — an image search finds the same photo, uncropped, elsewhere on the Internet.
I question whether anyone associated with Teresa’s alleged place of employment actually exists.
Here’s Todd Betterworth — looks like he’s made over 500 friends, or would have if he actually existed. You’ll find the original photo at what appears to be a site by someone who really likes coveralls, http://www.coveralls.co.uk/. Looks like if you are in the oil or gas industry, you’d want to think twice before linking to this guy.
I wonder why so many have fallen for these, but I don’t wonder what the intent was when “Teresa” or any of these others sent me an invitation. It can’t be good.
This is an expanded version of an article I originally published on LinkedIn.
