How to Spot Frauds on Professional Networks

LinkedIn, with its 364 million active users worldwide, has become one of the most popular professional social networking services today. Viadeo, a similar service for French users, also has a steadily growing user base of 65 million. With that many people publishing their work profiles online, it’s only natural for attackers to take notice and do something with that data. In the wrong hands, that type of information can put you or your company at risk.

Here are a number of practical ways to detect if someone is trying to trick you into divulging sensitive company information.

Who would want to trick you on professional social networks?

There are three kinds of people who might be inclined to do so:

  1. Attackers/APT actors

These attackers are looking to get any kind of information that they can use to infiltrate your company’s network. They will use social engineering techniques to try to entice you to accept invitations from them. They are also likely to send you emails with malicious attachments or links, both of which will end up infecting your computer with malware. When installed, the malware, which serves as a backdoor, will grant these attackers access to your system and your company’s network. From there, they can do just about anything: steal company secrets, tamper with the infrastructure, and the like.

  1. Competitors

Using false identities and companies, these people want to befriend you on social networks to get in touch, be really friendly, and slowly gain your trust. Once they manage to do that, they will abuse that trust. They will either ask you to reveal the information they need or let you do the work for them when you share too much about your work or your employer. Competitors can use this information to gain advantage over your company.

  1. Aggressive head hunters/recruitment entities

These people will want to collect as many contacts as possible. They do this to constitute whole databases about your company, its employees, and the specific projects they are working on. They use these databases to find the right people to hire away or pirate for the right employer.

While their motivations differ, the end-goal is always the same: connect to collect. Generally, these people start by sending you an invitation. They will pretend to be co-workers, customers, or a boss. If you accept, they will be able to see your entire profile and have access to your contacts. They want to add you or join the private groups you run so that they can know as much as possible about your company.

Case study at Trend Micro France

As a huge IT security provider, Trend Micro is often targeted by attackers or aggressive head hunters on social networks.

Recently, we saw a wave of Viadeo invitations arrive at Trend Micro France that involved one Viadeo profile that targeted several employees. The person behind the profile pretended to be an IT manager of 18 years from Trend Micro Australia. This person’s profile was quite empty, and contained only 4 contacts.

The profile says that this person studied at “havard, new yord”, an obvious typo for “Harvard, New York.” This was enough to raise suspicion, and a quick check of the company directory confirmed that there was indeed no employee with the name stated on this mystery profile. Another check was done to make sure that the person was not an ex-employee as well; he was not.

This was a clear attempt to collect contacts and information from Trend Micro.

As an immediate response, an internal alarm was raised about this profile to inform all the employees and avoid any trouble.

What makes a profile suspicious on a social network?

We decided to establish a list of questions you should always ask before engaging anyone or accepting any invitation on a social network:

  • Does the profile contain much information? Professional social networks are mostly used to make contacts and improve visibility to potential recruitment companies and head hunters. Who would register for an account on such networks, only to put his name and company but no other details about his past or present activities?
  • Does the profile contain typos and mistakes? A profile on sites like LinkedIn or Viadeo is a bit the same as a curriculum vitae. It needs to contain good information about you, and must also be written well, free from spelling mistakes or bad grammar. A profile full of errors is not attractive for any potential employer.
  • Does the profile have very few contacts? Generally, fraudsters build these temporary accounts to target entities or individuals; they do not need to add so many contacts. But since there are actual people out there with very few contacts, this particular indicator should only be considered after spotting other suspicious signs or activities.
  • Does the profile show inconsistencies in the person’s career? While it is probable that an employee can make major changes to his profile, a profile which constantly and drastically changes over a short span of time is most probably being used as a lure. When the fraudster wants to target one kind of company or vertical, he just adds a new job that could be relevant to his targets. So he can be HR director for some months, then a marketing expert, then a software engineer, etc.
  • Does the profile exhibit suspicious activity? Some professional social networks allow you to see the whole history of actions the profile owner does. If a new profile suddenly pops up and adds unrelated people from different verticals, or joins a lot of groups which seem completely unrelated to each other, this is an example of suspicious activity.

What should you do when you spot these signs?

Here are a few easy tips:

  • Read the profiles carefully, and try to look for anomalies and red flags like the ones mentioned above.
  • Cross check information. If the person claims to be from your company, check it out. Check your company directory, and do not hesitate to verify with your Human Resources department.
  • Ask the person. Once you’ve verified the person’s identity, give him a phone call or send him an e-mail to see if he, indeed, sent the invitation. There is no harm in asking. It might even save you in case someone copies your colleague's profile or usurps his real account. If the profile is from another company, try to reach someone you know who works there who could do these checks.
  • Avoid downloading or clicking suspicious files or links.

If after all this, you’re still unsure about accepting an invitation, it’s best not to. It’s really not a big deal. Better safe than sorry.

Contributor: Cedric Pernet, Trend Micro Threat Researcher


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.