It feels like pretty much everyday there is some kind of new cybersecurity threat looming on the horizon. Malicious cyber actors are, after all, some of the more innovative individuals in the world. As those of us working to better protect our organizations implement new security measures, threat actors are already creating new tactics to counter those measures.
Most recently, one of those new schemes involves fake LinkedIn profiles representing Chief Information Security Officers (CISOs) at some of the world's largest corporations.
KrebsOnSecurity reports that a large number of fake CISO profiles were created, and that the profiles were even confusing some search engine results for CISOs at large companies.
Brian Krebs also reports that it is unclear who was behind this campaign and what their intentions might be.
CISO profiles spoofed on LinkedIn
One of the fake profiles that was discovered was for one Victor Sites, claiming to be the CISO at Chevron. The profile says that Sites is from Westerville, Ohio, and graduated from Texas A&M University. Here is what that profile looked like:
All it takes is some simple, logical deduction to conclude that Sites could not really be the CISO for Chevron. With only 125 connections, how could someone rise to a C-level role at one of the largest companies in the world?
Well, Google's search engine apparently lacked that reasoning. At the time of Krebs' post, if you searched for the CISO at Chevron, this is what you would see:
The current CISO for Chevron is Christopher Lukas, who has 500+ connections on LinkedIn and has been with the company for almost 10 years.
Still, it's intriguing that even Google's search algorithms were fooled by this trick.
If you look at the screenshot of Sites' profile above, you'll see on the right a column with "People also viewed," where some other fake CISO profiles were discovered.
The profile for a Maryann Robles claims to be the CISO at ExxonMobil:
If you look in the About section, you'll notice it describes the person as "Deputy CISO of the world's largest health plan," which is interesting considering the use of the word deputy and that ExxonMobil is not a healthcare provider.
Krebs discovered that this profile was actually lifted from a real person, the CISO from the Centers for Medicare & Medicaid Services in Baltimore, Maryland.
Though, once again, somebody was fooled into believing this Maryann Robles profile was for real when Cybercrime Magazine added her to its CISO 500 list:
While we do not know who is behind these fake profiles, security firm Mandiant previously warned of North Korean threat actors copying profiles and resumes from job listing platforms such as LinkedIn and Indeed, using them in an elaborate scheme to land jobs at cryptocurrency firms.
[RELATED: Are Chinese Spies Trying to Connect with You on LinkedIn?]
LinkedIn reached out to KrebsOnSecurity, providing this statement:
"We do have strong human and automated systems in place, and we're continually improving, as fake account activity becomes more sophisticated. In our transparency report we share how our teams plus automated systems are stopping the vast majority of fraudulent activity we detect in our community—around 96% of fake accounts and around 99.1% of spam and scam."
KrebsOnSecurity makes a few suggestions as to what LinkedIn could do to stop these fraudulent profiles from popping up. One of those ways could be adding a "created on" date for each profile, like you can see on Twitter, or adding verified mark next to validated profiles like Twitter's blue checkmark.
Next time you're looking around on LinkedIn, do some extra checking to make sure that a profile is legit.
Follow SecureWorld News for more stories related to cybersecurity.
