Phishing and Fake LinkedIn Profiles

There has been a recent discovery of people making fake LinkedIn profiles. The main questions are “why are people creating fake LinkedIn profiles? What’s the purpose?” Well, I’m here to tell you from experience why this is happening. Before getting into it, I want to make clear that both LotusFlare and Ricky Gill are innocent and unwilling participants. If it happened to them, it can absolutely happen to you and/or your company.
Earlier this week, we got an e-mail from a certain “Ricky Gill” requesting information about our courses. They said they worked as a senior project manager for a company called LotusFlare. “Ricky” said they were about to undergo a major project and he was looking at training in advance of this project.
The person who received the email noticed the e-mail was from “LotusFiare.com” (tricky Ricky…). This immediately raised suspicion. So, they decided to look them up on LinkedIn, and sure enough, Ricky Gill’s profile comes up and says he’s a senior product manager. This is the reason why scammers are setting up fake profiles (or using someone’s real profile). They know people are going to validate someone by looking them up on LinkedIn.
Then, (and this is where fake Ricky’s ruse is really exposed) he says he is going to share his detailed project plan with us so we can advise him on appropriate training solutions. Really, Ricky? You’re authorized to share detailed and assuredly sensitive information with any vendor? Come on man, stop it. Oh, you want us to logon to some “secure crypto folder” to access it? Come on man, stop it. Let me guess, Ricky, I have to enable macros in Excel to see it? You’re killing me, Ricky, just stop it.
I have to admit, I did get a little OCD over Ricky and the process he was following. Looked up the whois record for “lotusfiare.com”. Winds up this domain was created about 80 days prior to us getting the e-mail. The registrar is a company called porkbun (kudos on the wild domain name folks). As for Ricky, his profile has been around for 7 years, so I think it’s safe to say his profile is real.
For some reason, I felt it a good idea to reach out to LotusFlare to advise them of the fake profile and phishing in their name. Tried to reach out to the actual LotusFlare…Nada. No security e-mail, no ability to contact anyone who could be alerted to the fact their company was being abused by a malicious person. Then I thought what would they be able to do if they know about it? Pretty much nothing. Maybe they would advise their clients that someone is out there using a similar domain name? Yeah, like that’s hasn’t been happening since the 90s.
So folks, there you go. That’s why people are using fake LinkedIn profiles. It’s all part of phishing campaigns. As U2’s Bono says in the song Acrobat: “Don’t believe what you hear, don’t believe what you see”. LinkedIn is NOT an authoritative source. It may have been in the past, but nothing lasts forever. Maybe this could find its way into your security awareness training because it’s obvious scammers are leveraging LinkedIn as part of the scams. Not a foolproof method by far, but if you are reached out to by the CEO of a major corporation, don’t assume it’s a real profile. However, if a profile is a month old, that is a pretty good indicator you’re dealing with an imposter. As for LinkedIn, allowing anyone to say they are anyone from any company is an issue that needs to be addressed.
Oh, one last thing. Companies should really have a security email or someway to be contacted in the event someone wants to reach out with security related information that may impact their company.