If you've perused LinkedIn lately, you may have noticed an inordinately high number of new profiles for Chief Information Security Officers (CISOs) and other C-suite titles. These profiles look perfectly authentic, some authentic enough to fool sites like cybersecurityventures.com, which has listed several phony CISO LinkedIn profiles as legitimate on their website.
After extensive research, one security firm has linked many of these fake profiles back to actors working for North Korea, who have obtained information from open sources and parlayed it into many of these fake profiles.
In a statement provided to KrebsOnSecurity, LinkedIn claimed to have robust processes to take fake accounts down. "We do have strong human and automated systems in place, and we're continually improving, as fake account activity becomes more sophisticated," the statement reads. "In our transparency report we share how our teams plus automated systems are stopping the vast majority of fraudulent activity we detect in our community – around 96% of fake accounts and around 99.1% of spam and scam."
However, there can be no dwell time with fake profiles staying online. Cyber-criminals will quickly leverage the profile to launch phishing attacks: The more time the profile is online, the more convincing and dangerous the profile becomes. A fully established fake social media profile poses a serious risk of immediate social engineering, targeting phishing and business email compromise threats to unsuspecting individuals connecting and engaging with the profile. Although there are processes at each social network to remove these bogus profiles, finding them as quickly as possible is a must.
Defending Your Organization's LinkedIn Presence
DigitalStakeout's Web Presence Monitor enables organizations to detect these threats rapidly. Our web presence monitor enables customers to protect against a fake brand or an executive's name. The web presence module continuously discovers accounts on 750+ popular public-facing social networks and websites. The monitoring module will quickly find any profiles matching your descriptors, enabling the platform to efficiently and constantly monitor and protect your brand and your executives.
Web presence monitoring can be tricky and nuanced at times. Don't worry. Our team of experts will help you configure the correct descriptors and inclusion and exclusion criteria to get optimal and maximized web presence visibility. The outcome, you will acquire a real-time inventory of your company, brand, product, or executive account web presence. We'll help you disrupt social media threats before they get a chance to take a foothold against your organization.
The adage "An ounce of prevention is worth a pound of cure" is more applicable today than ever, certainly in terms of fraud. In today's world of easily committed fraud and digital attack surfaces, monitoring for these fake social media profiles and protecting your brand and personnel is no longer optional.
Contact us; we can help you do just that.