LinkedIn users targeted by spear-phishing scam

Scammers are targeting LinkedIn users with a new campaign that looks to harvest data on profiles using a fake account claiming to be that of a dating agency with the information likely to be used in a spear-phishing campaign.

Websense published a blog that states the profile shows up as one of the last five users to view a profile and comes under the name Jessica Reinsch, with the summary of the profile linking to a dating website based out of Switzerland.

“This particular profile, although not currently directing LinkedIn users to malicious code, is likely to have been set up to gain connections and harvest intelligence,” stated Carl Leonard, senior security research manager EMEA at Websense.

The Websense post speculates that although nothing malicious has happened within LinkedIn, the users affected may have had information stolen as the illicit account has Premium access and could use the information outside LinkedIn.

“Information relating to current employer, job titles, connections within the social network, and technology skills could be used by attackers to better enhance their chance of success in more targeted attacks outside of the LinkedIn network,” Leonard added.

The scam only affects users that notice Jessica Reinsch has looked at the profile in question and even then users seemingly have to click through to the link given on the profile. If a user views the hacker’s profile the premium features then allow the scammer to harvest information and potentially use it outside the site – a practice commonly known as spear-phishing.

This method involves collecting large amounts of information on the potential target and using it to create sophisticated emails that have a better chance than regular phishing attempts.

LinkedIn users, due to the business nature of the site, are more likely to be targeted by this method of phishing than anyone else and being vigilant is one of the only ways that users can make sure they don’t fall into the trap.