Cybercrime: Fun And Games On Linked In

This is a post series on cybercrime. For more posts click here or the cybercrime tag below.

Ran into this on 40pluscareerguru. This is the electronic update to the old badger game.

Inadequate cyber security has enabled an explosion of online fraud. Yesterday the BBC reported that online fraud and computer misuse is now the largest category of crime happening in the UK today. There were over 5 million cases reported in the last year and probably many more which went undetected.

Social media is the new hunting ground for criminals and fraudsters. And they are exploiting it with virtual impunity because the platforms are simply not doing enough to counter this threat to users.

Worse, police resources are just not large or capable enough to combat a problem which is often conducted from outside their jurisdictions. So we have to take care of ourselves and do our bit to protect our online friends as well.

Criminals are lurking even in places we’d not expect to find them. Like Linkedin. Here, fake or misleading profiles are used to create aliases that are then used to commit fraud on unsuspecting victims.

Security specialists Symantec recently investigated LinkedIn. Its investigation uncovered dozens of fake accounts on the social network, across a variety of industries.

I was shocked. Not that they found some. But that they found so few. I’d expect them to do better than this because even my cursory review suggests there are not dozens of these but thousands.

Depending on the nature of the fraud intended, the fake profile will vary. Some aim to acquire sensitive intelligence information from government employees. Others have more humble crimes in mind such as phishing or email scams. But one which has had fatal consequences is sexploitation. This has already resulted in at least one suicide by the victim.

I don’t know how extensive Symantec’s project was, but it took me about 5 minutes to uncover a whole heap of fake profiles without any of Symantec’s technology or resources. And I was shocked to see that the first fake profile I found had over 500 connections and a whole host of endorsements.

Meet Amber Grace Fowler and her friends:

‘Amber’ has absolutely nothing about herself on her profile. She’s not on the staff list at the estate agents she claims to work at. She has a Twitter account which is locked. All this says to me the account is fake, nonetheless the account has over 500 connections, and numerous endorsements for all sorts of things and ALL of course from (dumb) men.

This is what I call a Linkedin honeytrap. This particular fraud involves tricking unwary men into making a connection with the fake account. They are then seduced into committing sexual acts in front of a webcam, not realising they are dealing with an organised criminal gang. The footage is recorded by the criminals and then they have all they need to proceed to blackmail the victim.You might think that anyone stupid enough to get caught like this deserves all they get. That you’d never be lured into such a trap. But it’s happening all the time. So much so that the government have invested in this film which warns of the dangers:

I’m actually not very surprised that this sort of thing goes on in Linked In.  The site is primarily a site for job hunters and career people, both of whom tend to be vulnerable to social reinforcement. This is just the old badger game without the risks to the perpetrators.
The honey trap is as old as humanity, but heretofore the participants actually had to interact with victim, with all the risks that that involves if the victim refuses to be blackmailed and sets you up.  With cybercrime, all that goes away.  So be careful with social media interactions.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s