Anatomy Of A LinkedIn Spammer

Phishing is not new, not going away, and still the bread and butter of successful attacks.  However, new angles at the end user are growing every day in other marketing channels such as social media and mobile.    Below is a sample of a aggressive attack running today on LinkedIN.

LinkedINSpammerThis account targets a HealthCare Executives Group, posting details about high paying jobs for “lucky candidates”.

This “Compensation Specialist” is focused on attracting targets to a work from home money scam.  This link takes you into a site that looks similar to Career Builder, followed by another site that looks like NBC’s news page, which directs the user to another black hole.  Other parts of the site are advertising referral links that are generating the owner additional income.  They will also accept personal information and credentials.

LinkedINSpammer2If you dig deeper through LinkedIN you notice that the problem isn’t limited to single accounts but dozens of similar sounding members who all work for the same company.  A company named “SynergeTech” actually did exist at one point, but has since shut down.

In an effort to avert any detection from the spam filters within the social network, the scammer simply fabricated a company and a network of employees.  In fact, each employee targets a different vertical market and list of LinkedIN Groups.  These ads and others that are running daily targeting banking, retail, healthcare and government.

The domain is owned by someone in New Delhi, however the site’s terms and conditions point to Moscow, Russia. It is clear that they are working job seekers to identify money mules as well as key individuals within high value targets.

Since social networks are highly dynamic and proprietary environments new opportunities surface everyday to defraud consumers and business.  Educating your staff on these types of issues in social media is becoming increasingly important.  Many say “this is why I don’t allow social media in our office” or “we don’t put our company on Facebook”.  This is a head in the sand mentality. Even if you are not actively engaged with your customers online, the adversary most likely has plans to approach them on your behalf.  Just like monitoring a network for threats, brand monitoring has become a priority in security.