Multiple LinkedIn accounts recently targeted numerous security specialists in an attempt to map their social graphs. Several of our researchers received these LinkedIn invitations themselves and Daavid from our Threat Intelligence team decided to investigate.
Here’s an example of one so-called “recruiter” account.
Areas of interest include pen testing and social engineering? You don’t say.
“Jennifer” supposedly works for Talent Src a.k.a. Talent Sources.
(Note its specialties.)
A reverse image search shows that Talent Source’s logo isn’t original.
And its Twitter account uses an egg. (Lazy.)
Here are Jennifer’s supposed colleagues…
Each recruiter account is focused on a particular type of specialist.
Reverse image searches of Alex, John, Monika, and Silvia yielded no results… at first. Daavid flipped the images and then located mirror copies on Instagram as well as some legitimate LinkedIn profiles. Reverse image search engines would do well to offer mirror searches as an option. We weren’t able to locate the source of Jennifer’s photo.
And now, Jennifer and the other recruiter accounts are gone.
This seems to be the modus operandi of whomever is behind these accounts, as Fox-IT’s Yonathan Klijnsma explained on Twitter.
(Or attractive male.)
Discouragingly, Daavid discovered that one of Jennifer’s connections gave her a bunch of endorsements for skills that the account clearly didn’t deserve based on the published work history. At least, not unless retailers are training clerks to reverse engineer software. When asked about it, the connection (an employee of a large US-based defense contractor) admitted that it was a bad habit to give out such endorsements without really knowing the other person.
If you look back to the employee list, you’ll see that “Hannah” was focused on security executives. Let’s hope none of them gave away any important details.