back to article Sexy sock puppets seduce security suckers

Phishers have been targeting security researchers with fake LinkedIn profiles built on re-purposed photos of models and company logos, according to F-Secure hacker Sean Sullivan (@5ean5ullivan). The threat-finding bod said that would-be recruiters, linked to a network of phoney cryptographers and security types, were …

  1. Anonymous Coward
    Anonymous Coward

    Where's James Bond?

    Wait, so these Black Hats intend to infiltrate and otherwise compromise the White Hats. So far so good. This attempt at seduction they task to.. virtual girls.

    Say what? Is our Thin White Line so easily subborned? Merely show a photo of some good-looker off the web and they GO FOR IT!?

    No, I prefer to believe that they are playing a deep game, and even this article is a part of that strategy...

    1. Anonymous Coward
      Black Helicopters

      Re: Where's James Bond?

      ...and even this site is...

      1. Anonymous Coward
        Anonymous Coward

        Re: Where's James Bond?

        Re: Where's James Bond?

        ...and even this site is...

        You didn't think Dabb'sy is that good looking in real life did you?

  2. Medixstiff

    They can't be that good.

    Do they even know about Google's "Search Google for this image" function in Chrome?

    1. Hans 1

      Re: They can't be that good.

      or tineye ?

  3. Kevin McMurtrie Silver badge
    Facepalm

    So, you're not saying that they're ALL fake

    Computer geeks know that one-in-a-billion events happen frequently.

  4. Michael Hoffmann Silver badge
    Facepalm

    Like SWMBO always says...

    ... there is nothing dumber than a man with an erection.

    1. Destroy All Monsters Silver badge
      Trollface

      Re: Like SWMBO always says...

      Women and miscreants rely on this.

  5. Anonymous Coward
    Anonymous Coward

    Further illustrates what a farce LinkedIn has become with endorsements for people they don't even know.

    1. Anonymous Coward
      Anonymous Coward

      I actually got one of these emails (I read my spam, I just don't follow links or open attachments or allow pictures or... you know the drill) but it came from LinedIn which automagically redirects to the junk folder.

      LinkedIn is useful only as a means of determining whether your mailserver is working since it sends about 30 bloody emails per hour. I never act on any of them. Anyone who has an actual professional reason to contact me can do so through work.

  6. David Roberts

    Please tell me they didn't endorse this account just to pretend they knew an attractive woman?

    Oh, never mind.

  7. Mark 85

    Well, sex sells.

    It can sell anything from the ads we see and history. It's part of Marketing 101, or should be. So why not do it for malicious purposes? How many "hey babe" spam emails show up in the spam folder? So why wouldn't it work on LinkedIn? Then again, who still uses it and regards it as a useful thing?

  8. Allan George Dyer
    Trollface

    Non-sexist security researchers?

    So the attackers think that security researchers totally accept intelligent women in good jobs and therefore won't become immediately suspicious of a profile featuring an attractive woman?

    Or the attackers think security researchers are absolutely starved of any female contact, overriding any suspicion?

    1. Elmer Phud

      Re: Non-sexist security researchers?

      I don't think they are that discerning.

      "Here's a pic of a pretty woman, click on it"

      Proof that LinkedIn really is just another Facebook.

  9. x 7

    where's sexycyborg when you need her.........this seems her kind of thing

  10. Anonymous Coward
    Anonymous Coward

    I don't have a LinkedIn

    But why would you add somebody you don't know?

    1. Destroy All Monsters Silver badge

      Re: I don't have a LinkedIn

      I don't know!

    2. Hans 1

      Re: I don't have a LinkedIn

      Dunno, I don't ... and I have a linked profile ... ;-)

    3. VinceH

      Re: I don't have a LinkedIn

      "But why would you add somebody you don't know?"

      Most of the time I can't even be bothered to add people I do know, so this concept baffles me.

    4. Phil O'Sophical Silver badge

      Re: I don't have a LinkedIn

      But why would you add somebody you don't know?

      I suppose if your other 4 connections are beardies with corduroy patches on their jacket elbows a pretty girl claiming to be a security researcher might pique your interest? I did get two connection requests from such accounts, but my inner cynic decided that not only did I not know them, no-one looking and dressing like that would genuinely want to connect with me for the given business reasons, so I flagged them as spam. Looks like I did the right thing.

    5. Anonymous Coward
      Anonymous Coward

      Re: I don't have a LinkedIn

      I am not massively advocating LinkedIn here, but the idea behind it is that you "network" with other people to learn more about things (normally jobs but YMMV) than you can find from your direct real-world network.

      Obviously this isnt for everyone and quite rightly lots of people dont have linkedin accounts. Same as facebook really.

      However, one thing I dont understand is people who have linkedin accounts but only network with people they already know. You dont need linkedin for that, you can just network with them as normal.

      Its a bit like going to a social / "networking" even in the real world but refusing to talk to anyone you dont already know. Kind of pointless really.

      1. Crazy Operations Guy

        Re: I don't have a LinkedIn

        AS a consultant, I've found it to be pretty useful. I keep in contact with various people at my clients so that I can predict when they'll need me again to work on their systems again (upgrades, capacity increases, etc) and keep a few weeks open for when their management calls me back. Then it helps again on-site in that I can ask my former co-workers if they've seen the problem I've been running into at the customer site.

  11. Graham Marsden
    Trollface

    Obviously...

    ... they need to improve their data validation and security.

    I suggest that, from now on, all profile pictures should be validated by the profile owner sending in a scan of their driving licence or passport to prove that it's them...

  12. Anonymous Coward
    Anonymous Coward

    Sorting out the wheat from the chafff

    Maybe this is from genuine recruiters looking for security researchers and is a test.

    A security researcher dumb enough to get caught out by this isn't one I'd want to employ!

  13. Anonymous Coward
    Anonymous Coward

    I had a invite from some agency linked-in person trying to recruit/spam me, and normally I'd just click delete as I plan to go off and play piano in a whorehouse as my next professional move as it'd be more honest a industry, but what caught my eye was the sender was using a yandex.com webmail account.

    I went onto linked in itself independantly and in fact I did have a invite from that person, so I sent them a inmail asking why a southampton security recruitment officer was using a russian web mail provider as curious minds want to know, and never received a response. Wonder if they're linked.

  14. x 7

    LinkedIn is a status object for sad git overpaid trainspotters.

    Basically its a list of how many jobs you've fucked up and been sacked from, skills you're not qualified for, and contacts who refuse to talk via normal means because they think you're a loser

  15. Anonymous Coward
    Anonymous Coward

    It's a Bottom-Feeding Parasite's Wet Dream!

    My overriding experience of LinkedIn is one of bottom-feeding, parasitic recruitment agents, merely wanting access to your network so they can continue to bottom-feed.

    Tell me, is there some kind of quota imposed by the recruitment industry that agents must try and hit?

    I can honestly say I've never had a job opportunity come from a recruitment agent on LinkedIn. Company CTOs, MDs etc. yes. Agents? Not a bean.

    Same with applying for roles on the job boards (JobServe et al.) I can't think of a single instance in the last five years where I got an actual reply for a role I've applied for through them. Then again, now I think about it, there's probably not much cross-over and demand for software engineers in the Picking Peanuts out of Poop industry!

    A cynical individual might start to think that most of the posted roles on the boards are just fishing for CVs to fill that all important quota.

    There was a time when people could obtain gainful employment without the need of these parasites!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like