Episode 19: Fake LinkedIn Account Spotted
As the owner of a LinkedIn group of almost 10,000 members, one of the tasks I have is to ensure the members are going to be good citizens. It is a geographically based group and as such I only allow members from Connecticut and the surrounding states into the group. One day I was reviewing pending members and a profile instantly hit me as a fake account.
Why though? And why would a fake LinkedIn account have any interest in a Small Business Networking group based in Connecticut? How do you spot fake accounts? Could it lead to pig butchering or some other nefarious activity?
Transcript of Episode 19 of the Human Element Podcast
People are the weakest link in any cybersecurity plan. We’re distracted, exhausted and often unmotivated. It’s time to change the approach used to protect our businesses, technology, identity and data, the human element has to be front and center in the war against data breaches and ransomware attacks, it’s time to educate.
Maybe you have maybe you haven’t heard of Sockpuppet accounts. Today, our social media accounts are fake. And I have a few of them, I have created a couple of Facebook accounts, a couple of LinkedIn accounts for the sole purpose of teaching other people how these things work. And it is a lot of work to create and maintain these accounts, a lot of work.
you create the accounts, you have to grow the followers, you have to have an email account to go with it. And when we create them, we don’t create them. With our own email accounts, we have to create these email accounts, it’s getting harder and harder to create fake email accounts.
With the normal services, we have to go out of our way to find another service to help with the email account. And it’s getting harder and harder to create the fake social media accounts. So what is the what are what are the cyber attackers? What are the bad guys do? What are the evil actors do to to create these accounts?
And I always get asked, Why would anybody be interested in my Facebook account or my LinkedIn account? And the answer is simple. They sell them on the dark web
window, I’ll create a video showing you where you can find them on the dark web. I’ve done this for Pay Pal accounts already.
And then they get reused. Because now you’ve already got the friends built in, you’ve already got the posts, you’ve already got the connections, and now they can
try to get other accounts and use those. And eventually, they’re gonna get used to try to con people out of money or people out of other things give up information, a lot of reasons that could be used. But it is easier to steal
an already created and maintained Facebook or LinkedIn account or Instagram or any other social media platform, then it is to create one maintain it. You have to build it up, you have to do all of these things you do with your own social media accounts, and it takes a long time.
Today we’re going to talk about just that.
Welcome to the human element podcast, visit our website at the human element dotnet for more content to help you strengthen your awareness of the people problem in cybersecurity. I am Scott Gombar, owner and Washtech a client focused, security minded, proactive IT service provider. This is episode 19. And I know what you’re thinking it’s been
almost three months since the last podcast and before that it was about a month. And I really do try to get this done as often as possible. But the business has been extremely busy. So we’ve been busy dealing with that.
I’m going to try to get back to this as often as possible. We’ve also been dealing with some other things. So
here we are. And what I want to talk about today is a face is I’m sorry, a YouTube video that I posted
a few days ago, as of this recording, in the video is about a fake LinkedIn account.
So I run I own it’s my group, I own a LinkedIn group.
For Connecticut, small businesses called Connecticut, small business networking is approaching 10,000 Members, we’re less than 200 away from 10,000 members.
And so of course, with a group that large, we get a lot of requests to join the group. And on this group and any other group that I manage, I filter the request and you’re not allowed to just join. If it’s a geo based group, I want you to be within close proximity of that of that location. So in the case of Connecticut, it’s Connecticut, Rhode Island, Massachusetts, New York. And if you’re not in those areas, I’m not most likely not going to approve it.
And so, because of that I have to go through dozens of requests almost daily
to approve the membership, and in some cases depending on the group also
have to approve the posts. And so it’s time consuming. And maybe that’s one of the reasons I don’t record as often as I should.
So I happened to be going through the request to join this LinkedIn group, the Connecticut Small Business Networking Group, I’m not trying to plug it or anything, but if you’re in Connecticut, go join.
And notice a profile that kind of didn’t sit right with me. And so I dug in a little bit.
And the profile used in image a profile image.
Not exactly the same. If you did a Google on I did do a Google reverse search on it.
It doesn’t come up, but very similar images come up. And I’ve seen these images and if you look at my my YouTube videos for pig butchering, and pig butchering is a scam where it starts off as a seemingly innocent text message saying, hey, and then use their own name and
some fake story and then eventually have you moved the conversation on WhatsApp and then eventually tried to scam you a romance scam. And we’ll get you to do in one.
video I recorded they were trying to get me to invest in cryptocurrency on a fake platform.
And but there are other scenarios that they will use buying stocks or
some some usually something along the financial lines, and you’re going to dump money into a fake platform. And that’s pig butchering. And this image on LinkedIn looked very similar to the images that were being used in this pig butchering scam. And if you want to see that just go to the Nightwatch. Tech YouTube channel, it is out and wash tech. And you’ll see the it is actually the most popular video on our YouTube channel.
often, I don’t know why but they often use very pretty Asian women. I don’t know the reason behind that. I don’t know if I don’t know what the logic or the reason they do that. But they do.
I saw this image, this profile image and look very similar to all of these pig butchering scams and all these other attempts at scams that I’ve seen recently. And a lot of them are directed at me. I get them a lot, a few at least a few times a month. And it’s always a very pretty Asian woman. And in this case it was same thing. And then I looked at the name The name didn’t match the name was
Khadija Kiana Fontaine.
But they merged Khadija and Qian and put it into one name. So it says Khadija, Kiana as one name and then Fontaine as the second to last name.
And I said this doesn’t sound right. If the name doesn’t match, somebody from India claimed to be from South Korea.
So that doesn’t sound right.
So I looked at the profile some more.
And of course, they said they went to school in South Korea graduated in finance and South Korea. Probably the scam they were going to try to do was based on
something in finance, I’m sure.
But then I noticed no followers, no connections, no activity on on this LinkedIn account.
And then I noticed that they, they, their job title was CEO of Goldman Sachs.
Okay, really easy thing to look up if you’re going to try to scam people on social media. Try not to use something so obvious, the CEO of Goldman Sachs, if I google that it’s going to come up instantly. It’s going to tell me all about who he who the person is.
All the details, how much they make, how old they are, what they look like, there’s going to be pictures. It’s a very high public figure.
And in this case, it was it is a white male.
Okay, so you’re trying to join a LinkedIn group
with almost 10,000 members at this as of this recording,
almost exclusively Connecticut and surrounding states. All the members are from those areas, and they’re almost all exclusively in small business.
things like that. Okay. So you’re trying to join this group. He clearly have a fake profile at this point. So I wanted to upload this recording on YouTube and I did took screenshots and I said, I wouldn’t be surprised if this profile was gone within a couple of days. Sure enough, two days later I checked in the profile is completely gone. No, no profile whatsoever.
Whoever under that name and even
says that you can try a different version of the name and there’s no results found. It’s gone completely gone. LinkedIn is pretty good about catching fake profiles, but not instantly, it sometimes takes a few days. So one of the things I’ve been telling people is if you get a random message on LinkedIn,
and it’s almost seems too good to be true, like, just, Hey, how you doing? They’re not trying to pitch anything to you. They’re just trying to start a conversation.
Don’t reply for a couple of days, and see if the profile still there. If it’s gone, you knew, you know right away that it was a fake profile.
So clearly, based on the name, Khadija Kiana
Fontaine, this is not
a Korean name. They either created a profile with a
fake name, or the more likely scenario is they stole the profile, they hacked it, for lack of a better word. Again, I don’t usually like to use the word hack as a negative word, because it’s not a negative thing. It’s a
helps hacking as a method of learning.
So the more likely scenario is they compromised and stole somebody else’s LinkedIn account and then used it to try to trick other people as an established account.
And they use it to try to trigger other people. So what better way to reach 10,000 People in near the New York area
than to join a Connecticut based small business networking group of people who would probably be very interested in growing their financial
So that was the goal here. And I’m sure had this person been allowed into the group, of course, they were denied. But had they been allowed into the group, they would have then
message people in the group and tried to start
probably a romance scam, that would be my guess.
And the romance scam would eventually get them to invest into something Goldman Sachs, you know, if it’s, if you believe it’s the CEO of Goldman Sachs, or even a high level executive at Goldman Sachs, and by the way, Goldman Sachs shows all their employees on our website
that this person was not on the website at all. But if you believe that they’re an employee of Goldman Sachs, you’re probably going to also believe whatever information financial information they’re given to you for free. Most likely, hey, invest in this, Hey, invest in that, here’s where you can do it.
There was another pig butchering scam that started out with
it wasn’t crypto was some other financial resource. And I can’t remember what it was now. But they were trying to take me to a fake platform, where in fact, I had to pay to be able to use the platform and then put money into it to invest into other items. So I can see where this would be stocks who Oh, that’s what it was. It was stocks, but not US stocks. It was not a country stocks. So I could see where
Forex might be used. I could see of course, crypto because it gets used a lot. Stocks here or in the US or in other countries, I could see gold or valuable precious metals.
Real Estate, all of these things could be used in a potential scam.
If you’re going to invest, go to reputable resources, things that
has every you can check out you can look into and find out the difference.
You know if you’re going to go to stocks, if you’re going to invest in stocks, hire a financial advisor in your area that you can meet with in person. If you insist on doing it on your own, then use something like e trade or td td trade I think it’s called something that has a reputation and go to that website manually. on a future episode, we’re going to talk about Cyrillic font and how that can be used to trick people in TD Bank.
Or e trade would be great examples because the Cyrillic version of a looks very similar to lowercase A in
American English and that’s how people are tricked into clicking on links in their email. They use a Cyrillic A you can purchase domains using that and then are tricked into going into a fake TD Bank with an A or E trade link. So this is why you manually type in E trade or TD Bank or whatever it is. TD Ameritrade, that’s what it is. Same Same thing.
All right. So
this person if they were allowed to join dyskinetic, a small business group, and from what I gathered on the profile, I don’t think they were in any of the groups. So this clearly was a recent attempt. And so I’m super paranoid. And I always assume that they are coming from me, I am the owner of the group, they can see that within a group, some maybe they’re coming for me.
Whenever somebody’s Facebook account gets hacked.
I assume that they’re trying to get at me, I own an MSP. MSP is our high value targets in the cyber criminal world because we have access to other business networks. I lock everything down. You wouldn’t believe the measures I take to make sure that doesn’t happen. And I’m very aware, acutely aware of of the scams that exist out there and how they tried to come for
managed service providers, financial firms, healthcare firms, health care, we’ll talk about in another episode today. It’s the most valuable records
on the dark web are healthcare records. And actually, I I was just showing someone this the other day where
selling healthcare records on the dark web. And were they were asking for more than anything else on the dark web now.
it’s not expensive in the sense that per record, it costs a lot of money, but they don’t sell per record. So in the 10s of 1000s, hundreds of 1000s, or millions of records, I know was 19 million breached records. Last month, in the month of mash month, yeah, the month of May
2023 19 million breached health care records.
So I’m paranoid. I pick up on it right away. But the average person on LinkedIn or Facebook or Instagram is not super paranoid. In fact, I know someone whose Facebook account was compromised. And here’s what they did.
They recreated the email address that was on the Facebook profile that they did not the face, the account owner didn’t maintain it.
The email address the domain was expired. The attacker purchased the domain, recreated the email and was able to reset the Facebook password because now they have the email address attached to the Facebook account. They then stole the account. And within a couple of days, I’m guessing because we, a bunch of people went and reported the account as as such as
I think stolen, I’m not sure stolen is the word they use on Facebook. But it was reported by numerous people. And so the account is now gone. But the problem is the account was
built up over years and the person owns a business and
it’s gone now, all their hard work is gone. So what what did they do with this account,
it was probably sold
on the dark web at some point, it wasn’t being used until it was gone. It’s possible that it’s just not searchable anymore on Facebook. But
this is why you have to do account checkups. This is why you set up multifactor authentication. This is why you have strong passwords. This is why you make sure you’re not using
expired email addresses or compromised email addresses. Do all of these things and make sure you have a secondary way of getting into the account.
In the event that it is compromised, and especially if you have Facebook pages, or groups that you manage as well, or LinkedIn pages and groups because it’s the same thing. If somebody gets my LinkedIn account, I have
I think three or four groups that I managed that I own on on LinkedIn and and probably the same amount on Facebook, actually is probably more on Facebook, and then the pages that I have access to. There’s a lot. And if you’re in the digital marketing world where you’re probably not paying as much attention to these things, you probably manage even more.
Pages in groups are high value. Think about it. If you have a Facebook group, or LinkedIn group with 10,000 members that you’ve built up trust with over many years. I think my LinkedIn group is
not sure how old it is, but it’s yours for sure, many years, and
I’ve built up a level of trust as the owner of the group.
There’s a couple of managers and then there’s me the owner of the group and we’ve built up a level of trust that we’re not going to allow just any junk in there. We’re not allowing just any person in there and that it’s all Connecticut or surrounding area.
And that is not going to be used as a as a resource for spamming the same in. I have a similar group on Facebook, for Facebook for Connecticut businesses, and that group that has almost 5000 members. And it’s the same thing. I don’t allow
people from outside of the Connecticut areas and Connecticut and surrounding area into the group and I don’t every post on there is checked, because yes, that for whatever reason, Facebook has a lot more of the scammy spammy type of posts, you know, the Amazon job offers that pay $35 an hour, you know, they’re not real.
So I’m very careful. But imagine now, if somebody was able to compromise my Facebook account, and then take over those groups, to a level of trust, that’s 15,000 people total, the level of trust that was built up over years is going to be shattered because my account has been compromised. And I’m going to go in there and do things that are not healthy for the group.
So that might be even more of a value to the cyber attackers.
So at the end of the day, how do you recognize these fake profiles?
Again, name doesn’t match the culture. So in other words, the the name wasn’t a Korean name. They had no activity, no followers, no connections at all, on their profile. They claim to have a job that they clearly did not have, you can almost every company
at least the high
visibility companies like Goldman Sachs,
that information is public, the CEOs of those companies and most of their employees is public. You can search it and Google it.
Those are some of the key
methods key ways to find figure out if a profile is fake. And if your account gets compromised, it’s because you probably fell for one of those fake accounts, or you have a weak password, or you’re you’re not maintaining your account, or you don’t have multifactor setup, these are all things you could do to
protect your account multifactor strong passwords. And if you’re not sure what a strong password is, it’s as many characters as possible I go at least 20 alphanumeric and special characters so upper lower numbers, make sure they’re all there multifactor authentication if you can, wherever possible, please use an app not text message your phone could be compromised.
Those are some of the things you can do to protect your account. Don’t click on links if somebody sends you a message saying hey this is this you in the video or Oh look who died or anything that’s going to to elicit a strong emotion. Don’t fall for step away, come back to it later. You some nobody should be telling you somebody died on Facebook. By the way, you shouldn’t be getting a message on Facebook say Hey, look who died. That’s not the right way to do that.
So hopefully this helps you go check out the video on YouTube. The link will be in the show notes. There’s only four and a half minutes so you can see what it looks like and then you can even search on LinkedIn yourself and see that the account is now gone. So until next time, stay secure.
And Happy Fourth of July.