Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security | Techno Glob

Someone recently created a massive fake LinkedIn profile for Chief Information Security Officer (CISO) plays a role in some of the largest corporations in the world. It is not clear who is behind this network of fake CISOs or what their motives might be. But fabricated LinkedIn identities are cluttering search engine results for CISO roles at major companies and are being indexed as gospel by various downstream data-scraping sources.

If one searches LinkedIn for the CISO of an energy giant ChevronOne can find a profile for Victor Sites, who says he is from Westerville, Ohio and a graduate of Texas A&M University.

A LinkedIn profile for Victor Sites, who is definitely not Chevron’s CISO.

Of course, Sites is not Chevron’s actual CISO. That role is currently held by Christopher Lucas of Danville, California. If you’re confused at this point, you can ask Google who Chevron’s current Chief Information Security Officer is. When KrebsOnSecurity ran it this morning, the fake CISO profile was the first search result (followed by the LinkedIn profile for the real Chevron CISO).

Helpfully, LinkedIn seems to be able to find something in common among all these fake CISO profiles, as the “People Also Viewed” column in the image above suggests I look at some of them. There are two fake CISO profiles suggested, including one for Marion Robles, who claims to be the CISO of another energy giant — ExxonMobil.

In Marian’s profile she is from Tupelo, Miss. tells here and includes details on how she became a self-described “old-school geek.”

“Since playing Tradewars on my Tandy 1000 with a 300 baud modem in the early ’90s, I’ve had a lifelong passion for technology, which I carried with me as Deputy CISO of the world’s largest health plan,” her profile reads. .

However, this description of Baltimore, Md.

Interestingly, Marianne’s LinkedIn profile was accepted as authentic by Cybercrime magazine’s CISO 500 list, which claims to maintain a list of current CISOs at America’s largest companies:

The fake CISO for ExxOnMobil was indexed in Cybercrime magazine’s CISO 500.

Rich MasonA former CISO at Fortune 500 firm Honeywell began warning his colleagues on LinkedIn about fake profiles earlier this week.

“It’s interesting the downstream sources that repeat LinkedIn bogus content as truth,” Mason said. “It’s Dangerous, Apollo.io, Signalhire and Cybersecurity Ventures.”

Google wasn’t fooled by Jenny Biller’s fake LinkedIn profile claiming to be a CISO at a biotech giant Biogen (The real Biogen CISO is Russell Coste). But Biller’s profile is worth mentioning because it shows how some of these fake profiles have been hastily put together. Case in point: Biller’s name and profile photo indicate she is female, however the “about” description of her accomplishments uses male pronouns. Also, it might help that Jenny only has 18 connections on LinkedIn.

Again, we don’t know much about who or what is behind these profiles, but the security firm in August in the market (recently acquired by Google) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from LinkedIn and, indeed, leading job listing platforms, as part of a broader scheme to land jobs at cryptocurrency companies.

None of the profiles listed here responded to requests for comment (or to be connected).

In a statement to KrebsOnSecurity, LinkedIn said its teams are actively working to remove these fake accounts.

“We have robust human and automated systems in place and are constantly improving, as fake account activity becomes more sophisticated,” the statement said. “In our Transparency Report we share how our teams and automated systems are stopping most of the fraudulent activity we detect in our community – about 96% of fake accounts and about 99.1% of spam and scams.”

LinkedIn could take one simple step that would make it much easier for people to make informed decisions about whether to trust a given profile: Add a “when created” date to each profile. Twitter does this, and it’s very useful for filtering out large amounts of noise and unwanted communications.

Former CISO Mason said LinkedIn could also experiment with offering something similar to Twitter’s verified icon to users who choose to verify that they can respond to emails on domains associated with their current employer.

“If I see that a LinkedIn profile is domain-validated, my confidence in that profile increases a lot,” Mason said, noting that several fake profiles have hundreds of followers, including dozens of real CISOs. Marin’s profile has grown by hundreds of connections in the past few days, he said.

“If we have CISOs who are falling for this, what hope does the public have?” Mason said.

Mason said LinkedIn also needs a more streamlined process for allowing employers to remove fake employee accounts. He recently attempted to remove a fake profile from LinkedIn for someone falsely claiming to work for his company.

“I shot a note to LinkedIn and said please take this down, and they said, OK, we’re going to have to contact the person and mediate this,” he said. “They gave the boy two weeks and he didn’t respond, so they took him down. But this does not add up and there needs to be a mechanism where the employer can contact LinkedIn and remove these fake profiles in less than two weeks.

Source link