Security researchers have identified 25 faked accounts at LinkedIn Corp.’s (NYSE: LNKD) social media website and attributed the fraudulent accounts to an Iran-based threat group. According to the researchers, the purpose of the network was to “target potential victims through social engineering.”

According to the report issued Wednesday morning by Dell SecureWorks Counter Threat Unit:

The level of detail in the profiles suggests that the threat actors invested substantial time and effort into creating and maintaining these personas. The photos used in the fake accounts are likely of innocent individuals who have no connection to [the hacker group’s] activity.

The researchers divided the personas into two groups, Leaders and Supporters. There are eight Leader personas, of which six had more than 500 social LinkedIn connections. The researchers said they found “compelling evidence that the Leader profiles were fraudulent,” including:

• One of the profile photographs is linked to multiple identities across numerous websites, including adult sites.
• The summary section in one profile is identical to the summary in a legitimate LinkedIn profile, and the employment history matches a sample résumé downloaded from a recruitment website.
• In another profile, a job description was copied from genuine Teledyne and ExxonMobil job advertisements.
• The job description in yet another profile … was copied from a legitimate job posting from a Malaysian bank … .

Five of the fraudulent Leader personas claim to work for Teledyne, another to be an employee of Korean conglomerate Doosan, a seventh claims employment at Northrop Grumman, and the eighth purports to be from a Kuwaiti petrochemical firm.

ALSO READ: Is There Really Too Much Competition for FireEye?

Supporter profiles were less complex, all claimed five connections, and all were determined to be fakes by using open-source research. Researchers suspect that the threat group used the Supporter accounts to provide the Leader profiles with an established network, which enhances credibility. Supporters also appear to have provided skill endorsements for the Leaders.

SecureWorks researchers determined that the threat group had identified 204 potential targets, including 39 in Saudi Arabia, 28 in Qatar, 27 in the UAE, 17 in Pakistan and 12 in the United States.

A complete list of the 25 fake personas is available as an appendix to the SecureWorks report.

The Wall Street Journal reported Wednesday morning that LinkedIn has removed all of the fake accounts.

Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.