Numerous security specialists have recently been targeted by LinkedIn accounts trying to map their social graphs. Several researchers received the LinkedIn invitations and one decided to investigate.
A so-called “recruiter” account used did not have an original logo, a Twitter account with an egg for a photo, and the source of the recruiter's photo was not located. After conducting reverse image searches on the recruiter's supposed colleagues and the recruiter herself via Instagram and other legitimate LinkedIn profiles, researchers discovered that the recruiter accounts were now gone.
As explained on Twitter by Yonathan Klijnsma, @ydklijnsma, this seems to be how these accounts operate. A tweet by Klijnsma said, “There's a group of fake recruiters on LinkedIn mapping infosec people's networks. Not sure what their goal is yet, just a heads-up to others.”
Researchers found that one of the recruiter's connections endorsed her for a bunch of skills that the account did not deserve based on published work history. When the connection was confronted about it, they admitted that it was a bad habit to give out endorsements without truly knowing the other person.
Researchers hope none of the security executives gave away any important details.