MUMBAI, INDIA: Have you attached your resume on LinkedIn? Are more and more people looking at your profile? Are you getting calls for job interviews?
Well congrats, but no congrats… You are being victimized by a new gang of hackers which is targeting the info of the security professionals on LinkedIn. They are posting false vacancies!!
According to Sean Sullivan, Security Advisor, F-Secure, the recruiters' company -Talent Src or Talent Sources has an online presence. He says that the company has an official website but provides no useful information and a skimpy Twitter account that has last been updated in January (likely on the date when it was set up).
On LinkedIn, the accounts of the apparently fake Talent Src recruiters note that each one is dedicated to recruiting specific specialists working in a variety of security niches (automotive security, mobile security, etc, Sullivan remarks.
Explaining the modus operandi, Yonathan Klijnsma, Threat Intelligence Analyst, Fox-IT, shares, "They will send a general recruiter message with a profile picture of an attractive woman. The job will be relative to your job. After about a week they stop sending out new requests, the profile picture is removed and a bit later their name is changed making it hard to find these people. In about a month the accounts disappear, not sure if on purpose."
Also, a reverse image search for each of the images used on the profiles reveals that they have been taken from legitimate LinkedIn and Instagram accounts, and were simply flipped.