Security researchers have discovered a whole network of fake LinkedIn profiles that are self-referencing and convincing in their scope and means to trick real LinkedIn users with social engineering hacks.

Researchers are at Dell SecureWorks Counter Threat Unit have uncovered a bunch of fake LinkedIn profiles that are set up to scout and target potential victims through social engineering exploits. Most of the legitimate accounts that are linked to the fake accounts belong to users in the Middle East, according to the report.

Altogether, the group of security researchers have identified 25 fake LinkedIn accounts that can be split into two categories:

Fully developed personas or profiles, the Leaders.

Supporting personas or profiles aiding the leaders.

With substantial detail embedded, researchers believe that the malicious actors behind the fake profile have invested plenty of time in the setting up and the maintenance of the profiles.

Expanding on the ‘Leader’ profiles, the report adds:

“Profiles for Leader personas include full educational history, current and previous job descriptions, and, sometimes, vocational qualifications and LinkedIn group memberships.”

Some of the findings to conclusive prove that the profiles were indeed fake include:

Profile photographs linked to multiple identities across different websites, including adult websites.

Summary sections in faked profiles are similar to those of a real profile. Furthermore, the employment history in a faked profile matches that of a resume available for download on a recruitment website.

Detailing the ‘supporting profiles’, the report notes that:

“Profiles for Supporter personas are far less developed than for Leader personas. They all use the same basic template with one simple job description, and they all have five connections.”

Essentially, the supporter profiles are set up to provide skill endorsements for the leader profiles on LinkedIn.

The aim of the entire ‘operation of pretend’ is to identify and then research victims with potential for spear phishing campaigns and luring them to malicious websites.

A predominant majority of targeted users include professionals in the telecommunications industry. A minority of targets have been found to work for Middle Eastern governments and other military and defense organizations in South Asia.

The hacker group behind the fake network of profiles is believed to be from Iran.