Independent security firm Symantec has revealed an investigation wherein a number of hackers are targeting professionals on LinkedIn.

An investigation by Symantec engineers has uncovered a large number of hackers posing with fake accounts on the professional network LinkedIn. The researchers found dozens of fake accounts across a multitude of industries.

The hackers have the objective of gaining the trust of business professionals on the network by posing as recruiters with fake accounts.

In a blog post, the security firm noted:

Boasting over 400 million users, LinkedIn is a prime target for scammers looking to connect with professionals in a variety of industries including Information Security and Oil and Gas.

A majority of the fake accounts have followed a pattern wherein the hackers portray themselves as self-employed professionals or fake recruiters for fake firms. The hackers also use pictures of women as their profile images. These images are usually pulled from stock image websites or stolen from real professionals on the network.

In a somewhat simple scam, the hackers also copy-paste the text as it is from real professionals’ profiles. To set the trap, the hackers also inundate their profiles with popular keywords for them to show up among the search results.

Elaborating on the discovery, Symantec researcher Dick O’Brien stated to the following to the BBC:

Most of these fake accounts have been quite successful I in gaining a significant network – one had 500 contacts. Some even managed to get endorsements from others.

Speaking to the publication, LinkedIn noted that the website routinely investigates profiles that violates its Terms of Service. Stipulations include false profiles which were duly removed, with the help of Symantec.

With the routine, the hackers ultimately set out to establish the notion of a credible profile among the professional network by adding to their connections and branching out in such a manner. These hackers can use the contact information from established connections for nefarious purposes. This includes siphoning personal and professional email addresses and phone numbers. Spear-phishing campaigns that could lead to the spread of malware and ransomware are also possible.

The security firm and the website encourage users who spot a suspicious and/or a fake account to report it.