Scammers Impersonate Bank Exec on LinkedIn to Target Corporate Bank Accounts
Imagine you receive an e-mail from an unknown prince / political refugee – the classic Nigerian scam of the past 10 years. You wouldn’t fall for that, would you?
Imagine now a legit business proposal from a bank manager with all the credentials, work experience and peers. It’s not even disguised as a Nigerian operation – it’s a business proposition. And it’s on LinkedIn.
We got such a message from an individual impersonating Aziz Mohammad, a manager at a highly popular bank in Malaysia. A brief look at his profile revealed it was built using the visual identity and profile information of the real Aziz Mohammad, a third-degree connection.
The scam message is crafted generically, as it lays the ground for the con: a business proposal for people who have full control of the company, including the possibility to initiate money transfers. The contact information is, of course, an e-mail address that does not belong to the banking institution the impersonator claims to be affiliated with, but rather a disposable account set up with Yahoo.
LinkedIn is not the only social network where the attacker tried to impersonate the real Aziz Mohammad. He also set up a fake Facebook profile with the same information, as well as a picture of “himself” which is actually – and ironically – a picture of State Secretary Colin Powell watermarked “AP Photo.” Why would a legit user go for a stock photo for a profile image instead of simply taking a shot of himself?
Shortly after receiving the scammy message, we tried to engage the attacker and play his game, but LinkedIn rapidly pulled the profile (and his message history) off.
Why LinkedIn scams are more appealing than conventional Nigerian scams?
First of all, they weigh more than messages from an unknown individual. LinkedIn profiles are used by business people from around the world to find opportunities and get in touch with other people for business purposes. Shortly put, people perceive LinkedIn as a trustworthy source: if one contact’s job is listed there, it must be real, right? No. LinkedIn does not validate the position or company a person claims to work in, like Facebook does, for instance.
Secondly, scams targeting businesses bring much more money than small-time cons: a business can move more funds from one account to another without raising any red flag with the bank. A money mule, therefore, can be forwarded say a little under $10,000 which they then partition in small chunks and send to attackers via wire without raising suspicion. Regular accounts can only transfer way below $5000 in one shot before they get blocked for suspicious activity, not to mention that few individuals have saved so much money. And, to cyber-criminals this is the most important aspect: the most difficult part is finding the money mules – persons who are employed via work-from-home scams to receive money in their accounts and then forward it via Western Union or MoneyGram. Money mules are key to the business, as they are the ones who launder the money for the cyber-criminals, and also take the fall for the loss, so they can’t be reused for another con.
What’s to be done?
Don’t jump into a business opportunity directly, even if it appears to come from a highly regarded company or individual. If the conversation involves financial or personal information, call the company and ask for the person to discuss the matter via phone, or schedule a face-to-face meeting.