Websense experts have analyzed a profile that lures users to a dating website

Nov 2, 2013 10:13 GMT  ·  By

Researchers from Websense have come across a fake profile on LinkedIn that’s apparently set up to lure users to a dating website. While the dating site itself doesn’t contain any malicious code, this might simply be the first phase of a sophisticated targeted attack.

According to experts, the fake LinkedIn profile, which already has over 400 connections, appears to belong to one Jessica Reinsch, who advertises a dating site for “younger ladies and mature gentlemen.” The account is actively interacting with LinkedIn members in search for potential targets.

The individuals behind this profile have registered a premium account. This offers them a number of benefits, including the fact that they can search for potential targets based on a larger number of filters.

In addition, premium accounts offer the cybercrooks greater capabilities when it comes to interacting with targets.

As noted earlier, the dating website doesn’t host any malicious code. However, Websense warns that it’s hosted on the same IP as other domains that do host suspicious code.

“We also see that IPs used to host the dating site are hosted within the same Autonomous System Number (ASN) as multiple Exploit Kit Command and Control URLs, including RedKit and Neutrino exploit kits,” Websense’s Carl Leonard noted in a blog post.

Experts believe the fake profile has been set up to gather intelligence on potential targets. The information posted on LinkedIn can be highly valuable for cybercriminals who plan on launching targeted attacks outside of LinkedIn.

For instance, the attackers could send their target an email in which they demonstrate that they know his/her job title, employer, connections and skills. This considerably increases the attack’s chances of success.

And since LinkedIn has over 259 million customers, there are plenty of targets to choose from.