LinkedIn Lures: Unmasking the Threat Landscape of Social Engineering Targeting Saudi Corporate Sector

In this session, we delve into our discovery of hundreds of fraudulent LinkedIn profiles impersonating employees of prominent companies in Saudi Arabia. We'll unveil the precise techniques we employed for detection, the key parameters we scrutinized, and our innovative automation approach.

Our journey begins with the revelation of the very first profile we identified, followed by an exploration of the recurring patterns observed among these deceptive profiles. We'll address the intriguing question of why LinkedIn has become a preferred platform for these malicious activities and outline the associated threats.

Our session provides a comprehensive proof of concept, shedding light on how threat actors utilize counterfeit LinkedIn profiles as an effective vector for their malicious intent. We will share examples of documented attacks that have leveraged LinkedIn in various contexts, including specific incidents within Saudi Arabia.

In addition, we'll explore the enhanced complexity brought by AI-generated fake profile images to these deceptive campaigns, a topic we'll address alongside the challenges of attribution, while also offering pragmatic solutions.

To ensure the utmost value for attendees, we'll conclude with actionable recommendations for bolstering defenses against LinkedIn-based threats. We'll also highlight LinkedIn's Work Email Verification Feature as a valuable tool in this battle.

The session will prove especially valuable for fellow corporate entities in Saudi Arabia, as our analysis has revealed them to be active targets.