AMPYX CYBER

View Original

Vickie doesn't exist: Deepfakes in your LinkedIn

BY KERRY TOMLINSON, AMPERE NEWS

November 17, 2021

LinkedIn is for making connections. But you may be forming connections with fake people trying to break into your world and cause destruction.

We found a deepfake profile that's already racked up hundreds of potentially sensitive connections on LinkedIn. And she's still going.

Is she ---or someone like her --- on your connections list?

Watch here:

deepfake vickie

I received a connection request from a person claiming to be Vickie O'Shea-Fowler from Raleigh, North Carolina, CEO of a company called Data Smart Consulting.

Behind her vague smile, Vickie hides a secret. She's not real. Just a computer-generated face.

" Vickie's asymmetrical earrings are a dead giveaway aside from the uncanny-valley-esque smile," said deepfake researcher Max Rizzuto with the Atlantic Council’s Digital Forensic Research Lab. "Anyone who hides behind a false face likely has something to hide or an ulterior motive in mind."

She spread a broad net on LinkedIn, connecting with many people. Of special note, she's connected with hundreds in security and tech.

"It's disturbing," said Susan Embry-Busch, a contractor at Nike and one of the people on Vickie's connection list. "It concerns me about what the ultimate goal is."

Profile for Vickie O’Shea-Fowler on LinkedIn. Image: LinkedIn

Embry-Busch said looked over Vickie's profile before accepting, reviewing her work history, noting that she has comments going back at least a year.

"I thought, 'Oh, it looks like an established account,'" said Embry-Busch. "I thought it was odd that she had tried to link in with me, but then I saw mutual acquaintances. So, I thought, 'Okay.'

Where Does vickie work?

Vickie's profile may appear legitimate at first. But there is no Data Smart Consulting registered in North Carolina and no company website...

The Data Smart Consulting she links to in her profile is a small company that says it's in Morocco and has no one by that name Vickie O'Shea-Fowler there.

The next company in line on Vickie's profile, SD or SoftData in Ukraine appears to be out of business, with the website down and notifications about the shutdown on social media.

Vickie did not answer messages we sent through LinkedIn and to her listed email address.

1000+ connections

Vickie's profile, however, shows connections with top executives at big companies in security and tech, like the Chief Information Security officer at 7-Eleven, the Director of technology for AT&T, the Head of Security Architecture at Visa Europe, the Head of Data Security for Booking dot com, as well as many more chief officers in security, technology, information and more.

"Especially if it looks like they're focusing on security people," Embry-Busch told Ampere News. "A lot of these people that are connecting with --- that I'm connected with --- are very high up in security world, and very well connected. So, I'm wondering, what is her ultimate goal?"

"And especially, they're from another country," she added. "What does that mean about the security of our country?

TRUSTING YOUR CONNECTIONS

Cybersecurity professional Jon Shende, Co-founder of MyVayda.com, connected with her as well.

"I'm pretty finicky, and she probably slipped under my radar. Because, when somebody tries to connect with me, I look first at who are they connected with that I know," Shende said.

As Vickie gains more and more connections, she is more likely to appear real to the next person in line. More chances, Shende said, to send you a poisoned file or link, if she's so inclined.

"And you click on it, and immediately, that's it. She's in your system, because now she has installed malware on your system," Shende told Ampere News. "If you have to create a fake profile, right away I think it's malicious."

She may be spying on you or your company, stealing money from your bank account, controlling you or your work systems from afar, according to Shende.

"Somebody somewhere may have been hit with a ransomware because of this profile, if she is a malicious actor," he said.

Who's Behind the Fake Face?

Let's check her job claims more closely. If you click on her company listing for SoftData, supposedly out of business, it leads to a company called Pixoft.

It's located in Kiev, Ukraine, at the same address as the old company, SoftData --- and, it turns out, involving the same people.

One is Sergey Chumakov, who says online that he is a former co-owner of SoftData and now co-founder of Pixoft. Another is Christian Shpilka, who says online that he worked with SoftData and is now co-founder of Pixoft as well.

What's going on with deepfake Vickie? Chumakov and Shpilka did not answer our messages. And this may be one reason why.

More Fakes

Pixoft has more deepfakes like Vickie on LinkedIn, according to researcher Max Rizzuto.

There's John Lipt, claiming to be Manager of Sales at Pixoft, but with a deepfake, computer generated photo, a description paragraph borrowed from someone else, and a work history that seems to be a mix of Chumakov's and Shpilka's.

There's Christopher King, also claiming to be Manager of Sales at Pixoft, with a deepfake image and a similar history.

LinkedIn account for Viktoriya Kravets with a deepfake profile picture. Image: LinkedIn

Their colleague is Elizabeth Kravchuk, a deepfake who claims to be Pixoft HR Manager. And deepfake Victoriya Kravets, claiming to be Pixoft's Human Resources Recruiter, whose deepfake picture pops up in many fake LinkedIn accounts.

"How do we safeguard against that?" asked Embry-Busch. "Unless the platform can protect us, unless LinkedIn is looking for fake profiles, or LinkedIn is looking for deep fake photographs, how are we supposed to know, because that photograph looks real?"

LinkedIn

LinkedIn told Ampere News that it is against their terms of service to create a fake profile, and they enforce it with automated tools, human reviews, and member reporting. The company said it stopped 45 million fake or deepfake profiles at the time of registration in 2020.

But they did not answer all our questions. For example, can anyone go onto LinkedIn and create any account they want with whatever picture and whatever name and say they work at whatever company? LinkedIn did not answer.

"So, yes," said Embry-Busch. "Obviously, because we have Vickie here doing it."

Listening In?

What do Vickie and her creators want?

Attackers often scour platforms like LinkedIn for any talk of what kind of tech you use, any problems you have, anything to help them break in, Shende said.

After all, if attackers can find a way in to one software company, they may be able to  poison many more companies, as happened in the Solarwinds and Kaseya cyberattacks.

"LinkedIn is somebody's candy store," said Shende. "Profiles for information gathering. "

Some of Vickie's top connections, according to LinkedIn data, potentially making these companies more vulnerable to attack:

  • Credit card company Visa with 17 connections

  • Cloud storage company Amazon Web Services with 24

  • Software company Netsuite with 37

  • Netsuite's parent company, Oracle, with another 21

What to Do?

If you're one of the hundreds connected to Vickie, drop and block her, Shende advised.

“Other people are linking in with that person just because of you," Embry-Busch said. "You have influence and people are accepting it. So you're spreading the virus, because people are trusting you."

If you're connecting to people you don't know because you're trying to get big follower and connection counts on Linkedin, ask yourself this, Shende says:

"Is a number that important to you in comparison to the safety and security of your banking information, your personal information, your children's safety? Is it really worth it to put all of that at risk?" he asked.

How to Spot a Fake

We notified the big companies like Visa, AWS and Oracle Netsuite. We contacted many people on Vickie's connection list. Most did not respond and the majority appeared to stay connected to Vickie.

Sujeet Bambawale, Chief Information Security Officer of 7-Eleven, was one of the few who answered.

 "Thanks for letting me know about this," Bambawale said, "and for checking in. I appreciate it. I concur that deepfake profiles amassing traction and subsequent credibility on LinkedIn are a serious security concern. I have disconnected from this profile on LinkedIn.”

We hope the others recognize that LinkedIn and social media are not safe places to talk about things that are in any way valuable to attackers. Even if you’ve set your social media to private, you may not know if there is a deepfake already in your circle.

We'll have more on this case in the future. In the meantime, here are ways you can spot a deepfake image in your social media.

See more on deepfakes:

Three ways to spot a deepfake video

Four ways to detect a deepfake voice

Watch out for attacks from virtual people with phantom lives

See this content in the original post

Featured Stories

See this gallery in the original post