27k unique visitors in the last 3 days

AI Bot Spams LinkedIn with Cybersecurity Posts

As you would expect, the US social network either does not know or does not care that it is a conduit for automated spam.

Every so often, Commsrisk needs to step back from the issues faced by comms providers to analyze how technology is changing the way information and misinformation about those issues is spread. This is one of those articles.

The following might look like the profile of a typical LinkedIn user who just wants to draw attention to their knowledge of cybersecurity.

This user also claims to have an impressive CV that involves working with several of Portugal’s leading businesses, and latterly with Europol.

As might be consistent with this profile, Alexandre Santos writes a lot about cybersecurity. And therein lies the problem. This account writes more than any human being could write. It writes more than any human being could read. On the day this Commsrisk article was written, the Santos account published 17 long posts about recent cybersecurity news within the space of a single minute. It published a batch of four more long posts about cybersecurity just 20 minutes later. Four other long posts had been published earlier in the day. 97 long posts had been published the day before, mostly in large batches.

The opening line of these posts follows a pattern. Here are some examples:

  • 🚨 Alert: The Evolution of North Korean Cyber Threats 🚨
  • 💻 Breaking News 🚨
  • 🚨 Cyber Alert 🚨
  • 🚨 Security Alert! 🚨
  • 🚨 🛡️ Cryptocurrency Security Alert 🛡️ 🚨
  • 💻🚨 New Attack Campaign Targeting Cloud-Native Platforms 🚨💻

Upon reading a sample of these posts, it soon became obvious how so many could be produced so rapidly. AI was used to re-word content scraped from the web. The output from the AI follows the same template every time. Some of the content is copied from genuine alerts issued by reputable authorities, some is taken from press releases promoting the products of cybersecurity vendors, and some is from miscellaneous tech and security news websites.

I was alerted to this account when LinkedIn’s algorithms recommended a post about IMSI-catchers, presumably because my account posts about IMSI-catchers on a fairly frequent basis. The recommended post was strewn with errors about how IMSI-catchers work and who makes them. Amusingly, it was evidently a poor re-write of an Electronic Frontier Foundation blog post that I had actually read the day before. Hence I was acutely aware of the anomalous use of American terminology for a post supposedly written by a European expert in cybersecurity. Furthermore, police forces around Europe use IMSI-catchers, as should be appreciated by any security analyst working for Europol, but the post was written from the perspective of American privacy activists who accuse the police of repeatedly breaking the law when using IMSI-catchers for surveillance.

If Alexandre Santos is a real person employed by Europol then it follows that he should be fired. This account is not only recklessly spreading misinformation about cybersecurity, but it also attacked the work done by police. However, I think it is highly unlikely that there is any real person matching this profile who works as a security analyst for Europol. If nothing else, the actual user behind this account must be spending most of their time nursemaiding AI bots that flood social media with crap instead of doing any actual job.

It goes without saying that I alerted LinkedIn to the creation of spam by this account, and they ignored my warning because they identified no issues. Social media companies talk a lot about battling misinformation, but they have very little interest in removing content unless the topic is a politically sensitive issue such as racism or terrorism or vaccines. A simple high usage control is all that LinkedIn would need to identify this account as problematic, but evidently they have no such monitoring control in place.

This account has followers who are genuine cybersecurity professionals. You might hope that professionals with an interest in cybersecurity will be better at spotting automated spam than other members of the public. They will need to be, because LinkedIn is not going to do anything about it.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email