A new report details how a group of hackers, believed to be based in Iran, used fake social media profiles to gather information on military and political figures in the United States, United Kingdom, Israel and elsewhere.
Security experts at iSight Partners are calling it the most sophisticated cyber-espionage campaign they’ve ever discovered.
The ruse stretched over the course of three years, during which the hackers built fake profiles on Facebook, Twitter, LinkedIn and Google+ to get closer to their targets.
They even created a fake news website that reposted content from wire services and the BBC.
The hackers' goals remain unclear. According to iSight, they could have collected basic activities and locations, social networking updates, possible usernames and passwords from spear-phishing attacks, as well as other information from malware designed to extract information from targets.
The fake news site is registered in Tehran, Iran's capital. Content posted to the fake profiles occasionally referenced Iranian jokes or sanctions on the country.
iSight worked with the FBI to brief government agencies and its clients when it released its report. For the rest of us, it's a reminder: Don't trust everything you see on social media.