LinkedIn Networking: Unmasking the Deception
I recently hosted a series of free webinars assessing the vulnerabilities of networking on LinkedIn due to the proliferation of fake profiles. I demonstrated a variety of such profiles from the very “obvious” to the extremely professional looking ones. I explained how these are often created by criminal groups as well as foreign intelligence services for the purpose of breaching the security of targeted organizations using a variety of social engineering techniques to manipulate people into performing actions or divulging confidential information.
For the benefit of those who did not have a chance to participate in the webinars, I want to highlight some of the key considerations. Just because a profile has 500 plus connections does not mean that it is legitimate. One of the first goals when establishing the fake profile is to quickly get connections which serves to enhance credibility. Just as having many connections may be deceiving, so are a large number of endorsements. Many people will automatically endorse someone if asked. Every time a LinkedIn member accepts an invitation to connect with a fake profile and/or endorses them for some specific skill, they are only serving to “backstop” a profile which may eventually be utilized to victimize other LinkedIn users and/or the organizations they represent.
Red flags when evaluating a profile concerning its legitimacy:
The name: If it is comprised of two first names like, “Brian James,” it is likely written by someone who is a nonnative English speaker.
Title: Does it make sense given the professional work history?
Location: While legitimate profiles usually provide a specific city, some fake profiles only designate “United States.”
Grammar: The “About” section should be clear and well written. Grammatical errors might also reveal that English is not the writer’s first language.
Academic and Professional History: Evaluate this as if you were interviewing this person for a job. Does the history flow well and make sense? Are there any oddities or significant gaps in time not addressed?
Profile description: If the description provided in the “About” section or portions of the professional history seem a bit generic, copy and paste portions into Google to see whether or not this specific language appears anywhere else on the Internet. Alternatively, cut and paste this text into the search bar within LinkedIn. Those behind fake profiles many times will utilize portions of other profiles in the creation of their own. It is easier to fabricate by making a collage rather than detailing a professional history within an industry where they may have little to no experience.
Volunteer Work: Fake profiles will seldom have anything listed under this category.
Interests: This can be very revealing. Legitimate profiles will usually have several interests directly tied to their professions. Fake profiles will typically incorporate Interests outside of their stated profession which may provide insight into the type of LinkedIn members they plan to target.
Profile photo: Many times, fake profiles will steal an image of an attractive person believing they will get more individuals to accept their invitation. Sadly, this tactic typically does work. Whenever analyzing a questionable profile, hover over the image and right click. Copy the image link. Then go to Google, TinEye, Bing or Yandex to conduct a reverse image search. Pull up the image search field and paste the image URL into that search box. You will pull up sites where that same exact image appears on the World Wide Web. If you see this same photograph utilized by someone of a different name, this is a super red flag.
Over the past weeks I have flagged several fake profiles which have invited me to connect. In all cases, I have found more than 45 individuals within my network who are already connected with the profile. I send each of them a note exposing this fake profile. Most of them decide to remove the connection.
Should you suspect a profile is fake, please feel free to forward to me the link to firstname.lastname@example.org. I would be happy to analyze it and if I am able to verify that it is fake, I can also help to expose them.