Are fake profiles on LinkedIn becoming a thing? Is it just me or are there more faux profiles on LinkedIn than ever before? In the last week, of the 17 connection requests I’ve received, 2 have been fake, from people trying to be something they’re not. How many fake connection requests have you received? They’re usually fairly easy to spot, if you spend the time to review their profiles and you know what to look for. As usual, I’ll be covering not just what to look for but also why – what’s the motivation for being fake on LinkedIn?
Here are 3 fake profiles that tried (and failed) to connect with me. Would you have connected with them?
HOW TO SPOT FAKE PROFILES
Most fake LinkedIn Profiles share the same characteristics:
(1) Fake profile photo.
(2) Name oddities.
(3) No recommendations.
(4) Ivy league education.
(5) Implausible work experience.
Perfect or model photos are usually the first thing to raise my suspicion, if their photograph looks too good to be true it probably isn’t. Bad cropping is also a tell. Why would someone spend hundreds of dollars to get a professional headshot only to throw it on LinkedIn without caring about cropping/positioning? Because fakers spend the bare minimum amount of time building the profile and they do just enough to convince, that’s why. If you think someone’s profile pic has a stock image quality or if you think it doesn’t fit with the rest of the information on the profile, I recommend you do a reverse image search using TinEye (www.tineye.com) or Google Reverse Image Search (https://www.google.co.uk/imghp). If your hunch is right, you’ll see where else on the web that image has been used. TinEye has a handy Chrome extension and Amit Agarwal has created a wrapper of Google Image Search which works on mobile devices. Amit’s tool (http://ctrlq.org/google/images/) lets you perform a reverse image search from your phone, you’ll initially have to save the image you want to search on your iOS or Android device before you probe.
Fakers lack imagination when it comes to names. They’ll choose names which either sound bland or repetitive (“Jim Jackson”) or have weird spelling i.e “Deryk”. While some people may connect with people they don’t know on LinkedIn they won’t usually provide a recommendation to someone they don’t know or have not worked with. It’s foreseeable that some fakers will be able to get recommendations from other fakers/partners in crime but I have not seen this yet. They usually make mistakes in the experience section, mainly because they are not familiar with functions, titles and industries. Catch 22: if they don’t add enough work experience it raises flags and if they do, it usually trips them up.
I ran ‘Hazel’s pic through Google’s Reverse Image Search, she’s a popular pic.
Next up, ‘Deryk’. This scammer has a sense of humor – he’s using the photograph of Dr Johannes Caspar…
Herr Caspar is well known in Europe for challenging Facebook on a number of privacy related areas and most recently Facebook’s use of analytic software to compile photographic archives of human faces, based on photos uploaded by Facebook’s members. This has been problematic in Europe, where data protection laws require people to give their explicit consent to the practice.
‘Alex’ wanted a model pic and he got himself one…from a guy called Ryan.
‘Deryk’ overplays his hand by boasting of an MBA from Wharton followed by a Law degree at Yale. Complete bullshit. He spends almost 7 years as a Project Manager and then miraculously becomes an AVP, give me a break. Written by someone with nil comprehension of US corporate career progression.
‘Alex’ leaves a lucrative Geomatic Surveyor role for stints as a Volunteer Advocate, Travel Writer/Photographer and ends up as a Recruiter. Recruiter is a popular fake profession on LinkedIn because we tend to lower our guard for recruiter connection requests. Says he became a Recruiter in March 2014 but I have a screenshot which proves that he just added that role to his profile 2 days ago. Utter bullshit.
So why do they do it? What’s the pay off?
MOTIVATION (THE 7 SINS OF LINKEDIN FAKERS).
Instant seniority, having a CEO title carries more weight and opens more doors than being a Sales Rep. When people disguise their true identity they can sell without stigma or consequences. Linkedin data has value and is great for email list building. Accurate and current data fetches the highest prices. Imposters on LinkedIn have the ability to damage the reputation and prospects of competitors, they can also engage in corporate espionage with impunity. When a profile has been built with thousands of connections it can be sold to the highest bidder, similar to buying twitter followers. Assuming a fake identity lets lecherous LinkedIn types prowl for potential partners, like Ashley Madison but without the membership fees and risk of data breach. There’s a lot of info available on Linkedin, the contextual nature of that info gleaned when someone connects with you and your network, elevates it to intel status. Dell SecureWorks know all about this…
BECOMING MORE SOPHISTICATED
In October researchers from Dell SecureWorks Counter Threat Unit identified a network of at least 25 well-developed fake LinkedIn profiles as part of a targeted social engineering campaign against LinkedIn users in the Middle East, North Africa, and South Asia. The fake profiles were connected with 204 legitimate profiles belonging to individuals working in defense, telecommunications, government, and utility sectors. A quarter of the victims worked in the telecommunications sector in the Middle East and North Africa. Fortunately, the fake profiles have now been removed from LinkedIn. 8 of the fakes were what researchers call “leader personas” whose profiles are well designed and have hundreds of connections. Leader persona profiles include education history, job descriptions, and occasionally even vocational qualifications and LinkedIn group memberships, with some of the information copied from legitimate profiles. Ondrej Krehel founder and principal of LIFARS, an international cybersecurity and digital forensics firm has come to similar conclusions.
It’s understandable that the LinkedIn platform is designed to minimize the friction of joining, all you need is an email address. Could LinkedIn do more to prevent and delete fake Profiles? Possibly but even if they started blocking IP addresses, determined fraudsters would simply find another way, they’re basically playing whack-a-mole. It also takes a lot of time and resources to conclusively identify a fake. LinkedIn relies on crowd-sourced policing of fakes and when LinkedIn are presented with strong evidence of fakery, they do act. ‘Hazel’ and ‘Deryk’ have been shut down, ‘Alex’ is still at large, he’s added almost 250 new connections in the last 3 days. You can report fakes either on their fake profile or via the Help Center (http://bit.ly/helpcenterfakereport).
LinkedIn is a big fat juicy target for fraudsters looking to harvest professional grade data. They’ll connect with you to get your email and then they’ll connect with everyone in your network to do the same. LinkedIn gives fraudsters the semblance of credibility because you’ll connect with ‘Deryk’ because of the fact that he’s already connected with James, someone you know and trust. Weak ties on LinkedIn, the way we discover people and build relationships, are an easy route for scammers to infiltrate your inner professional circle. Fraudsters have used social networking for years. They cull personal information posted on LinkedIn and other sites to design targeted attacks which have a higher chance of success. A good example of this is the hijacked LinkedIn account scam when you get a LinkedIn message from ‘James’ saying that he’s stranded in X foreign country, wallet stolen, needing you to wire emergency funds. Or ‘James’ sending you a fake job advertisement which requires you to send him your SSN and other personal details (phishing attack). The trust we infer on LinkedIn can be used against us; we don’t think twice about clicking on that link from someone we’re connected to which turned out to be a virus. Crims know how we think and act.
I’m not surprised by people faking it on LinkedIn. What does surprise me though is the caliber of folks who are apparently being hoodwinked. When I see smart and socially aware people who I’m connected with, who frankly should know better – connecting with these fakers, it makes me question their connection strategy and I worry that they’ve let fraudulent types loose on their network. I understand the pressure to build a large network on LinkedIn but clicking on ‘accept’ from fake accounts has far reaching consequences and can seriously dent your reputation. My advice: slow down, take a longer look and don’t let fakes pollute your professional sphere.
If you liked this article, you’ll love my LinkedIn coaching. If you need help with your Summary, Profile or LinkedIn strategy, I can help.
Contact me now: firstname.lastname@example.org / 773.469.6600 to get started.
By Andy Foote