LinkedIn has become the world’s largest professional network, and with over 500million members worldwide, it has fast become the social network of choice for business professionals looking to connect and find new opportunities.
However, like other social media platforms, this rapid explosion in growth has attracted the attention of fraudsters and hackers who are keen to exploit this mass market to launch targeted scams.
LinkedIn provides these criminals with an absolute treasure trove of personal information that can be used to commit identity theft, or more often than not, used in the careful crafting of a spear phishing attack.
One of the easiest ways for these crooks to dupe unsuspecting individuals into falling for their scams is to set up a fake profile so they can get access to their personal information and map out their network connections. It’s been suggested there are as many as 33 million fake LinkedIn accounts in circulation, indicating the magnitude of the problem.
We all like to think we’d be able to spot a fake profile a mile off, but criminals will spend a lot of time making their profiles seem as convincing as possible to gain that all important foothold into a company they intend to hack.
Some of the more convincing fake profiles can have several hundred connections, a credible work history, former employers listed, skill endorsements, belong to several groups and follow a range of different companies and influencers.
However, the vast majority of fake LinkedIn profiles will display some give away signs that will indicate that all is not as it seems. If you think someone’s profile is too good to be true, there are a number of ways you can check the authenticity:
1. Profile picture
One of the main ways a fraudster will entice a victim to connect is by using the photo of a stunningly good-looking person. They tend to use stock images of models, or photos of lesser known celebrities. To check if the photo is legitimate or not, you can do a reverse image search using Tin Eye or Google’s Reverse image. These search engines will show where the photo originated from and where it’s been used. If the photo appears in lots of random places, there’s a good chance you’re dealing with a fraudster.
Criminals tend not to spend too much time focusing on the intricacies of a name which can leave us with some tell-tale signs that an account is fake. Common themes include spelling a name all in lower case /uppercase, double spelling within a name such as ‘saarahh’ or using a first or last name that starts with the same letter ex: ‘Brad Bentley’.
3. Suspicious Work History
Some fake accounts will have work histories that just don’t add up. It’s worth doing a quick scan through someone’s work history to check if there’s a natural progression in their career or if there’s any discrepancies that can’t be explained. This could include huge gaps in employment, random jobs, questionable promotions, or generic descriptions of jobs leaving you wondering what they actually do. It’s worth checking out their previous work history or doing a search on their current employer to establish if they work where they say they do.
4. Limited Connections
One of the main purposes of LinkedIn is to connect with more people from your professional network. A genuine profile will have a well-balanced mix of people and profiles among its connections. If an account has less than 100 connections, or you notice that all the connections listed are the same sex with fake looking profile pictures, there’s a good chance it’s a fake account. It's also worthwhile checking out if you have any shared connections to see if there is any credibility with the profile.
5. Lack of Personal Information and Engagement
LinkedIn is all about connecting with people and engaging with content that you find relevant and interesting. Profiles by real people will tend to reveal their interests, hobbies and recommendations. If the account lacks any real conversation or interaction with other profiles then it could indicate a fake account.
LinkedIn is an excellent platform to cultivate business connections but it’s also the perfect platform for criminals to gain quick and easy access to your personal data and valuable corporate information.
To avoid being scammed on LinkedIn; never accept a LinkedIn invitation if it comes via your personal or work email, use enhanced privacy settings, don’t click on suspicious links, never accept friend requests from someone you’re not familiar with, and be careful about sharing too much personal information.
Despite the increasing sophistication of phishing attacks there are a number of ways you can protect yourself online. MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime. Get in touch or further information on how we can help your business.