The platform has recently seen a surge in fake accounts and has more steps to identify and remove them. In 2021 more than 15 million accounts were removed because they were thought not to be genuine.
A recent mysterious trend has seen a raft of fake accounts for high-profile cyber security roles at blue chip companies flooding the platform. The reasons and origins of these accounts are unclear but it highlights that users need to be vigilant about which profiles they interact with on the platform.
The motivations for making a fake profile could be relatively innocent, such as market research or keeping tabs on your competitors, but more often than not, there are criminal intentions behind it. Some of the more common reasons for making a fake profile are as follows:
A fake profile offers a way in for criminals looking to infiltrate your organization. If they can strike up a conversation with members of your team, they might be able to extract important security information.
Sending messages to Linkedin connections containing links to malware or other malicious software that unsuspecting users may click on.
Creating fake accounts with real people’s details can be one step on the road to stealing identity in order to apply for loans, credit cards or other services.
Creating a fake profile and making lots of connections can be an effective way for someone to harvest dozens of email addresses for use in spamming campaigns.
So we know the reasons why fake accounts exist, but what are the best ways to spot and avoid them? There are a few telltale signs that can be used to identify suspicious accounts:
If the profile picture doesn’t match the headline or the profile description or if there is a discrepancy in pronouns used between sections, that’s normally a sign that something is not quite right.
If someone’s profile picture looks like something taken from a stock image library, that’s a red flag. Another sign to look out for is if something else looks slightly odd with the picture – maybe the lighting or the eyes, for example. This might mean you’re looking at a computer generated image.
It would be slightly strange for a senior executive at a major international company to have a short work experience. Normally that sort of position comes with a career history dotted with similar roles and a clear trajectory of different jobs. If someone has jumped straight to an executive position without climbing the corporate ladder, it might be a sign that something is amiss. Of course, it’s certainly not impossible and it does happen but it might be worth looking into such stories with care.
Conversely, If someone reaching out to you to connect has a long and storied work history, but only a few recent connections, you might wonder why. Of course, they could have only joined the platform recently or might have decided to become more active and expand their circle of connections, but it’s worth stopping to consider the motivations of people reaching out to you.
Follow your instincts and don’t just add people blindly to add to your network and visibility. If the writing sounds a little off or the picture just makes you look twice, just spend a little extra time and do some research before accepting the invite.
No single one of these points on their own is definitive proof of a fake account, but it’s worth considering each one as something of a red flag. If you notice two or three red flags then there’s a good chance that the profile isn’t genuine. As with all social media, the best advice is that if you haven’t met the person yourself, or been introduced by someone you trust, always be wary. Quality is preferable to quantity when it comes to LinkedIn connections.
A common issue faced by many companies is the appearance of phantom employees incorrectly claiming to be employed at your organisation. Most often this is a genuine mistake caused by over-enthusiastic clicking on a drop-down menu when adding work experience, but it is also a technique that can be used by fraudsters attempting to socially engineer their way into your company and obtain privileged information. Unfortunately, as of now, there is no quick and easy solution to this issue. The advice from Linkedin remains to flag any instances to their dedicated support team and wait for them to remove the individuals concerned. A recent update released in 2022 allows you to verify new employees but as yet, this solution does not resolve issues with people who are already linked to your company. If any of the issues raised here gives you cause to think about your company’s cyber security preparedness, contact Penta and speak to us about our training courses and tools for protecting your company and employees.