Social media has become a near-essential way for people to stay in contact with each other. LinkedIn, the website that’s been connecting businesses, job seekers and recruiters since 2002, is no different. Some of the most active users are those who travel frequently, such as the sales person who is using LinkedIn to make connections.
Not all of LinkedIn’s reported 467 million users are who they appear to be. In some cases, these may be innocent duplicates—for example, my aunt who somehow ends up with two accounts on every website, making it extremely difficult to remember which Facebook profile she’s using these days. Others are more nefarious—hackers creating believable LinkedIn profiles to steal you or your company’s information.
The scheme is a simple one that takes many forms. A hacker creates a fake profile. He or she attempts to connect with other people. Once connected, that hacker is able to send direct messages with links that redirect you to websites that contain phishing scams, malware or other tracking methods intended to steal your information.
Some hackers are pretending to be part of your company. If you work for a larger corporation, you probably don’t know each and every employee. When Jim Jameson who claims to work for your company reaches out to connect on LinkedIn, you may not want to reject a fellow employee. But do a double take. Jim’s innocent LinkedIn message sharing that great article on “5 SEO Mistakes Companies Make” may not be what it appears.
What Hackers Want
Creation of fake LinkedIn profiles could have many purposes. Jim’s link may direct you to a virus that will infect either your personal computer or your work computer and work network. Jim’s link may direct you to a website that phishes for your passwords or for personal information that can be used to impersonate you.
If our new friend Jim hasn’t sent you any messages, that doesn’t mean that you’re in the clear. By connecting, Jim has deeper insight into your profile. The information you’ve added about your job and responsibilities could give Jim data for corporate espionage. Furthermore, by connecting with you, Jim has gained credibility as he connects with more people in your industry.
If that sounds far-fetched, keep in mind that researchers at Dell SecureWorks Counter Threat Unit recently found at least 25 fake LinkedIn profiles operating out of Iran that had connected with over 200 legitimate profiles, including those belonging to individuals in the defense, telecommunications, government and utility sectors.
Spotting a Fake Profile
Where do you start when determining if a profile is real? Fake LinkedIn profiles tend to use professional photos lifted from other websites. If Jim looks like he just stepped out of a stock photo, consider using Google’s reverse image search. Sure, maybe he moonlights as a model, but let’s check before accepting his connection request.
Does the experience match the job? Fake profiles frequently copy their information from a real person’s profile. It’s still worth evaluating whether a recent graduate really could jump to Vice President of Finance for well-known company. (Probably not.) Does the person’s career path make sense? Are they jumping between unrelated, highly specialized fields?
Look for missing information. Do they list an Ivy League education but not include their major? Are they in any LinkedIn groups? If you’ve established a strong LinkedIn presence, it is a bit strange to omit your specialty at Yale, even if that B.A. in Music Theory isn’t applicable to your current job in Marketing.
What to Do if You Find a Fake Profile
Report it to LinkedIn. You must file a formal complaint using Notice of Inaccurate Profile Information. It may take a while. At the time of this post, LinkedIn has a notice posted that there may be a delay in their response due to a high number of reports.
The next time you’re waiting for your flight and are flipping through your LinkedIn connection requests, think twice before you hit that check mark. It could save you and your company from a great deal of trouble later.