Page 1 of 1

Faked LinkedIn Profiles

PostPosted: Wed Feb 17, 2016 12:49 pm
by Dave Jensen
I don't know if this will trouble anyone here on the forum, but it's quite an issue for me in the business that I am in. There is now a great big increase in the number of fake LinkedIn invitations being sent by people with malicious intent.

I'm actually not quite sure what they would use this information for -- the info that shows up on a "connection" once linked. After all, I don't have my social security number or anything on there. But I do have my personal email address and some other stuff that would be for LI friends only.

There's a sleaze recruiting company (read "Resume Mailer") operation over in NJ that keeps coming up with fake biotech scientist LinkedIn profiles and mailing me connection requests. I have tried a few of these to see if they are listed as employees at the companies shown, and of course they aren't. They are identifiable sometimes by the photo used (looks like they get them out of a HS yearbook) and by the fact that even though it has hundreds of connections, it's got no referrals, no recommendations, and so on.

I have always been quite open about who I connect with -- if it helps both of us, why not connect? But now, after six attempts to get my network like this, I'm being much more careful.

Just an FYI,

Dave Jensen

Re: Faked LinkedIn Profiles

PostPosted: Wed Feb 17, 2016 2:46 pm
by Dick Woodward
I have actually run into something similar, and possibly worse. I am involved in an initiative to improve funding for early-stage companies, and we received a communication from an investment firm in the UK. When I went to check them out, I found that the e-mail address that was given by the contact (apparently high-level within the company) did not conform to the firm's standard pattern. When I looked up the contact on LinkedIn, it gave a physical address in Asia, and while the photo of the contact was the same, there were some cropping errors that convinced me that this had been copied from the real company's web site. In short, it was a stolen identity scam.

Dave is correct - be very careful!

Dick

Re: Faked LinkedIn Profiles

PostPosted: Wed Feb 17, 2016 2:52 pm
by Dave Walker
It's a shame, but I guess I shouldn't be surprised. A regular, non-paying LinkedIn user can see only those in their network (to a 3rd degree) or in groups they belong to. I guess if a bot connects with enough people, they have the ability to call up everyone's profile page? Is that worth something? It must be, or why would a "hacker" do it?

As a PSA, you can report fake accounts to LinkedIn: https://help.linkedin.com/app/answers/detail/a_id/61664

One nice bit of advice that circulated in my grad school years was to change the default "I'd like to add you to my LinkedIn network" text when linking with others. This will guarantee that you are not a bot, and also get whatever you say directly into the eyes of your interested person. The problem is that LinkedIn will send that canned response if you are not attempting to connect from someone's profile. Something to watch out for.

Re: Faked LinkedIn Profiles

PostPosted: Wed Feb 17, 2016 6:35 pm
by Dave Jensen
Dave,

I can't make that link work. Does it work for you?

Dave Jensen

Re: Faked LinkedIn Profiles

PostPosted: Thu Feb 18, 2016 6:42 am
by E.K.L.
Symantec did recently a feature on fake linkedin profiles here:
http://www.symantec.com/connect/blogs/f ... al-network

an excerpt, explaining what those fake accounts are used for:
"The primary goal of these fake LinkedIn accounts is to map out the networks of business professionals. Using these fake LinkedIn accounts, scammers are able to establish a sense of credibility among professionals in order to initiate further connections.
In addition to mapping connections, scammers can also scrape contact information from their connections, including personal and professional email addresses as well as phone numbers. This information could be used to send spear-phishing emails."

Re: Faked LinkedIn Profiles

PostPosted: Thu Feb 18, 2016 12:18 pm
by Ana
Last year I got a linkedIn invitation from a person I didn't know that was from a general non-profit patient organization. I work for a non-profit patient organization so even if I didn't remember that person I accepted. I thought maybe it was from some of the recent conferences I attended in the field. I noticed she had about 50 connections by the time I accepted.

A few days later I got a private message from that person through LinkedIn telling me they had decided to grant an award to the best non profit of the year and they were impressed with our work. It was very obvious the text was general spam-type of text with no specific mention to the person it is addressed to. It prompted me to contact them with our bank account number and details so that they could give us the award.

I felt stupid and went directly to LinkedIn to eliminate that connection. By then she had grown to several hundreds of contacts in just a few days.

So in that case the person was targeting a very specific professional population (disease non-profits!) with the goal of sending out a classical wealthy nigerian type of scam. I guess I could/should have reported that profile to LinkedIn. I just deleted the contact.

Re: Faked LinkedIn Profiles

PostPosted: Thu Feb 18, 2016 4:08 pm
by Dave Walker
Dave Jensen wrote:Dave,

I can't make that link work. Does it work for you?

Dave Jensen


Not sure why it didn't work for you -- it's just their help info, recently updated. I've pasted it below:



To flag inappropriate or fake profiles directly on LinkedIn, (i.e. profiles that contain profanity, empty profiles with fake names, or profiles that are impersonating public figures), please follow these steps:

- On the profile you want to report, hover your cursor over the Dropdown arrow next to Send a Message or Send InMail/View in Recruiter in the top section of their profile.
- Select Block or Report.
- Click the box next to Report.
- Select a reason for flagging the profile.
- Click Continue.
- Select Agree.

Re: Faked LinkedIn Profiles

PostPosted: Thu Feb 18, 2016 4:09 pm
by Dave Walker
E.K.L. wrote:Symantec did recently a feature on fake linkedin profiles here:
http://www.symantec.com/connect/blogs/f ... al-network

an excerpt, explaining what those fake accounts are used for:
"The primary goal of these fake LinkedIn accounts is to map out the networks of business professionals. Using these fake LinkedIn accounts, scammers are able to establish a sense of credibility among professionals in order to initiate further connections.
In addition to mapping connections, scammers can also scrape contact information from their connections, including personal and professional email addresses as well as phone numbers. This information could be used to send spear-phishing emails."


So interesting! Thanks for sharing, E.K.L.

I could imagine how deadly the proper spear-phishing email could be -- I know for a fact some executives cannot be found via email or phone lines, but check their LinkedIn accounts religiously.