Do you use LinkedIn to connect with your professional contacts and to interact or look around for potential employment opportunities? If yes, then you must have surely received LinkedIn connection requests from some people unknown to you at some point in time. Most people assume that LinkedIn is a reliable and secure platform to meet new people. However, it has recently come to light that there are several fake LinkedIn profiles out there as well, which are used to connect with unsuspecting people and then gather their personal and professional information.
These fake LinkedIn profiles are part of well-designed social engineering campaigns that target people to get as much data on them as possible. Once connected with a target on LinkedIn, an attacker can see in-depth details about who they interact with, where they work and several other valuable pieces of information.
Recently, about 25 fake LinkedIn profiles were discovered in areas in the Middle East, North Africa and South Asia. They are assumed to be part of a wider cyber-espionage campaign that is aimed at individuals working in varied sectors such as Government, telecommunications, defense, energy, banking and more. In fact, it was found that these 25 fake LinkedIn profiles were connected to approximately 200 legitimate people from these backgrounds.
How to Spot Fake LinkedIn Profiles
While it is natural tendency to be more trusting towards people on LinkedIn, a fact that makes it easier for attackers to carry out social engineering and spear-phishing campaigns over the platform, there are a few simple signs for spotting fake profiles over the network. While it would be unwise to simply reject all connection requests from unknown people, here are a few things to look out for while accepting such connection requests.
1. Look for suspicious profile photos or stock photos used in profiles. The best way to detect a fake profile is to spot a fake profile picture. If you see a picture that is clearly a stock image then you should be cautious. See if the image matches the age and gender of the individual and if it looks clearly out of sync. Also carry out a reverse image search using a service like TinEye to see where the image originated from.
2. Study the work experience and the position of the unknown invitation. Do a quick scan through the profile of the person and see if you can spot some kind of natural progression through their career. If all you see is a number of high profile positions across different domains, then something must be off. Moreover, will you really believe it if you get an unexpected LinkedIn connection request from a Director at Microsoft or some other big corporation.
3. Have a look at the number of connections and endorsements an individual has. Ultimately, the purpose of LinkedIn is to connect with more people from your professional network and then endorse each other to improve credibility. So if you see a profile with a very low number of connections and endorsements then you should probably get a little suspicious and dig a little deeper.
4. See the kind of groups that the individual is a part of. Another great way to spot a fake LinkedIn profile is to see the nature of groups that the person is part of. Check to see if the groups have some connection with the person’s career, interests or field. If not, then you should be suspicious and should delve a little further to see if the profile is genuine or not.
So what do you do when you actually spot a fake LinkedIn profile? For starters, do not accept connection requests or click on links that they send you. Secondly, make use of the LinkedIn Safety Center to report fake profiles so that they can conduct their quality checks and remove these profiles from the platform. And as always, be aware and cautious and share your experiences with friends and family so as to enable everyone to avoid such instances.