LinkedIn is, of course, a powerful social network that delivers many professional benefits to its users. At the same time, however, it also provides criminals with great opportunities: by connecting with you, people gain access to all sorts of information about you and your colleagues — information that evildoers can easily exploit in order to impersonate you or a colleague as part of efforts to social engineer their way into business systems, to steal money, or to commit other crimes.
One technique that criminals often use to gain access to people’s “private” LinkedIn information is creating fake LinkedIn profiles — profiles of non-existent professionals — and requesting connections with real people, many of whom are likely to accept.
Here is some advice on how to quickly spot fake LinkedIn accounts — and to avoid the possible repercussions of accepting connections from them:
Photo: Many fake accounts use photos of attractive models, sometimes targeting men with photos of women and women with photos of men. The pictures often appear to be stock photos, but sometimes are stolen from real users. If you receive a LinkedIn request from someone you don’t remember meeting, and the picture is of this type, beware. If you are in doubt, you can load the image into Google’s reverse image search and see where else it appears. You can also search on the person’s name and title to see if any other similar photos appear online, but keep in mind that a crafty impersonator might upload images to several sites. Obviously, any profile without a photo of the account holder should also raise alarms.
Premium Users: Some experts have suggested that Premium status is a good indicator that an account is real. While it may be true that most fake accounts do not have Premium status, some crooks have invested in getting it in order to make their accounts seem more real. So beware.
Connections in Common: Fake people are likely not going to have many connections in common with you, and there usually won’t be many secondary connections either. Sure, some of your connections may have fallen for the scam and connected with the fake person (that may be how the fake person found out about you in the first place), but the number of shared connections is likely going to be relatively small. You also know your connections — exercise extra caution when someone’s connection patterns do not make sense; you might want to think twice, for example, if someone trying to connect with you seems to know nobody in the industry in which he/she works, but knows three of your most gullible friends.
Group Activity: Fake profiles are less likely than real people to be members of closed groups that verify members when they join, and are less likely to participate in discussions in open groups. They may be members of many open groups — groups that were joined in order to access member lists and connect with other participants with “I see we are members of the same group, so let’s connect” messages. Also, keep in mind that real people who use LinkedIn heavily enough to have joined many groups are likely to have filled out all of their profile information — so a connection request from a person who is a member of many groups but has very little profile information is suspicious. Also, keep in mind that being members of the same group as someone else is not, in any way, a reason to accept a connection from him/her.
Industry and Location: Common sense applies here. If, for example, you work in technology and have no pets, and receive a connection request from a veterinarian living halfway across the world whom you have never met, something may be amiss.
Recommendations and Human Activities: Many fake accounts seem to list cliché-sounding information in their work experience section, but contain few other details that seem to convey a true human experience. Look at the content in the Recommendations, Volunteering Experience, and Education sections — does something seem off? Note that the content in these sections may also provide terms and phrases that you can Google search along with the person’s name to help verify whether or not the account attempting to connect with you really belongs to the human being whose identity the profile alleges to represent.
Endorsements: Fake people are not going to be endorsed by many real people. And the endorsers of fake accounts may be other fake accounts that seem suspicious as well.
Similar People: If you receive many requests from people with similar titles or who claim to work for the same company, and you don’t know the people and are not actively doing some sort of deal with that company, beware.
Work Experience: Some fake accounts have work histories that don’t make sense. People who seem to have been promoted too often and too fast, or who have held too many disparate senior positions (e.g., VP of Sales, then CTO, then General Counsel), may be too good to be true. There are, of course, real people who “move up the ladder” quickly, and there are folks (including myself) who have held a variety of different positions throughout the course of their careers, but scammers often “overdo it” when crafting the career progression or role diversity data of a bogus profile.
Number of Connections: A senior-level person, with many years of work experience, is likely to have many connections. The fewer connections such an account has (the further it is from 500), the more suspicious. Of course, every LinkedIn profile started with 0 connections — so legitimate, new LinkedIn accounts may seems suspicious when they truly are not — but practical reality comes into play: How many of the real, senior-level people who are now contacting you didn’t establish their LinkedIn accounts until 2018? (Of course, a small number of connections and a new LinkedIn account is not abnormal for a person who just started his or her first job.)
Cliché Names: Some fake profiles seem to use common, flowing American names (e.g., Sally Smith) that both sound overly “American” and make performing a Google search for a particular person far more difficult that doing so would be for someone with an uncommon name. More often than occurs in real life, but certainly not always, bogus profiles seem to use first and last names that start with the same letter.
Level: Requests from people at far more senior professional levels that yourself can be a sign that something is amiss. It is certainly tempting to want to accept such connections (which is, of course, why the people who create fake accounts often use senior titles for their bogus personas), but think about it: If you just landed your first job out of college, do you really think the CEO of a major bank is suddenly interested in connecting with you out of the blue?
Skill Sets: If skill sets do not match someone’s work experience, beware.
Spelling: LinkedIn is a professional site. Spelling errors in a name or in the name of a business (yes, some crooks have made such mistakes), or the use of lower case letters at the start of a name, are suspicious. If you have any such mistakes in your own profile – fix them ASAP.
Contact Info: Fake people are far less likely than real people to have email addresses at real businesses, and rarely have email addresses at major corporations.
Keep in mind that none of the aforementioned clues operates in a vacuum or is absolute. The fact that a profile fails when tested against a particular rule, for example, does not automatically mean that it is bogus. But applying smart rules should help you identify a significant percentage of fake accounts, and save yourself from the heartache that can ultimately result from accepting connections from them.