It’s hard to imagine today’s business world without LinkedIn as a social platform. Whether it’s sharing posts, networking with business partners, or acquiring new talent, LinkedIn is often the tool of choice. True to the idea of see and be seen. Anyone who wants to be successful strives for attention, recognition, and reach. This phenomenon also attracts scammers who take advantage of members’ open disclosure. Such fake profiles can have unpleasant consequences for companies. Find out what these consequences are and how you can protect yourself from them in this article.
Table of contents
The social platform LinkedIn was founded a good 20 years ago and now has over 750 million members worldwide. The network makes it possible to stay in touch with colleagues and business partners around the world and promotes knowledge exchange. LinkedIn has also become a valuable marketing tool and a far-reaching job platform.
As is so often the case, LinkedIn also has the problem that the well-intentioned offer is unfortunately also abused by scammers for their own purposes. There are many fake profiles on the platform with the ultimate goal of performing social engineering attacks and thus obtaining confidential information.
Uninvited Emplyees
In the past, there have been repeated reports of people on LinkedIn pretending to be employees of high-profile technology companies, even though they have never been employed there (see The Guardian). At Oneconsult as well, we have already had to detect such uninvited employees on the company page on LinkedIn, although when looking at their good references, one could certainly feel flattered:
A brief investigation revealed that this phenomenon is by no means an isolated case. Sometimes even identical profiles of fake employees can also be found on LinkedIn at other small and medium-sized enterprises (SMEs) that are active in the field of cyber security.
The problem is that any person can add work experience in the profile description on LinkedIn without it being verified. Thus, it is possible for a company to suddenly have supposed employees who have no connection with the company whatsoever. For an external user, it is not noticeable that this person is not employed by the company at all.
And this is precisely why this is dangerous. The goal of such a fake profile is to use a supposed relationship of trust to obtain information that would otherwise not be shared with a stranger. Such a social engineering attack can be carried out towards other employees, customers or other third parties. Another threat is possible damage to the company’s reputation if a stranger approaches third parties on behalf of the company or publishes, comments on, or likes posts. The danger that can emanate from shared posts on LinkedIn should also not be underestimated. Fake profiles can try to lure users to malicious sites, for example by a supposed registration for a webinar.
How to get rid of Fake LinkedIn Profiles
Even if the person has no malicious goals, but only wants to improve their own resumé, this is a nuisance for companies. At best, such fake employees are merely that, but at worst they pose a serious threat. LinkedIn is set up so that as soon as a person adds a new entry in the “Professional Experience” section, their profile is linked to the company page. It can take up to 30 days for these changes to show up on the company page. An incorrect link, whether done accidentally or willfully, can only be removed by the person who added the information to their profile in the first place. Even an administrator of the company’s site cannot do this. In such a case, one has no choice but to report the fake employee to LinkedIn (see LinkedIn Help Remove people from a LinkedIn Page). Unfortunately, this is currently the only option.
Reporting Fake LinkedIn Profiles
Reporting of false information provided by another LinkedIn member is done via the following link: https://www.linkedin.com/help/linkedin/ask/TS-NFPI. The form must be filled out truthfully with the following information:
- Link to the false account
- Name of the company (or even college/university) which was not correctly indicated in the profile
- An explanation of why this information is incorrect and is therefore being reported
- A digital signature
The report is then forwarded to LinkedIn’s Trust & Safety team for review (see LinkedIn Help Report inaccurate information
One protection mechanism LinkedIn has built in to protect itself at least somewhat from information theft is to block access to the “My Company” section. In order to view the information in this section, verification must be done using the business email address. Super admins of a company site can specify which domains are enabled for employee verification (see LinkedIn Help Verification and LinkedIn Help Domains).
Searching for Fake Employees on LinkedIn
Fake employees pose a threat to your business. LinkedIn has not yet implemented a solution to prevent this. Therefore, it is recommended to check the linked employees at regular intervals. This is, of course, a increasingly more time-consuming task as the size of a company grows, but it is well worth it.
The linked profiles can be viewed directly on the company page in the “People” section:
Another way to find employees is to search for the company on the LinkedIn home page and then select the “People” tab:
If the number of employees exceeds a certain threshold that no longer allows going through the list manually, it is recommended to automate this step. Exporting this list in CSV or Excel format allows it to be subsequently compared to the internal employee data of the HR department.
How to Recognize Fake LinkedIn Profiles
No matter whether you are a private person or a company on LinkedIn, it is always helpful to be able to recognize fake profiles. The following overview can help with that:
| Background | Recommendation | |
| Profile Picture | A user’s profile picture is not a valid indicator of whether the account is legitimate. On the one hand, images found on the internet can be used for a fake profile; on the other hand, it is already possible today to generate deceptively real images of a person using artificial intelligence. | A reverse image search (for example, via Google or TinEye) can be used to find out whether the profile picture has already been used in a different context with a different name. |
| Professional Experience | Any person can add any education and work experience to their profile without verification of the information. | Even if incorrect information is not directly obvious to another member, it can at least be checked whether the information makes sense chronologically and follows a certain logic. |
| Amount of Information | A well-maintained LinkedIn profile of a real person generally contains a certain amount of information to draw attention. A created fake profile may only contain the most necessary information about the person, depending on the effort that went into creating it. | It is worth taking a closer look at a profile. How many contacts does the profile have? Have skills, experience, and information about the person been added? It is also helpful to check the information for consistency, such as dates and locations. |
| Content | A real person usually interacts with other posts on LinkedIn at regular intervals and shares content themselves. Such behavior over a longer period of time is difficult for a fake profile to recreate or at least requires a lot of effort. | It is advisable to check whether a person shares posts themselves from time to time and adds a personal text to them. Are there any reactions to posts? How active is the profile? How is the writing style in direct messages? |
| Network | Even a fake profile must first establish certain contacts in order to appear legitimate. The type and number of contacts can give indications about the profile. | In case of an unknown profile, attention to how many contacts the profile has must be paid. Do common trusted contacts exist in your network? Does the profile have followers in addition to contacts? Has information been confirmed by other contacts? |
Of course, these are only indicators of a fake profile. However, when it comes to connection requests or personal messages from strangers, a certain level of suspicion is never amiss. If a supposed fake profile has been identified, it can be reported on LinkedIn (see LinkedIn Help Report fake profiles). This works via the menu “More” on the profile, where it can be reported or blocked. A pop-up window asks which information in the profile has been identified as false and why this profile is being reported.
Conclusion
Just like any communication platform, LinkedIn is not safe from attackers and scammers. This can include social engineering attacks or damage to the company reputation through fake profiles, as well as phishing and other scams, and malware. Attentive user behavior and regular checks of one’s own details and settings, whether private individual or company, is recommended. Actively reporting fake profiles can increase security for all members.
Do you still have questions or would like our support? Our Digital Forensics team is looking forward to hearing from you!
