Blog

How to identify fake LinkedIn profiles has never been a more valuable skill than in 2023.

Why? Because LinkedIn is one of the most popular professional social networking platforms. More than 150 million people use it monthly to connect with colleagues, friends, and employers. This popularity makes it a prime target for scammers, who create fake LinkedIn profiles to steal valuable user information.

Recently, users managing company pages have noticed that people who don't actually work for the company are listing themselves as employees of that company. This is a prime example of a fake LinkedIn profile.

Today, our team of ethical hackers provides tips on identifying, avoiding, and reporting fake profiles or suspicious activities on LinkedIn. Let's get started:

How to Spot Fake LinkedIn Profiles

Fake LinkedIn profiles snoop around social media sites to collect personal information like names, addresses, and phone numbers. In addition, they promote fake job listings, tempting job seekers with attractive offers or enticing them to click on a link or download a virus. It takes a bit of intuition to detect fake LinkedIn profiles.

Knowing what to look for makes it a lot easier. If you are concerned about the validity of your LinkedIn connections, be wary of any account that offers inducements that appear too good to be true. Here are some tips to help you spot and deal with these types of profiles:

1. Getting invitations from the same people repeatedly: When you start receiving several invitations from people from a particular organization, except for special events, it is usually a symptom of fake LinkedIn profiles. In most cases, malicious players use the profiles of reputable companies like Microsoft, Oracle, and Bank of America, among others, to lure people.

2. Check the name and photo of the account owner: This step is crucial if you suspect the LinkedIn profile is dubious. In most cases, cybercriminals likely use different names and photos on their fake profile. If their address seems suspicious or they have listed the wrong phone numbers, it is a telltale sign of fraud. Check for inconsistencies or discrepancies in the information listed on the profile. Always confirm a connection request's identity and profile information before approving it. 

3. Suspicious work history: It is usually a red flag if a person’s academic qualifications do not support their work history. Scour through the person's work experience and traits. Also, make it a point to look up their current employer to ascertain they are who they claim to be. People often bloat their experience to draw a favourable first impression. Double-checking their credentials can help you evade malicious attempts to steal your information or save you from a well-organized scam.

4. Connections that are either too few or too numerous: Any profile with more than 100,000 followers should be approached with caution. While this is not a general rule, a cautious approach helps prevent security incidents. Confirm all the claims in the profile before accepting a connection request. Keep an eye out for conversations and updates. Professionals will participate in platform debates, while bogus profiles and non-professionals will not. 

5. Messages with exciting links: Some impersonators send a message along with their connection request. They may dangle appealing work incentives, keywords, or intriguing language in their messaging to urge you to trust them. It is conceivable that they will provide links and papers with more material related to what they are presenting. Before you open or download anything, ensure the user and offer are genuine. To spot a suspicious profile, examine the account's details, such as who the individual is and what company they work for. Send them an email with your inquiries. It is best to be polite and non-confrontational. If their response falls short of your expectations, you can reject it.

6. Absence of Participation: The purpose of social media is to stimulate two-way communication, so accounts without connections are frequently fraudulent. The lack of updates, content, and interaction with other community members are red flags. In addition, a fake account will not be followed back by anyone.

Why You Should Report Fake LinkedIn Profiles

If you stumble across a profile that you think may be fake or suspicious, you can report it to LinkedIn. Once you navigate to the Report page, simply click 'Report/Block' to file the report and the cause.

Why do this? To contribute to LinkedIn remaining a safe networking environment for you and your connections. Now more than ever before, professionals across all industries are falling prey to phishing attacks... and a key platform for this is social media.

Threat actors send emails, direct messages on LinkedIn, and links in order to tempt individuals into divulging sensitive information, credit card data, personal information, and login credentials. From there, hackers can log into LinkedIn accounts to pose as professionals and send phishing messages to connections to collect even more personal data.

Another common trend we see with fake LinkedIn profiles? Threat actors sending out emails that are spoofed to appear to be coming from LinkedIn itself. This is possible because the official LinkedIn site has several legitimate email domains, including linkedin@e.linkedin.com and linkedin@el.linkedin.com. This, in turn, can make it difficult for casual users of the platform to keep up with the authentic domains.

The Psychology of Social Media Phishing

The psychology of social media phishing (and why it's so crucial to know how to identify fake LinkedIn profiles in 2023) boils down to one baseline explanation: many professionals feel that, due to their experience and education, they would never fall for common phishing tactics.

This confidence, however, belies the fact that phishing tactics are ever-evolving...and that confidence can inadvertently lead to complacency.

Most individuals who become the targets of phishing are diligent, careful workers who keep a keen eye out for social engineering in their day-to-day. However, the human element of social media phishing can't be overlooked; any one of us can become stressed or rushed, leading to human error.

Here are just some 2023 phishing statistics that may surprise you:

• There are 75x more phishing sites as malware sites in 2023

• In 2020, phishing was the #1 complaint for both individuals and businesses

• The price of the average successful social engineering attack reached $4.1 million in 2022

• Social engineering attacks are taking, on average, 270 days to identify and contain

• 82% of data breaches contain a human element

• 90% of social engineering attacks target employees vs. technology

• CEOs are targeted 57 times per year on average by social engineering threats

Conclusion

LinkedIn is a terrific tool for networking and communicating with individuals in your business. Nevertheless, the range of popular social media phishing attacks is broad. By paying attention, you can secure your personal information and assets. Simultaneously, you safeguard other users against fake profiles. Be cautious while accepting LinkedIn connection requests, as some may be fraudulent.

Additionally, if you suspect someone you know has registered a bogus LinkedIn account, contact them, and ask if they have been misusing it before flagging them. With some simple precautions, you can keep yourself safe online and connect with the people who can add value to your business.

Looking for more actionable steps you can take regarding strengthening your security posture? Sign up for our free newsletter below or reach out to our team of ethical hackers today.