Recently, I was sent an invite from someone who reportedly worked in the health industry as an “Information Security Manager”.
I instantly spotted this profile as being fake and reported to LinkedIn immediately. However, I later noticed a few of my connections had not, and invites were being sent to colleagues, with the perpetrator acting like a kleptomaniac, with the objective of trying to establish some legitimacy through reaching that magic 500+ connections.
It is becoming an increasing common tactic by recruiters, cyber criminals and fraudsters to build fake profiles to gather intel about potential targets, in some cases to great effect.
The fact remains, unless you are actively looking for fake profiles then it can be hard to spot – so I have decided to write this brief post to highlight some of the actions that can be performed to spot a fake profile.
1) The Profile Picture
Most, but not all, fake LinkedIn profiles will use either a stock image or use another photo from a blog or news site. This makes verifying if a profile is fake easy through the use of image reverse search – one of the tools I use is TinEye, especially the Chrome/FireFox extension(s), which through a quick right click of a mouse, the origins of the image can be validated. Below is a brief example of this:
Below is another suspected fake profile….
Figure 1: Potential Fake Profile
Using TinEye reverse image search, we find there are two results, none of them relating to Nikita.
Figure 2: Reverse Image Search.
Figure 3: Original Image
The origins of the image are from an Indian Actress Tamanna Bhata, which provides some evidence that this profile is not genuine. But before an opinion can be fully formed, there are some other checks that should be performed.
2) Profile Activity
If a profile has more than 500+ connections then it can be difficult to verify the validity of the profile. There are a few indicators for a fake profile, one of them being the profile activity.
Has the person posted anything recently, such as an article? Have they liked anything – does it relate to their industry? If they are linked to a company, are any of their connections actually working at that company? This is usually a big give away!
Figure 4: Updates – show there is very little activity.
Another useful technique is to review the number of connections, and most importantly how many are new and shared; this will be an indicator as to whether the perpetrator is trawling connections and sending out blanket invites.
4) Reverse email lookup
If the profile has displayed their email address in the profile contact settings then this can be quickly searched on tools such as Email Sherlock and Pipl to validate if this email is genuine and linked to the actual hacker or multiple social media accounts.
In this example, unfortunately, this email address is only used on this fake account.
5) Report the account and share with connections!
Finally, if you suspect the account is fake then report it to LinkedIn and share with your fellow connections.
I reported this account immediately and while I have been waiting for LinkedIn to remove, I have been monitoring this profile for over three days, and in that time the account has amassed over 400 connections, and is growing at an exponential rate.
So in summary, there are a lot of fake profiles on LinkedIn, however, with some of the techniques shared in this post, they’ll become easier to spot.
Note: If you know of any fake LinkedIn profiles, why not share them here in the comments.
About the Author:
Stuart Peck has over 10 years in Information Security, and is currently the Cyber Security Strategist for ZeroDayLab ltd, and responsible for Threat Intelligence, Advanced Malware research, Security Awareness Training, and Pre-Sales of services and solutions. Stuart assists Executive IT leadership and Information Security Management in creating and developing a holistic Cyber Security Strategy underpinned by Governance and Proactive Threat Intelligence. Stuart is also an Advanced Malware enthusiast.