February 12, 2019

– written by The Defence Works’ MD, Eddie Whittingham

Like many of you reading this article, I’m a very active user of LinkedIn. It’s hugely valuable tool in keeping up to date on industry news, trends and connecting with like-minded professionals. In fact, I’ve built up some great relationships with people on LinkedIn without having met them face to face (I know, it’s naughty and I’m very sorry).

Sneaky LinkedIn Requests

That being said, LinkedIn has a huge problem with fake profiles – which, in turn, puts our personal data at risk.

Take today, for example. I came into work this morning and found I had the following connection request:

On first glance, this didn’t seem too unusual. After all, I’m a former copper and worked at Humberside Police. In fact, this “person” worked in Hull – so I’ve more than likely crossed paths with Steve and he’ll have found my account on LinkedIn because of that, right?

But, digging just 1 inch below the surface, all is not as it seems:

Steve, the dirty little dog, is a sure fire faker – masquerading as a police officer (and that’s an offence, Steve).

The warning signs

  1. Steve is camera-shy. Now, not everyone without a picture is shady, but in this case – it’s a red flag, together with the below red flags – that makes me suspicious.
  2. Steve only has 1 connection. At the time of writing, Steven only has the 1 connection. So, he’s a new user – and, despite me not knowing his name, I’m the first person he’s sought ought to connect with? Something’s fishy, Steve – and it sure isn’t the nearby Grimsby docks that I used to patrol (which you certainly never have).
  3. His experience (or lack of it) Steve’s only ever worked at Humberside Police – but he hasn’t included any details. There’s no summary, no description, no dates. It’s all a bit vague for me.
  4. There was no personal invitation. Hell, if me and Steve really had worked together and he’d really wanted to have touched base to reminisce about that time we locked up Pablo Escobar (we didn’t), then I’m pretty sure he’d have included a little personal note to say hello.

Now, this was just the warning signs present in this invitation I received just now. But, that’s not to say there might be other warning signs you’ll see in future. So, also be on your guard for profiles exhibiting:

  • Fake profile images. This is more common than you might think. In fact, I’m surprised that Steve didn’t at least try to include a picture of a real person. Often fake profiles will include images that… if you can be bothered to do a reverse image search, you’ll see it isn’t who they’re claiming to be.
  • Logic. Put bluntly, why might someone in Kuala Lumpur who works in a completely different industry be requesting to connect? Admittedly, they might be attractive – but I’m not sure that’s a good enough reason to give them access to your personal information.

Targeted attacks

Whilst there are a host of fake profiles out there simply trying to target the masses, you should also be careful of those that look a little more legit. Whilst I spotted Steve’s approach, had I been in a rush somewhere, perhaps I might have been inclined to connect with Steve – after all, we’ve clearly worked together at Humberside Police.

It’s important to remember that cyber-criminals often conduct targeted attacks, just like this – using information about you that will make you more inclined to click “accept”.

The kicker is that it takes just a matter of minutes to create a fake profile and pretend you used to be the President of the United States – and, quite frankly, LinkedIn aren’t doing enough to stop it.

The risks and reasons

There are a host of reasons someone might wish to create a fake LinkedIn account and here are just a few of risks associated:

  1. Identity Theft: by having access as a “connection” to your LinkedIn account, the person is likely to gain access to additional information about you – such as your email address, birthday and, dependant on your privacy settings, details of your connections, etc.
  2. Access to connections: I mentioned it above, but this is key here. A lot of users hide their connections from public consumption, so the attacker might target you so they can see who you’re connected to.
  3. Building a convincing scam: If an attacker knows more information about you, then the chances are they can build a convincing scam against you. Knowing you’ve recently interacted with person X, Y or Z? Well, that’s handy as now they can craft a perfectly timed email pretending to be that person and get their scam started to a roaring success.
  4. Phishing emails, ransomware etc: Building on point 3 – the attacker might forward through an attachment, either via LinkedIn itself or perhaps via a phishing email and, guess what? If you’re connected, surely they’re trustworthy? Be careful here.
  5. Email harvesting: It’s a classic. Using online tools, such as LinkedIn, purely to harvest email data. Why? Because email data can be sold and use to conduct more cyber-attacks going forward.
  6. Competitor?: OK, so I hope this one is unlikely but it’s certainly one to be aware of. Say you do hide your connections – perhaps your connections are largely made up of your clients? Now you wouldn’t want that information falling into the hands of a competitor, would you? So why are you adding someone you’ve never met?

Staying safe on LinkedIn

LinkedIn are pretty hot on deleting fake accounts once they’re reported but, unfortunately, they’re not quite so hot at preventing them being created in the first place. It takes just minutes to create a fake account, so without any more helping coming from LinkedIn themselves, we all need to do out bit and stay vigilant to stay safe.

Here’s my top tips to staying safe on LinkedIn:

  • If someone you don’t know requests you to connect – the general advice, is don’t. But practically (and professionally) there are a lot of reasons you might want to. Fair enough. Just do your due diligence. Are they who they say they are? Using the list of warning signs set out above, are there any red flags?
  • Will this connection give me any value? Ok, so it’s kind of cutting – but really, if Steve – who has no connections, who seemingly has only ever worked in the police and I even remember his name – will he bring me any value? Probably not.
  • Check out their profile. Don’t be afraid to dig around. Whatever you do, don’t just jump straight to the “accept” button without first looking on their profile. Had I seen Steve had only 1 connection on that very first screenshot, I needn’t have even checked out his profile in the first place.

Have you had a fake person try to add you? How did you spot it? What were the warning signs?

Stay safe people. LinkedIn might well be a professional network representative of the best of society (yes, you!) but it also includes the worst.

Stay safe out there people.

Share this: