Faking it on LinkedIn
Jun 04, 2014
I have a pretty daily routine when I get in to work. Grab a Coffee, piece of fruit, and fire up the computer. I check work email to see what I may have missed during the 6 hours I slept. Lastly I check my personal email. It seems that every day I receive an email notification from LinkedIn. It is always the same thing. Such and such would like to link in with you. I used to just say sure and move on with my day.
Then something strange happened.
I opened a profile that was sent to me from a recruiter in Boca Raton, Florida. I did not know anyone in Boca Raton, Florida. So I opened the profile. Sure enough I did not know her. I looked to see where she was working. It was not listed. Then I went to see if there was anything other than cursory information, nothing. She had 22 connections. I thought this was odd for a recruiter. So I politely said I did know this person and it at that.
The next day I received another invite. This person was also from Boca Raton, Florida. Ok that was odd. Different person but the profile was almost the same. Nope, as I pushed the no button and left it at that. The next day I received to invites. Yep, you guessed it, Boca Freaking Baton, Florida. These were fakes. So badly in fact that they used the young ladies picture from the first email with a different name!!! All were recruiters, but were they? What is going on here?
What are the Reasons for Making a Fake Profile?
There are lots of reasons a person would want to do this.
1) They want to disguise who they are, duh?
2) Gather e-mail addresses for spam lists, to impersonate an employee of a rival company and issue public insults in their name (hate campaigns)
3) OR use a fake profile to TALK to employees within your company pretending that they are employees of that company
4) OR to make a targeted spam list of a certain type of profile that they can sell. (once you link with someone they have your email and possibly your phone)
5) Appear more legitimate or more qualified than reality to get higher level people such as CEO’s to accept when they normally would not
These are just a few that I have found and can think of. I am sure there other more “interesting” reasons for doing this. Let’s look at some examples.
Ever Hear of Elaine Wherry?
This reminded me of the story of a brilliant woman, Elaine Wherry one of the founders of MEBO, Elaine found herself in a predicament. She had lost 2 of her internal recruiters and had a growing start up that needed talent fast. She wanted the best recruiters she could find to join her cause. So, she made up a fake profile of a developer to use on LinkedIn in order as bait for recruiters. She called it the Honey pot, and it worked great! She had over 300 recruiters reach out to her and many with good opening lines. She was able to hire the people she wanted no harm no foul, right? Well in this case she did not do anything wrong really but the fakers out there are doing this for a different reason.
Ever Hear of Robin Sage?
What’s the problem with a fake profile anyway? Everything if you are connecting to the wrong person. We are WAY to open to people we let in to our networks; especially social networks. Two years ago, security consultant Thomas Ryan conducted a social engineering experiment that was documented in a white paper he wrote. Worth the read but I will summarize it here. Ryan created a profile online of a fictitious woman named Robin Sage. Robin claimed to work as a Cyber Threat Analyst at the U.S. Navy’s Network Warfare Command. Within less than a month, the non-existent Ms. Sage had established connections with security specialists, military personnel, staff members at intelligence agencies, and defense contractors. Throughout the experiment, Robin was offered jobs, gifts, and the opportunity to speak at security conferences. A soldier in Afghanistan forwarded her a picture of himself containing embedded data revealing his exact location, while a contractor with the National Reconnaissance Office inadvertently revealed the answers to the security questions on his personal e-mail account. Funny that we are running around being so afraid of the NSA and here a people were just giving away information to someone that they have never met in person!!
So how do you Spot a Fake profile?
There are multiple websites postings about this but my take on it is pretty simple. There seems to be a basic format that people use.
1) Stock photos. These are always great looking people in a portrait style perfectly lit photo like the type you would see in a frame when you buy it.
2) The first and last names are all in lower case. I have no idea why this is but from what I have read online and seen this is the case.
3) Limited connections in most cases less than 50. Once again I am not sure if this due to no one saying yes or if they are just targeting a specific group of people (recruiters in my case with Boca)
4) The personal info is either limited or suspect. For example I have been doing development in C# for 20 years. If you are a technical person or recruiter who know anything about software development this would raise a red flag (it was released in November of 2005).
5) They are not part of ANY groups. Although not strange by itself added to one or two things above it could be another warning sign.
I really liked this post on the subject and it is more detailed than mine. Once again, a good read by the LinkedIn man.
What do you do if you Suspect it’s a Fake?
Well you can choose to ignore them by just ignoring the profile or say I do not know this person. You can also flag the person letting LinkedIn know you think this person is not real:
To flag an inappropriate profile:
Click the down arrow next to Send a Message or Send InMail in the top section of the member’s profile.
Select Flag as inappropriate.
Select a reason for flagging the profile.
Note: You also have the option to block members.
Learn more about blocking or filing a formal complaint.
As recruiters we live on the web. We ALL have social profiles of one or the other and I would not be hesitant in saying that you have a fake “friend” somewhere lurking in your friends list. Unless you are very careful with whom you have “LinkedIn” with. My suggestion would be to go and clean up that friends list. I don’t think it is cool anymore to have connections that you really don’t know that well but hey, that’s me.
I hate people.