LinkedIn is the most widely used social media platform for businesses, business owners, and professionals of all kinds to connect with and to expand their networks. From general marketing and outreach to finding new employees, this portal has proven to be a valuable tool on both ends of the business spectrum. Unfortunately, LinkedIn has also been plagued by several issues lately related to hacks, fake profiles, and other ongoing problems. If you or your business use this platform, it’s important to stay up to date on these concerns to understand the potential risk for LinkedIn-generated fraud and other scams.
Fake Profiles Sound the Alarm
Fake profiles appear within just about every form of social media in existence. Despite most major platforms having at least some measures in place to prevent this, the problem remains a constant issue that is difficult to combat. LinkedIn is no exception, and recent headlines show how abundant phony and imposter profiles have become on that platform.
A high number of fake profiles claiming to be Chief Information Security Officers (CISOs) at well-established and recognized corporations put the issue on full display. Reports indicate that these bogus profiles are easily fooling search engines, leading to more widespread belief that the imposter pages are real people. There are documented instances of fake CISO pages for corporations such as Chevron and ExxonMobil, and these false facts appear in search engine results at a higher rank than the profiles of the people actually holding the positions.
The confusion created by this is easy to imagine, while the intent of such a scam isn’t quite as clear. One bogus CISO profile went on to be listed by a cybercrime-focused publication in a top-500 style ranking of people holding the title at large companies. The fact that the position and the publication both deal with cybersecurity is ironic, to say the least. And “alarming” is probably a better way to describe the situation. It exemplifies how easy it is to accept official-looking profiles as authentic without questioning otherwise. Some of these fakes are easy to spot, with poor grammar or random information raising red flags. Others are difficult to intercept and are being pushed or republished down the line by other generally trusted sources.
And there isn’t a clear indication of who is creating these fake profiles or even why, as there is no specific scam directly related to them as of yet. One working hypothesis places North Korean hackers as potential sources for the fake profiles. Security personnel working for Mandiant Inc. believe these hackers are gleaning information from authentic profiles on LinkedIn and Indeed to generate fraudulent resumes and profiles that can then be used to secure employment opportunities. The hacker’s aim is to secure work with IT or crypto organizations and then funnel money earned or even information back to the North Korean government. But this is currently not much more than speculation concerning the recent LinkedIn CISO profile issue.
LinkedIn claims to be working hard to spot and remove these fake profiles. The company claims to have systems in place to prevent this sort of activity and that its “automated defenses blocked 96% of all fake accounts,” but even if this statement is accurate, the 4% of fakes that slip through are still definitely causing issues.
Other LinkedIn Scams
There are other LinkedIn-specific scams to be aware of as a business owner or individual besides the problem of fake profiles. Phishing attacks are also prevalent, with suspect links leading to the possibility of cloned accounts, account takeover, and more widespread data breach-related issues. Like phishing via email, scammers send a malicious link through a LinkedIn message or embed it in a post. If you click the link, your login credentials and other personal information can be exposed to the threat actors. This data can allow them to access your account and network, potentially posing as you or your business. Sometimes CEOs or other high-ranking members of an organization are targeted in an attempt to cause alarm and panic – very similar to a ransomware incident.
Another LinkedIn scam involves phony tech support offers made through private messages or emails within the platform. The goal of this particular scam is to trick you into thinking that LinkedIn tech support representatives are contacting you with an issue related to your account when it’s actually a scammer. The message can look authentic with an official logo or wording but will again contain a malicious link.
LinkedIn has some tips for users on how to recognize and report scams. The platform offers similar advice toward spotting scams within its portal, such as looking out for:
- Offers that seem too good to be true
- Messages containing spelling or grammar mistakes
- Messages that aren’t addressed to you personally
- Messages asking you for personal or financial information
FBI Warns Public of LinkedIn Fraud Threat
If fake profiles and other scams aren’t enough to convince you of the security issues surrounding LinkedIn, perhaps the FBI having designated the platform as a “significant threat” to consumers will get your attention. The agency put out a stark warning earlier in 2022 in response to a string of investment scams occurring within the platform. An FBI special agent in charge said that, “this type of fraudulent activity is significant, and there are many potential victims, and there are many past and current victims.”
The threat once again begins with, you guessed it, a fake profile. From there, users are directly contacted by the scammer and convinced to make a small investment in cryptocurrency. This initial transaction might be legitimate, and the scammer gains the victim’s trust for weeks or months before instructing them to transfer the money to a different location. Then the funds are stolen, and the scammer disappears.
Despite all these issues and potential threats, LinkedIn remains extremely popular in the business world. As with any of your day-to-day digital interactions, don’t let your guard down while using this platform or any other that you may consider “safe.” The risks to the livelihood of your business or personal life are far too great for you to assume that social media is free of scammers and other cyberthreats.
LibertyID provides full service, fully managed identity fraud restoration to its subscribers. With a 100% success rate in resolving all 31+ forms of identity fraud. LibertyID Business Solutions provides Business fraud remediation, full pre-breach preparation with custom WISP protocols, post breach regulatory response, customer, and employee identity fraud restoration management, advanced employee training and third-party vendor management tools.