LinkedIn is a social network designed for communication between professionals, which implies almost total user transparency and a very high degree of trust between strangers since personal data is exchanged.
In the fall of 2022, security expert Brian Krebs discovered many fake LinkedIn accounts that allegedly belonged to the CIOs of various international companies. Furthermore, among them were several thousand fake accounts that mentioned an honest company as an employer.
The biggest drawback to LinkedIn is the relative ease of creating believable fake profiles. Although the scammers’ motives vary, they share a lack of connection to the company they allegedly work for. Given this, two questions must be addressed: how to stop fakes on LinkedIn and protect companies?
LinkedIn measures in the fight against fake profiles
LinkedIn has been continuously tackling the issue of fake profiles on its platform. As part of its commitment to the integrity of the social network, LinkedIn produces semi-annual reports revealing the number of fake accounts blocked. While the exact numbers vary from period to period, it is significant, counting tens of millions of blocked profiles in each report. A prominent example is from early 2019 to mid-2022 when LinkedIn blocked approximately 140 million fake accounts.
Most fake profiles are automatically blocked (95.4% in the first half 2022). Fakes are often removed while still in the registration stage: 70% to 90% of blocked accounts are removed before going live.
LinkedIn improves the detection of fake profiles by using red flags such as excessive messaging, geographic mismatch, and common patterns with previously blocked profiles. These measures reinforce the security and reliability of the platform for the benefit of its community of professionals. LinkedIn remains committed to combating fake profiles and maintaining a safe user environment.
Late last year, LinkedIn introduced several innovations to combat counterfeiting, including checking profile photos to see if they’re AI-generated, warnings on suspicious messages, and a new “About This Profile” tab, which displays the approximate date of account registration and other information to help users decide if it is trustworthy.
“The proliferation of fake profiles on LinkedIn is a concern that should not be overlooked. Users must be vigilant and carefully check the profiles with which they interact. Education and awareness are key to preventing and combating these counterfeits,” underlines Marc Rivero, Senior Security Researcher at Kaspersky.
Security risks that fake accounts can carry
Scammers can target employees using fake profiles of people who supposedly work for another company. In 2022, such an attack was carried out against SkyMavis, the company that developed the game AxieInfinity.
The attackers contacted one of the company’s employees through LinkedIn with an alleged job offer. They then sent him an infected PDF with which they could access the company’s network and steal the keys used to validate the transactions. With these keys, they cleared the company’s cryptocurrency accounts. The losses amounted to more than 500 million US dollars, earning this incident the honorary title of one of the largest cryptocurrency thefts in history.
The best defense for companies against this attack is educating employees about information security—the best way to do periodic training in cybersecurity.
How to remove fakes from your company’s LinkedIn Page
In case of this type of forgery, in which the name of the company and the information of the actual employees are used fraudulently, Kaspersky recommends:
- Remove fake profiles from the company’s employee list. You can measure the magnitude of the problem by comparing the number of profiles that list the company as a current employer with the actual number of employees.
- Do a geographic assessment by consulting how many employees are in specific regions according to LinkedIn and compare it with reality. This should help pinpoint the problem, as fake profiles will likely point to a particular area where scammers are looking for victims.
- If it is a large-scale problem, it is best to start hierarchically from the top-level employees, looking up the names of senior managers individually and comparing whether the registration information requests profiles.
- The platform resolves high-level counterfeiting through blue badge verification, which began last April.