How to Spot a Fake LinkedIn Profile in 60 Seconds.

Uploaded on 2015-12-08 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW

The profile displayed is an actual fake.

LinkedIn is a terrific platform to cultivate business connections. It is also rife with fraud and deceit. Fraudsters use as a social engineering tool which allows them to connect to professionals, trying to lure them into disclosing their real contact details (work email is the best) and then use this email address to send spam, or worse, deliver malware.

Always check the profile before accepting an invitation, and do so via the LinkedIn message mechanism and not via email fake invitation emails can cause much more harm than fake profiles.

So we have established that it is imperative to be able to identify a fake profile when someone invites you to connect on LinkedIn. But how would you do that? CID stands for – Connections, Image and Details. By following it, you will be able to spot most fakes in 60 seconds or less. For more elaborate fraud attempts, it will be much longer or maybe even impossible for the non- professional to identify. We will discuss these later.

Connections – while you can fabricate any “fact” on your profile, connections cannot be faked; they have to be “real” LinkedIn users who have agreed to connect with you. So unless the fraudster is willing to create 100 other fake profiles, and connect these with the fake persona he is trying to solidify (something that takes a lot of time and effort to do, and something I hope the LinkedIn algorithm will pick up), the only way for him to have 100 connections is to connect to 100 LinkedIn users. So if you see someone with a puny number of connections, you can start to be more suspicious. So, connections number check – 5 seconds. Moving on.

Image – by now most people creating a LinkedIn profile realize that it is in their best interest to include a real image of themselves, and usually a professionally looking one (either taken by a professional or in professional attire). So no image or an obscure one is kind of suspicious. Also, any too good-looking images should ring an alarm bell. Since it is almost certain that the fraudster will not use his/hers own image (by that they will make the profile real to a certain extent), they will most likely search for a nice photo to post online. How can you tell if the image they have used is taken from someplace else? There are dedicated websites for reverse image searching, but since we are under serious time constraints here, why not simply right-click the image and ask Google to check the source? Very quickly it will find a compatible image and you can match the profile image to an existing stock image. Another 25 seconds gone. Say these two tests were insufficient and you are still not sure? Check the Details.

Details – people know that the more detailed their profile is, the better. Profiles lacking education or occupation details are very unreliable, along with these are any severe discrepancies: How could this guy study at Yale and serve overseas at the same time? lack of skills, recommendations and endorsements are not in favor of any real profile. Taking another 30 seconds of your precious time, you should by now be able to spot a fake profile.

Sure, someone just starting on LinkedIn might have fit our CID protocol while actually just launching his LinkedIn profile, and therefore has few connections. If you know this guy, go ahead and connect. If you do not, it is best to wait until the profile seems more robust.

It is very important to note that accepting the invitation to connect by itself (given it was delivered via a LinkedIn message mechanism or clicked on the user profile) does not create any damage, but it establishes a link between you and a fraudster, which can later be utilized as an attack vector.

SenSecy Blog

« The Current Chinese Cybercriminal Underground
Hackers Can Use Holes In The Internet of Things »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

EG-CERT

EG-CERT

EG-CERT is the national Computer Emergency Response Team for Egypt.

BitSight Technologies

BitSight Technologies

BitSight transforms how companies manage information security risk with objective, verifiable and actionable Security Ratings.

PROMIA

PROMIA

PROMIA is in the business of providing solutions that are designed to support highly secure, reliable, scalable and interoperable business applications.

Resilia

Resilia

RESILIA is a comprehensive portfolio of tools and training to help your organization achieve global best practice in cyber security.

Inogesis

Inogesis

NAVEX Global

NAVEX Global

NAVEX Global’s compliance management system consolidates your entire GRC program onto a scalable cloud-based platform.

Cask Government Services

Cask Government Services

Cask Government Services focuses on program management, cybersecurity, logistics, business analysis and engineering services for Federal, State and Local Government.

Secure IT Disposals

Secure IT Disposals

Secure IT Disposals specialise in professional Computer Recycling, Computer Disposals, Computer Destruction, Data Erasure and end-of-lifecycle solutions.

FortifyData

FortifyData

FortifyData is the next generation of cyber risk management–a comprehensive platform that continuously evaluates your third-party, internal and people risks.

Qrator Labs

Qrator Labs

Qrator Labs is a leader in DDoS attack mitigation, helping organizations protect their websites from the most harmful, sophisticated DDoS attacks.

CYOSS

CYOSS

CYOSS, an ESG Group company, is a specialist in Cyber Security and Data Analytics. We focus on the opportunities of a networked world and make security risks manageable.

Amnesty Tech

Amnesty Tech

Amnesty Tech's Security Lab leads technical investigations into cyber-attacks against civil society and provides critical support when individuals face such attacks.

Across Verticals

Across Verticals

Across Verticals is a boutique cyber security consulting firm that specializes in holistic, deeply technical and end to end cyber security advisory services based on industry best practices.

Asimily

Asimily

Asimily’s IoMT risk remediation platform holistically secures the mission-critical healthcare devices that deliver safe and reliable care.

Swish Data Corp.

Swish Data Corp.

Swish delivers when the problems are complex, requirements are difficult, and the mission is absolutely critical.

Pillr

Pillr

Pillr is a cybersecurity operations platform capable of adapting to the demands of your business and team — and the global threat landscape.