How to Spot a Fake LinkedIn Profile in 60 Seconds.

The profile displayed is an actual fake.

LinkedIn is a terrific platform to cultivate business connections. It is also rife with fraud and deceit. Fraudsters use as a social engineering tool which allows them to connect to professionals, trying to lure them into disclosing their real contact details (work email is the best) and then use this email address to send spam, or worse, deliver malware.

Always check the profile before accepting an invitation, and do so via the LinkedIn message mechanism and not via email fake invitation emails can cause much more harm than fake profiles.

So we have established that it is imperative to be able to identify a fake profile when someone invites you to connect on LinkedIn. But how would you do that? CID stands for – Connections, Image and Details. By following it, you will be able to spot most fakes in 60 seconds or less. For more elaborate fraud attempts, it will be much longer or maybe even impossible for the non- professional to identify. We will discuss these later.

Connections – while you can fabricate any “fact” on your profile, connections cannot be faked; they have to be “real” LinkedIn users who have agreed to connect with you. So unless the fraudster is willing to create 100 other fake profiles, and connect these with the fake persona he is trying to solidify (something that takes a lot of time and effort to do, and something I hope the LinkedIn algorithm will pick up), the only way for him to have 100 connections is to connect to 100 LinkedIn users. So if you see someone with a puny number of connections, you can start to be more suspicious. So, connections number check – 5 seconds. Moving on.

Image – by now most people creating a LinkedIn profile realize that it is in their best interest to include a real image of themselves, and usually a professionally looking one (either taken by a professional or in professional attire). So no image or an obscure one is kind of suspicious. Also, any too good-looking images should ring an alarm bell. Since it is almost certain that the fraudster will not use his/hers own image (by that they will make the profile real to a certain extent), they will most likely search for a nice photo to post online. How can you tell if the image they have used is taken from someplace else? There are dedicated websites for reverse image searching, but since we are under serious time constraints here, why not simply right-click the image and ask Google to check the source? Very quickly it will find a compatible image and you can match the profile image to an existing stock image. Another 25 seconds gone. Say these two tests were insufficient and you are still not sure? Check the Details.

Details – people know that the more detailed their profile is, the better. Profiles lacking education or occupation details are very unreliable, along with these are any severe discrepancies: How could this guy study at Yale and serve overseas at the same time? lack of skills, recommendations and endorsements are not in favor of any real profile. Taking another 30 seconds of your precious time, you should by now be able to spot a fake profile.

Sure, someone just starting on LinkedIn might have fit our CID protocol while actually just launching his LinkedIn profile, and therefore has few connections. If you know this guy, go ahead and connect. If you do not, it is best to wait until the profile seems more robust.

It is very important to note that accepting the invitation to connect by itself (given it was delivered via a LinkedIn message mechanism or clicked on the user profile) does not create any damage, but it establishes a link between you and a fraudster, which can later be utilized as an attack vector.

SenSecy Blog

« The Current Chinese Cybercriminal Underground
Hackers Can Use Holes In The Internet of Things »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DataGuidance

DataGuidance

DataGuidance is a platform used by privacy professionals to monitor regulatory developments, mitigate risk and achieve global compliance.

Cigniti Technologies

Cigniti Technologies

Cigniti Technologies provides Independent Software Testing (IST) Services including software security testing.

Payload Security

Payload Security

Payload Security's VxStream Sandbox is a fully automated malware analysis system.

Sintef Digital

Sintef Digital

Sintef Digital carries out research in Information and Communication Technology for industry and the public sector.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

The Center for Analysis & Investigation of Cyber-Attacks is one of the leading Kazakhstan organisations in the field of information and computer security.

IoT M2M Council (IMC)

IoT M2M Council (IMC)

The IMC is the largest and fastest-growing trade organisation in the IoT/M2M sector.

Apozy

Apozy

Apozy replaces a secure web gateway to nullify phishing, malware and impersonation attacks.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

Agio

Agio

Agio is a hybrid managed IT and cybersecurity provider servicing the financial services, health care and payments industries.

Antares NetlogiX

Antares NetlogiX

Antares Netlogix are a leading Austrian service provider for IT security, critical infrastructures and managed security services.

Input Output (IOHK)

Input Output (IOHK)

IOHK is one of the world's pre-eminent blockchain infrastructure research and engineering companies.

Luta Security

Luta Security

Luta Security implements a holistic approach to advance the security maturity of governments and organizations around the world.

Versent

Versent

Versent is an Australian-born technology company, focused on architecting, building & operating cloud native applications, data streams, platforms, and services.

CyberSecAsia

CyberSecAsia

CyberSecAsia series conference is the one and only decision-makers gathering for CISO and info security experts in Asia.

Secure Domains

Secure Domains

Secure Domains is the first company in the GCC to offer cloud-based DNS firewall services and security through its flagship SaaS product, DNS Armor.