If you’re on LinkedIn, you might think nothing of connecting with people you know. Accepting invitations to connect from people you’ve never heard of, on the other hand, might—and should—give you pause.
LinkedIn users should be on the lookout for fraudulent accounts, according to several recent reports. Some scammers pose as recruiters; others aim to build elaborate self-referenced networks of so-called managers and consultants.
LinkedIn is “becoming a scammer’s playground where fake personas, fake opportunities, and identity theft and phishing scams are becoming more prevalent and more creative,” Ryan Hubbs, president of the Houston chapter of the Association of Fraud Examiners, said in a recent report. “From stolen photos to copied resumes, it is becoming more difficult to truly certify if that new connection really exists.”
People can take steps to protect themselves from phishing scams, malware, and social-engineering attacks on the professional network, experts say, starting with being cautious about the accounts with which they connect.
Purveyors of phishing scams and ransomware attacks are creating fake LinkedIn profiles, then attempting to connect with professionals ranging from high-ranking executives to payroll officers, says Tom Finney, a security researcher at SecureWorks. Their social-engineering schemes include offering high-paying jobs for roles requiring little work, according to LinkedIn.
In most cases, your acceptance of an invitation to connect is a scammer’s entry point: Unless someone has a paid LinkedIn account or is connected with you, he or she can’t use InMail to send you direct messages. And in most cases, you won’t have a reason to accept an invitation from someone you don’t know and—from the looks of it—likely will never meet.
But many people, including recruiters and reporters, have professional reasons for connecting with those outside their current first- and second-degree networks. Before accepting an invitation to connect, they need to use their best judgment.
Some fake profiles are easy to spot; others aren’t. Here are five tips to distinguish whether a LinkedIn profile is real, plus instructions for reporting fraudulent accounts to LinkedIn.
Perform an image search
Some scammers use stock photos as profile images. Others use those of legitimate users. Paste the account’s image into a Google Images search, Finney says, to display other Web pages on which the image has appeared, including other LinkedIn profiles.
Review the name
Does the person’s name contain capitalization oddities or have an unconventional spelling? Does it include only a last initial? These are all signs that the profile could be fake, Hubbs says. “Very rarely would a professional misspell their name,” he says. “Scammers who are creating hundreds of fake profiles for a particular scheme have a tendency to get lazy.”
Consider incomplete profile sections
Be wary of a profile that lists a bachelor’s degree from a prestigious university but doesn’t name the program or academic focus, Hubbs says. “The attainment of a degree is a mark of pride, dedication, and effort by a professional,” he says. “Those that create fake profiles couldn’t care less, and this is where their mistakes can show through.”
Search for plagiarism
Scammers either put very little effort into the summary section of the profile—which is easy to spot—or they copy and paste the same summary from one profile to the next, Hubbs says. If you suspect that the latter is true, select a sentence from the summary, and plug it into a search engine, encasing it in quotes. This will reveal whether the summary is unique.
Look for illogical information
If the individual’s title and job experience seem oddly matched—or her skills don’t relate to her career—Hubbs says, the profile could very well be fake. “Be on alert for profiles with a few number of identified skills, or a combination of skills that do not complement one another, such as chemical engineering and social-media marketing,” he says.
How to report fake LinkedIn profiles
A team at LinkedIn dedicated to removing fraudulent profiles counts on its users to help identify many of them.
“We see batches of bad actors on LinkedIn from time to time, but the security community and our users are great at sharing this information so we can act quickly and remove these profiles,” a company representative said. “Should you come across a profile you think is fake, you can flag it to our team for investigation.”
To report a fake profile, hover your cursor over the drop-down arrow next to “Send a Message” or “Send InMail” in its top section. Select Block or Report, then click the box next to Report. Choose your reason for flagging the profile, click continue, and select agree.