One LinkedIn group admin told cybercrime expert Brian Krebs he has had to block more than 12,700 suspected fake profiles since January.
As the debate around the number of bots on Twitter rages on, another social media platform is grappling with a surge in fake profiles that attempt to scam people.
LinkedIn, the world’s most popular professional network, has become a location for inauthentic accounts pretending to be senior executives in multinational companies.
Brian Krebs, a cybercrime expert who runs the website KrebsOnSecurity, wrote in an article yesterday (6 October) that these fabricated profiles – with AI-generated images and bios lifted from real accounts – are creating headaches for HR teams and administrators of invite-only LinkedIn groups.
In a recent investigation, Krebs found that the business networking platform has been flooded with fake profiles of people claiming to be chief information security officers at Fortune 500 companies such as Biogen, Chevron, ExxonMobil and Hewlett-Packard.
“Since then, the response from LinkedIn users and readers has made clear that these phoney profiles are showing up en masse for virtually all executive roles – but particularly for jobs and industries that are adjacent to recent global events and news trends,” he wrote.
In his investigation, Krebs found that when users searched for the CISO of energy giant Chevron, LinkedIn until very recently showed the profile of a certain Victor Sites. But this account was fake – the real CISO of Chevron is Christopher Lukas.
Because of how search engines scrape websites for information, the Sites profile was showing up first in Google searches too ahead of Lukas.
“Helpfully, LinkedIn seems to be able to detect something in common about all these fake CISO profiles, because it suggested I view a number of them in the ‘People Also Viewed’ column seen in the image above,” Krebs wrote, adding that more fake profiles showed up there.
It remains unclear why LinkedIn has been flooded with fake profiles.
Social media sites such as LinkedIn are increasingly becoming a target for phishing attempts, and an investigation earlier this year found that dummy LinkedIn profiles were being used for marketing and sales purposes.
Additionally, researchers at cybersecurity firm Mandiant recently told Bloomberg that hackers working for the North Korean government may be copying résumés and profiles from platforms such as LinkedIn as part of “an elaborate scheme” to land remote cryptocurrency jobs.
Other ways to scam people on LinkedIn may include flirting with a user to get money out of them, or pretending to be a job recruiter to get sensitive personal information.
500 fake profile requests weekly
Hamish Taylor, who runs a group for sustainability professionals on LinkedIn, told Krebs that he has had to block more than 12,700 suspected fake profiles since January this year.
“We receive over 500 fake profile requests to join on a weekly basis. It’s hit like hell since about January of this year,” Taylor said. “Prior to that we did not get the swarms of fakes that we now experience.”
LinkedIn urges users who come across suspicious profiles or activity to report them immediately.
In a blogpost in June, LinkedIn VP of product management Oscar Rodriguez claimed that 96pc of detected fake accounts and 99.1pc of detected spam and scams are caught by the platform’s automated defences even before they go live.
“While our defences catch the vast majority of abusive activity, our members can also help keep LinkedIn safe, trusted and professional,” he wrote.
“If you do encounter any content on our platform you believe could be a scam, be sure to report it so that our team can take action quickly.”
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.