Awareness Services

Fake accounts on LinkedIn – A problem?

Fake accounts on LinkedIn – A problem?

Social networks determine our everyday life, for companies LinkedIn is often an important network for maintaining contacts. But due to fake accounts on LinkedIn, major hacks and security problems rise.

Why LinkedIn?

Fake accounts on Instagram or Facebook are common. For attackers, however, LinkedIn is a valuable platform because it focuses on business relationships. The portal is popular and enjoys a good reputation, contacts are made on the platform non-stop. So if you want to network, it’s particularly easy on LinkedIn. We had already written about something similar in our article on CEO Fraud. But what happens when you come across a fake account and make deals with a person who is not who they say they are?

This is exactly the problem that today’s article is about. What happens to such fake accounts on LinkedIn and how can they be detected from the beginning? What should you watch out for to avoid falling for such a fake profile yourself? We clarify and help with appropriate protective measures.

Identity theft on LinkedIn is no longer uncommon

The biggest problem of fake profiles on business platforms is certainly that the risk of deception entails greater consequences. For the most part, such accounts are used to try to negotiate or directly conclude contracts and to instruct money transfers in order to get money quickly. So it is always a matter of direct fraud, which only tries to disguise itself perfidiously as business activity.

To make this possible, identity theft takes place. This is done by copying and simply stealing information and photos to give the impression that it is the person in question. The username is also often written similarly or imitated as best as possible so that it does not catch they eye either. It is often enough to append certain characters or poorly recognizable letters to a name to make it look almost identical. No one notices that unless they look very closely. And who looks very closely?

Most recently, these were increasingly profiles of Chief Information Security Officers (CISO), and with them a whole network of supposed employees was created. The problem is that even search engines get confused about displaying or filtering the correct CISO. So normal searchers also quickly get to the fake accounts on LinkedIn. The chance of recognizing them then is quite small. If even Google presents it as a plausible result, the search engine user will rarely wonder or even double check if it is the correct profile.

How thousands of CISO profiles were recently discovered on LinkedIn

Some time ago, security researcher Brian Krebs discovered several LinkedIn profiles that were obviously fake. Among others, a “Victor Sites” from Ohio introduced himself as Chevron’s Chief Information Security Officer. Now even if you had been confused and asked Google about the CISO, the search engine showed the fake account on LinkedIn from Victor Sites even before that of the company’s real CISO. It was therefore very difficult to tell that it was a fake.

Immediately after, Brian Krebs discovered more fake LinkedIn profiles, and the platform itself also seemed to recognize the direct connections of the fakes, as they were suggested in clusters in its own recommendations. Parts of the profiles discovered in this way were simply copied, others were supported by further sources and links in order to convey an authentic impression. He recorded his discovery in a blog article.

Who creates the fake accounts on LinkedIn and what for

That is one of the questions that remains unanswered. Because it is simply impossible to understand what greater purpose the multitude of different profiles have served. In a report by Bloomberg, North Korea is believed to be responsible for the fake accounts.

We know from the past that Russia and China have also repeatedly attracted attention when it comes to hacks or targeted identity theft. But in the end, no one can say for sure. There is only circumstantial evidence and conjecture, but no definitive proof. This will probably always be the case as long as they are not amateurs. Thus, it can at least be assumed that they are professionals.

Individual requests were mostly ignored by the profiles. None of the created accounts responded in any way to the attempt to contact them. LinkedIn itself assured that its own departments are actively working to cleanly remove such mass-created fake accounts on LinkedIn. However, as with all social networks, it is a mixture of automatism and human verifications that are supposed to weed out such fake accounts.

It is conceivable that these fake accounts can be used to launch larger-scale social engineering attacks and target selected companies. So far on LinkedIn there are

Our opinion on fake accounts on LinkedIn

LinkedIn in particular has some mechanisms that may make it easier for imposters to be perceived as authentic. Companies themselves, for example, have no means of declaring false employees as such or even having them blocked. Such things are always reviewed separately by LinkedIn and that takes time. By then, such fake accounts may have already caused a lot of damage.

At the same time, clear information that could help with identification is often missing. Among other things, the date when the account was created. It would then be immediately obvious at a glance that the account is fake, because senior employees in particular have naturally been part of LinkedIn as a career network for a very long time.

Fake accounts on LinkedIn pose a great danger. Especially because LinkedIn is generally considered to be particularly trustworthy and reputable. LinkedIn in particular has fewer problems with bots and fakes, which is why no one there assumes that they are fakes. However, it is all the more important that such accounts cannot exist for long and are combated accordingly by the platform.

Another problem: The fake accounts on LinkedIn generate real followers over time. This, in turn, makes them seem more believable. Suddenly, sources are added to support the authenticity, and more and more real accounts are added to willingly follow. Who should then be able to unmask him?

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.