As the world’s largest professional network, LinkedIn is probably the last place you would expect to be associated with internet scams. It is an excellent platform that can be used to cultivate professional business relationships. But cybercriminals are attracted to websites with high member counts, so LinkedIn, with its 760 million members, is considered fair game.
Furthermore, it’s massive user base provides cybercriminals with easy access to a treasure trove of personal information and corporate data that can be used to commit a range of cybercrimes such as spear phishing attacks and identity fraud.
Here are some of the most prolific LinkedIn spams to watch out for on the site.
LinkedIn phishing emails are fraudulent emails that are designed to fool the unsuspecting recipient into thinking that they have received an email from LinkedIn. LinkedIn is the world’s most trusted social network. And that trust is probably why emails with “LinkedIn” in the subject line have an open rate of almost 50%.
Here are the most common LinkedIn phishing emails:
Bogus connection requests
Fake connection requests from fake users is one of the most prevalent scams on LinkedIn. LinkedIn members get used to clicking on links in these messages, and therein lies the threat. The email will look like an authentic LinkedIn email, with the exact LinkedIn logo and branding. It may also ask you to click the link to “visit your inbox now”, or ask you to “accept” or “ignore” the invitation. If you click any of these links, you are likely to be taken to a spoof webpage mimicking the official LinkedIn website where you will be prompted to type in your login credentials. The aim is to steal your sensitive data and put you at risk of identity theft.
A LinkedIn profile gets cloned when a fraudster creates a brand new LinkedIn account in your name. When the account is created, the fraudster will copy all of your personal information to the fake profile, including photos, projects and credentials on your account. The aim is to make it look identical to your own profile. Once the cloned account is setup, your connections might receive a LinkedIn message from the fraudster that includes a malicious, active link for your connections to click on.
Fake support emails
Fraudsters send you a bogus email pretending to come from LinkedIn support. The email will often contain a clickable link to a bogus webpage where you’ll be prompted to confirm your login credentials by clicking on the link. In some variations, it might also say that your LinkedIn account has been blocked due to inactivity.
Clicking on the link in the email can result in malware, spyware or some other type of malicious software being downloaded to your device. Alternately, you may be taken to a bogus LinkedIn webpage where you’ll be prompted to enter your login credentials.
Here’s an example of a fake LinkedIn support email:
What to do if you receive a fake LinkedIn message
- Do not click on links in emails that purport to come from LinkedIn unless you are absolutely sure of its source. You can check where the link is going by hovering over it. As you do this, look at the bottom left of your web browser, which will show you where you will be taken to on clicking the link. If it shows anything other than LinkedIn’s home page, you can be sure that you’re dealing with a scammer.
- Create a stronger password straightaway.
- Increase the security of your account by setting up two-factor authentication.
- Contact LinkedIn support.
Fake LinkedIn profile
There has been an explosion of fake LinkedIn profiles created by scammers for a variety of purposes. Cybercriminals create fake profiles to pose as recruiters or candidates in order to attract new connections. For example, a scammer might create a bogus profile pretending to be a job candidate so they can connect with other candidates who are in the same field. The goal of the spammer is to earn your trust and agree to connect when they send you an invite.
But connecting with a fake LinkedIn profile can give scammers a lot of important information about you, including details about your history and contacts. In addition, when you accepted their invite, fraudsters also get access to your LinkedIn email address. They can now check that email on sites like haveibeenpwned.com to find out if you’re using the same password on multiple sites.
Once you accept their invite, scammers will leverage this trust to send you messages that could contain malicious links. You might also receive fake job offers designed to steal personal information and other devious schemes. So, if you receive an invitation to connect with someone you don’t know on LinkedIn, be sure to check out the user’s profile before you accept that invitation.
How can I identify a fake LinkedIn profile?
It is important to know how to spot fake LinkedIn profiles so that you can avoid connecting with them. There are certain things to look out for that will indicate you’re dealing with a fake profile.
1. Fake photo
This is probably the most obvious sign that you can use to identify a fake profile. Scammers know that a profile without a photo is less trustworthy than a profile with a picture, so they tend to use professional, stock images for their photos. If you have reservations about a particular profile, you can check whether the photo is legitimate by doing a reverse image search of the photo on Google.
How to do a reverse image search:
- Go to images.google.com
- Click the camera icon
- Paste in the URL for the image.
Google will show you where that image has been used online. If you see that the profile photo is a stock photo from Shutterstock, Getty Images, etc. or has been used on multiple LinkedIn profiles, then there’s very little doubt that you’re dealing with a fraudster.
2. Thin content
Fake profiles will have sketchy background information about the person that just doesn’t add up. It will often be incomplete, lack cohesiveness and contain generic work titles such ‘Manager’. Real profiles often contain relevant information that helps you understand the user’s background. If a LinkedIn profile lacks any meaningful information about the member, it is highly likely that the profile is fake.
3. Poor spelling and grammar
Many fake profiles will often have general presentation issues such as poor grammar and misspellings. The name might be spelt in all caps or all lowercase. Generally, these types of errors in a profile should raise a red flag.
If you come across a fake profile, follow these steps to submit a report:
- Click the More icon on the member’s profile.
- Click Report/Block
- Select Report this profile in the window that pops up.
- Select a reason why you think the profile is suspicious.
- Click the submit button to complete the process.