We’ve all seen the crime shows on T.V. where the criminal is a suave, handsome, wealthy man who no one believes could commit a crime. As viewers, we can often tell in the first five minutes that the “suave man” will be the murderer. Unfortunately, it’s a lot harder to identify a con man or someone with something to hide in real life. In the Digital Age, we’ve come to believe that everything someone puts on social media has to be true.
As we’ve seen in many of our investigations, social media identity plays a large role in one’s façade. While you’d think that everything that someone puts on their LinkedIn page is accurate, it’s sometimes not.
Types of Hacker Tactics on LinkedIn
By now we’re all pretty familiar with spam emails, but they are no longer coming only to your Inbox. Recently, LinkedIn has encountered an increase in hackers posing as corporate headhunters, seeking others in areas of telecommunications or government agencies. They are attempting to gain access to their business email accounts in order to hack the system for personal information. A recent Forbes article identified two types of LinkedIn hacker tactics:
- Emails that appear to be from LinkedIn. Hackers are posing as a LinkedIn account and are then taking you to an outside website embedded with destructive software.
- LinkedIn messages from users you don’t know.
6 Ways to Identify a LinkedIn Spammer
Who doesn’t want to have hundreds of connections on LinkedIn? Before casually accepting someone’s connection request, be aware of these common triggers for spam accounts:
- The requesting profile has very few connections
- The profile is incomplete and doesn’t seem accurate
- The user’s profile picture is not of a person, or is just a logo The user’s location is not in North America
- Message contains bad spelling, grammar and aren’t addressed to you personally
- Message asks you to act immediately
- Message asks you to open an attachment or click a link
How to Identify the Fraudsters
Through its research, the Association of Certified Fraud Examiners (ACFE) has pinpointed factors to look for ranging from editing pictures used with multiple names, different languages in a profile, inaccurate education descriptions and academic degrees that don’t match their job descriptions. In many cases, it might not be immediately obvious that the user isn’t who they say they are. Sometimes, you might have to do a little digging. For example, the ACFE found one fraudster who lists his location as Phoenix, Arizona but also describes one of his talents and hobbies as Nordic skating, which are not realistically compatible. In this case, accepting his request might not lead to a dangerous or harmful action, however, if you continue to see odd behavior, ACFE suggests you report the person to LinkedIn.
Additional red-flags include: (1) receiving multiple invites from different people from the same company or organization, and (2) suspiciously good-looking profile pictures, particularly females. Remember: even if the user has a Premium account, they can still be a hacker.
How LinkedIn is Combating the Problem
LinkedIn is aware of this problem and has notified its users what to do regarding phishing emails. If someone messages or emails you requesting your password, don’t ever give it to them and don’t download any attachments or programs. LinkedIn has notified its users to report all phishing examples, and assures that anything it sends has the company’s signature and a security footer in accordance with DMARC standards. LinkedIn also states that it works in conjunction with other industries to identify and remove such spamming website schemes once they are brought to its attentions.
If you identify any fraudulent messages from LinkedIn, report them to firstname.lastname@example.org immediately.