Written by Joel Latto and Ash Shatrieh
LinkedIn is the most popular professional platform that we love to network on — but we aren't the only ones using it for professional pursuits. While discussions about cyber crime on social media often revolve around platforms like Facebook or messaging apps such as Telegram, LinkedIn has increasingly become a focal point for business-minded cyber criminals. So, to help you continue using LinkedIn securely and effectively, throughout this guide we'll show you:
How to recognize fake profiles, understand the risks they pose, and implement measures to enhance security
How to identify and respond to LinkedIn threats such as spear phishing, Business Email Compromise (BEC) or attacks designed to damage reputations
The process of LinkedIn account takeovers and the importance of account verification
The drawbacks of becoming a 'LinkedIn Open Networker' (LION)
Why fake LinkedIn profiles are a threat
Fake profiles on LinkedIn pose a multifaceted threat. Targeting LinkedIn profiles is rooted in the platform's rich trove of professional data, and cyber criminals and malicious actors exploit this resource for many purposes. LinkedIn is a hub for networking and professional interactions, so it’s an attractive target for those seeking to engage in corporate espionage, identity theft, and financial fraud. Identity theft on LinkedIn can be particularly lucrative for criminals due to the potential disclosure of sensitive business information.
Attackers take advantage of compromised accounts by carrying out seemingly legitimate activities, such as messaging colleagues, and sharing phishing links. The abundance of personal and professional information on user profiles allows attackers to tailor their approach, making phishing attempts more convincing and targeted.
What’s more, the sheer volume of active users on LinkedIn increases the likelihood of successful attacks. From spreading malware to using fake profiles in automated bot networks for mass-scale activities, the platform's interconnected nature provides ample opportunity for malicious actors to exploit the trust users place in their professional connections.
How to spot a fake LinkedIn profile
The first thing you should do when evaluating a suspicious LinkedIn account is to open the person’s profile, then click the three dots icon “…” next to the Message button, and select “About this profile”.
This information might look mundane, but it can reveal several potential red flags:
Account age itself isn’t yet a good indicator if the account is legitimate or not, as the account might be stolen — older accounts lend more credibility to the scammers using them.
If for example you can see that contact information and profile photo have been changed very recently, this might indicate that the profile has been taken over and is now used to portray someone else.
This pop-up also tells you if the account has been verified or not. However, verification is a relatively new feature on LinkedIn and not widely used yet, so don’t be alarmed if a verification is missing.
Deepfake duping is on the rise
It’s not uncommon for bad actors to use deepfake photos, but unfortunately there’s no reliable ‘rule of thumb’ for detecting these anymore. In fact, a recent study found that people perceived some AI-generated faces to be more real than actual photos. According to LinkedIn:
“…we’ve found that most members are generally unable to visually distinguish real from synthetically-generated faces, and future iterations of synthetic media are likely to contain fewer obvious artifacts, which might show up as slightly distorted facial features.”
You can still try to do a reverse image search in Google to see if the profile image appears elsewhere on the internet. If it does, see if it’s associated with the same name as in LinkedIn or not. It wouldn’t be unheard of in high-level “spear phishing” cases for there to be other fake profiles on different networks using the same name and photo to increase the credibility of the fake person, so a reverse image search isn’t a 100% foolproof method either.
LinkedIn has done research in this area and deploys countermeasures against GAN-generated profile photos. However, their research — while impressive — was carried out earlier in 2023. Given the rapid advancement of different AI models and synthetic content generation, it’s uncertain how long the detection system will be valid. And of course, the easiest way for an adversary to fool any such system is to simply steal someone else’s real profile picture.
Detecting fakes to keep you safe
LinkedIn has also added a handy feature that detects and warns you about messages that ask you to take the conversation off platform. If you encounter a request like this, it’s worth taking a moment to think why exactly the person is asking for it. Here’s what these automatic warnings look like:
Source: LinkedIn blog
Please note that LinkedIn hasn’t specified if this feature only works with chats in English or if multiple languages are supported.
Avoiding account takeover (ATO) fraud
There are several ways cyber criminals can take over your LinkedIn account. One way is through "credential stuffing," where hackers use stolen passwords from other breaches to access your LinkedIn account. They might also try phishing — sending you fake LinkedIn emails or pages to trick you into giving away your login details. Malware, like infostealers, can infect your device and steal your social media credentials including your LinkedIn username and password. Some attackers use social engineering — trying to manipulate you into revealing sensitive information.
On LinkedIn itself, these attackers might send you connection requests pretending to be someone you know, leading to potential phishing attempts or impersonation. They could also send messages with fake job opportunities or networking invitations, hoping you'll click on a link or file that extracts your sensitive information. Some attackers might lurk in your account for a while, gathering information before making any moves. Others might post content with harmful links or send phishing messages from your account.
Understanding LinkedIn verification
Verification of accounts is a step in the right direction when it comes to social media security. But it’s important to note that a verified profile doesn’t automatically mean that the person behind this has been identified. In fact, identity verification is only one of three verification methods, and it is only available in the U.S., Canada, and Mexico, as well as in Australia and Brazil with a valid NFC-enabled government passport. Verification and identification can often mean different things on social media platforms, and these definitions keep changing as well — so always refer to the platform’s latest documentation to know the difference!
Quote:
The verification badge on your profile indicates that you were able to confirm specific information about your account. Having verified information helps provide authenticity signals to others that you’re who you say you are.
Two other verification methods include workplace verification (as is visible in the first picture of this article) and educational verification. The former can be done in three different ways, of which the easiest method is via your work email. You can complete the verification by adding your work email address to your profile and following these steps. Note that once you’re verified, your work email address still won’t be publicly visible on your profile.
How long does workplace verification last?
This verification is valid for 365 days, after which it needs to be redone. While the automatic loss of verification is ultimately a good thing (as then people don’t stay forever verified to companies which they don’t work for anymore), we were curious how the verification status is managed if a person changes jobs while verified. LinkedIn doesn’t share this information on their website, but when we reached out and asked, this was their answer:
“…the company will take away access to their work email and the company page super admin will revoke their access.”
What this means in practical terms is that the company’s LinkedIn page admin needs to stay on top of all employees who leave and remove their verification statuses accordingly. This is a big additional burden for page admins — not to mention that they may not know they should be doing this in the first place!
How to harden your LinkedIn account for better security and privacy
There are several steps you can take to harden your LinkedIn account against potential threats:
1. Secure your email account: Since your email account is linked to your LinkedIn account, it needs to be equally secure. Use strong, unique passwords and enable two-factor authentication.
2. Use strong, unique passwords for LinkedIn: A strong password that is not easily guessed and is unique to LinkedIn can drastically reduce the risk of your account being compromised. Use a strong password generator to create one instantly for free.
3. Enable two-factor authentication (2FA): LinkedIn provides two-step verification to add an extra layer of protection. This way, even if someone gets your password, they'll still need the code to access your account. Using a 2FA method that is not SMS-based is strongly recommended in general, specifically in countries where telecom companies don’t have strict regulations against SIM-swaps attacks.
4. Regularly check active sessions: LinkedIn allows you to see all the places where you're signed in and gives you the ability to sign out remotely. Regularly review your active sessions and sign out of any that are unfamiliar.
5. Be wary of phishing attempts: Stop and think before clicking a link in an email that directs you to LinkedIn, and be extra wary of any emails asking for your LinkedIn credentials. Always verify the source before revealing any personal information. Our Threat Intelligence team sees hundreds of millions of scraped LinkedIn profiles which could be the target of malicious phishing attacks.
6. Only connect with people you know: While LinkedIn is a network-building platform, it's important to only accept requests from people you know or want to be connected to. This can limit exposure to potential scammers, and collectively helps the LinkedIn community stay safe. Remember that even if you are not the target yourself, by accepting the connection request you amplify the fake profile’s legitimacy.
7. Be cautious with third-party applications: LinkedIn allows integration with a variety of third-party applications for various purposes. Always ensure that these applications are from trusted, reliable sources, and remember to manage your applications in the 'Settings & Privacy' section.
8. Regularly update your privacy settings: LinkedIn often updates its terms of use and privacy policies and can occasionally adjust what information is visible to whom. Make sure to frequently check your privacy settings and adjust them to your comfort level, and always question why a piece of information is important to be mentioned.
9. Think twice before syncing your contacts and calendar: The contact and calendar sync feature exists to enhance the platform's networking capabilities and user experience, such as providing a more efficient way for members to connect, engage, and build professional relationships. LinkedIn’s privacy policy states: “If you or others opt-in to sync email accounts with our Services, we will also collect “email header” information that we can associate with Member profiles.” This means LinkedIn doesn’t only collect connection information but might also analyze data (such as the frequency of interactions between people or the timing of these interactions), which raises many privacy-related concerns.
Important note: If you have your workplace verified in your LinkedIn account, keep in mind that a compromise of your work email address - by a ransomware attack against your company for example - puts your personal LinkedIn profile in danger as well, since your work email can be used to get access to your LinkedIn profile. In case of a business compromise, make sure to revoke your workplace verification access.
Why LinkedIn Open Networker “LION” is probably a bad idea
One of the main reasons why LinkedIn is so popular is because having access to a professional network at your fingertips can be extremely useful when you’re looking to advance your career.
LinkedIn knows this and recognizes the importance of an expanded network. This is why you have your own connections (1st degree connections), your connections’ connections (2nd degree connections) and anyone beyond these (3rd degree). The way you can interact with LinkedIn members varies between these degrees. However, the separation here could be considered a blocker when it comes to accessing job opportunities, events, and information.
To overcome this obstacle, the concept of LinkedIn Open Networker emerged several years ago. In a nutshell, these self-identified “LIONs” aim to create as large a 1st degree network as possible, by accepting any contact request as well as sending out their own requests with a wide net. Although being a LION doesn’t appear to be as popular anymore as it once was, a quick LinkedIn search unveils that open networking is still happening in public groups.
It’s not uncommon for these LIONs to have thousands or even tens of thousands of connections. If a fake profile manages to connect with even one LION, they suddenly have a vast 2nd degree network to approach. Connecting with 500 LIONs is an easy way to create credibility for the fake profile in a short amount of time. 500 is the number after which LinkedIn just shows that an account has “500+ connections” when their public profile is viewed. Many consider this as a sign of a well-established profile.
On the surface it might seem beneficial to have as many connections as possible in your professional circle, but what you’re ultimately doing by opening the virtual door to anyone in your network is increasing your personal attack surface significantly. We don’t recommend doing this, and instead recommend following step #6 in the previous chapter.
LinkedIn: a platform for authentic professional connections or business-minded criminals?
LinkedIn's greatest strength lies in genuine professional connections — but it’s also a space where cyber criminals try to target professionals. So, seize the opportunities it provides for authentic networking, while always remaining vigilant
We encourage you to foster a culture of cyber security awareness within your professional network. If you encounter suspicious activity on the platform, you should flag it using LinkedIn’s reporting features. And if the activity targets the company you work for, or you encounter a fake profile portraying the same company, make sure to notify your CISO as well.
Ultimately, by staying informed and adopting a cautious yet open approach, you can navigate LinkedIn securely while making the most of what it has to offer.
Please note that this guide was published in early 2024. LinkedIn’s Terms of Service, verification policy, fake profile countermeasures, and other features may have changed since. It’s important to regularly review and implement these security measures and stay informed about platform updates.