6 Tips to Avoid Scammers on LinkedIn


June 6, 2014

By Richard Stiennon

LinkedIn announced in April that it had surpassed 300 million users. While LinkedIn has become a valuable networking tool and even somewhat of a useable social networking platform, especially its Groups, like all such platforms it attracts unsavory types.

As of today there are actually 348,553,337 LinkedIn “accounts.”  I can tell because I get several scammers  a day trying to link to me. The URLs for LinkedIn profiles are assigned sequentially. For instance, by looking at my profile you can quickly see that I was the 84,478th person to sign up for LinkedIn.

Look at the LinkedIn profile for Mr. scot bioh from Ghanna, which requested a connection today.

There is a lot of evidence here that this is likely a fake account. Why do scammers attempt to connect to you? First, once you accept they can see your contact information.

Second, they can also email you (spam) through LinkedIn so their messages will not be blocked by your anti spam filters. An elaborate scam could go on to get you to click on a link and get infected with malware. These techniques were revealed in iSIGHT Partners’ report on the Newscaster team from Iran.

Here are my tips for identifying fake accounts.

1.Look at that URL. If it indicates that this is a new account (anything over 300 million right now) be very suspicious. Other than your kids do you know anyone professionally who has not had a LinkedIn account for at least a couple of years (less than 100 million)?

2.The name does not include capitalized initial letters. I suspect that scammers have written scripts to generate these accounts and it is simpler not to capitalize.

3.They have fewer than ten connections. Why would someone from Ghana( in this case) pick me out of 300 million people to connect to on practically the first day he gets on LinkedIn? I am often the first person they reach out to.  Conversely, if someone has 500+ connections that is a very good sign they are a real person.

4.Picture is of a really good looking person. We all know how honey traps work. Don’t fall for a pretty face (or more). 

5.Profile is incomplete. Look for a complete work history, education, and the number of people who have provided those “endorsements.”

6.No recommendations. Recommendations from real people is the best indicator of a real person. Obviously, a sophisticated attack from a determined assailant would go to the trouble of creating fake recommendations. I have not seen that yet.

What do you do next? Click “ignore request” and LinkedIn will ask you if it’s because “you do not know this person” or if “this is spam.”  If you are not completely sure, after all some newbies are just clueless about how to create a profile, click on “I don’t know this person.” After about ten of those, LinkedIn stops allowing someone to connect to strangers and  a user will have to be much more careful about the people they try to connect to.

If you are certain it is a fake account do us all a favor and click on “this is spam.”  If enough people help curate LinkedIn it will be a better service.

Stay safe! 

comments powered by Disqus

The Human Factor: Gain new insight into the ways attackers exploit end-users' psychology​​

About Security Current | Privacy Policy | Subscribe to our newsletter