How you're being scammed on LinkedIn and how to protect yourself

How you're being scammed on LinkedIn and how to protect yourself
In this brave new world of social media, fake profiles - and the scammers that make them - are rife. But what's the harm? What's the risk to you? And what should you do when you find yourself connected to someone who isn't who they say they are?

Let me just start by saying this is not just limited to LinkedIn. Facebook had a cull not so long ago and Instagram followed suit, leading to reports of massive drops in members.

So it's rife out there, but what form does it take LinkedIn and what should you do about it? More importantly, why should you care? So far the title seems a bit alarmist right?

Sadly this common LinkedIn scam isn't as innocent as you might think.

In case you've somehow escaped being targeted, we're talking about fake profiles here.

But don't fall into the trap of thinking there's no harm in that, because there is serious harm in being lazy by not checking connection requests are from real people.

Hold up, wait a minute...

Before you keep reading I need to ask you not to overreact here. Please do not stop connecting with people you don't know. (I genuinely hope this educates you, not freaks you out!). Plus if you use ANY social network, or just use email for that matter, you need to stay ahead of the scammers.

So unless you plan to stop using ALL social networks and replace email with faxes, this is must-have knowledge.

A quick search will result in masses of articles about how to spot fake profiles and how to report them to LinkedIn (I'll finish on that note) but very little is said about why.

The main risks are malware and identity theft, and believe me, once this happens to you, you won't get caught out in the future.


Image: Author and marketing manager, Anna Gervai

Identity Theft

Like me, you're probably getting requests to connect with recruitment agents all the time. This is a really common way to get your personal information.

"Are you looking for opportunities at the moment?" They have a fantastic job they think you'd be perfect for! You start communicating, send them your CV, maybe fill out a recruitment form online and voila. You've just given them enough information through the 'recruitment' process to fuel the next case of identity theft. Your full name, your address, your email and phone numbers. Some fools naive people even share their date of birth and banking details!

This may 'only' result in a scam similar to one that did the rounds a while ago which was people having their LinkedIn profiles taken over by the scammer, giving them direct access to your network of friends and colleagues because, well, they're 'you' after all (and if you've ever been through that on Facebook you know your chances of getting it back when your profile gets hacked).

Another common approach is for the scammer to duplicate your LinkedIn profile (now you've given them full access), then connect with all your real profile's connections, people now much more likely to click that link 'you' have sent them.

Malware

There's a black market for purchasing established LinkedIn profiles with lots of connections for good reason. But why pay for a LinkedIn profile?

Yep, malware.

These may be in the guise of a job-related link in the person's profile, or in that friendly follow-up email they send you after you accept their connection. It could be an innocent-seeming link to a fake careers page, or even a NSFW link that the naughty part of you can't help but click on with the promise of nude photos or films. A couple that hit LinkedIn users not that long ago were the promise of free antivirus software to download, and another for downloading a media player for Windows. The result? You've downloaded a trojan (that's a type of malware that gives someone else remote, unauthorised access to your computer to do things like spam your email contacts or steal your credit card information).

Spam lists

Some reasons for these fake profiles are less damaging, in the short-term anyway. For instance, a common goal is to gather an ever-increasing list of email addresses to on-sell, sometimes to legit businesses, sometimes for more nefarious uses like phishing (more about that below).

Ever got unexplained emails you are sure you never signed up for? Yep, that.

Phishing

Phishing (pronounced 'fishing') is a common use of those spam email lists you're helping them build. 

Phishing is when you get a seemingly legit email from a website or firm you are a member of (a bank, a social network, 'here's your payslip', a game you play...). The hope is you'll follow the link from the email to that equally legit-looking but totally fraudulent website to get you to enter your log in, or complete a form to get your username, password, financial info and other sensitive, personal data, or download that zip file.

'Legitimate' fake profiles

Yes, some fake profiles are 'real', such as a cover for someone who wants to avoid associating their real identity with their 'opportunity',  like getting you into a too-good-to-be-true pyramid scheme. Approach enough people and eventually someone gets taken in - and you've helped even if you don't get duped. And of course some fake profiles are simply being built to on-sell.

The good news is this is far less common than it used to be, helped in part by people sharing their personal experiences of doing exactly what they shouldn't have, and by LinkedIn clamping down on these fake profiles (but even that needs YOU to act).

The bad news?

So you're reading this and feeling pretty safe right? You're smart. Okay, so you may have connected with people you don't know without checking they look legit, but you'd NEVER fall for downloading malware or filling out your personal info, right? No harm done?

Wrong.

Make the mistake of connecting with the person - even if you don't fall into the trap of clicking and/or downloading - and you open your entire network to the same scam too. Thanks for that.

There's a lot of trust required on LinkedIn. So when you connect, the scammer can more easily dupe your network into connecting too. And some in your network might not be as smart as you at spotting something fishy going on. After all, the scammer looks all the more trustworthy now because they share a first-level connection with - you guessed it - you and your smiling photo, adding instant trust for people you have in common.

Who's to blame?

Don't get me wrong. I don't blame LinkedIn one bit. Like Facebook and Instagram, the more popular your network becomes, the more likely you'll be used for these scams. So who do I blame?

Sorry to say, but it's you.

Okay, okay. So maybe not you - after all, you're reading this article - but people that continue to accept connections from people they don't know, without checking them out first, I blame you. That's not to say there's anything wrong with connecting with people you don't know on LinkedIn - not at all. In fact  highly recommend using LinkedIn to expand your network. Just be smart about it!

So what SHOULD you do?

Firstly, click on their name before you accept the connection.

Look out for:

  • An obvious stock photo for the profile pic.
  • The first name and/or last name all in small letters.
  • A very generic summary and/or list of jobs with no detail.
  • No job history.

Report them

Check them out, and if in doubt, follow LinkedIn's options for reporting them.

--

Anna Gervai is the marketing manager at Shore City. She previously worked for JWT and Lassoo Media & PR and has 15 years digital and marketing experience.