Blog Inforeseau.com – Alexandre Blanc Cyber Security

Spotting LinkedIn fake profiles, the tail of industrial spying, should I trust this contact ?

An article from me initially published on LinkedIn in January 2020

I’ve been contacted a couple of times about potentially unsafe profiles, or fakes.

Sometimes it was a question of national security, with industrial spies, and collaborated with some law enforcement contacts to report the profile after providing gathered intelligence.

First of all, we have to understand that the social network LinkedIn, like any social network, do not verify any individual information.

Everybody is free to subscribe with any name and potentially each and every profile is fake. Unless you actually met the persons you are in touch with, you should keep a little doubt.

There is this basic saying in cyber security : « trust, but verify« .

I think this is totally applicable in this case.

Social networks are the place where social engineering takes place, fake, lies, impersonation, deception (happens in real life, on the phone, scams are everywhere, but social engineering dominate social networks).

« Escalation of privileges »

As we know the « escalation of privileges » in computer systems, we do have the same on social networks, basically it is happening because we assume our contacts did their due diligence when accepting another contact.

As soon as we see a contact request from someone already linked to someone we trust, we naturally (and wrongly) tend to trust the contact as well.

But here it is, we sometime accept a connection, knowing we’ll be careful during a grace period, after which, depending on interaction, posts, exchanges, you may or may not keep the contact (most likely we forget and this is an issue in the long run).

Even if we don’t forget, this is a vulnerability time frame for your contacts, during this « evaluation » time they’ll assume because you are trustable, most likely, they can trust as well.

As you can guess, 1 trusted contact only, can open the doors to a full network, it escalate quickly.

« Don’t trust by default »

My advice, don’t trust by default, ONLY trust the persons your met IRL (in real life) and which made you comfortable in regards to your own expectations (very subjective I know).

Now, you receive this connection request, and while you are eager to grow your network, you must make sure you are not bringing a potential threat in your network. It would be risky for you, for your contacts, and potentially bad for your personal brand, if ever you care about this.

Quick items you are going to check before accepting a connection :

– How complete is the profile, and use your common sense, does this makes sense

– Is this person anyhow of interest in your field ? If the profile of no interest, check recent posts and activity, and see if anything smart has been posted.

– Does this profile have recommendations and endorsements, if many, this is a very good point, it takes time to gather recommendations, while not impossible to forge them either (fake profiles farms are totally a realistic thing)

– Is this an old profile ? very recent profiles are an higher risk

– Is the activity of the profile linear and aligned with the usual content and comments ? (the account may have been hacked)

– Did the profile engage in comments for a while, and brought some relevant information ? if yes, it is most likely a legit one.

Now, some deeper search might be needed, especially when things are too nice to be true, as the following :

– The lady / guy is amazingly sexy/cute, and the posts are like a top model book

– The person is supposed to be a huge star or political person, or big CEO of great company. Ask yourself why would this profile be interested in you ? very unlikely (that said Sharon Stone had trouble to date on bumble lately ! https://www.cnn.com/2019/12/30/entertainment/sharon-stone-bumble-intl-scli/index.html – sometimes it’s too good AND true…. )

– The person seems to have a crush on you, kindly redirect the person to proper application for this purpose, even if you’d be interested, don’t mix this professional network and dating site, get to bumble, tinder, POF or others instead.

« Intelligence gathering and data correlation »

But yet you still have a doubt, so you need to switch to data correlation, after all, social networks do this all the time to resell your information, you can use this too !

Here are some key checks that will help you spot fakes :

– Take the profile picture, and all personal pictures potentially posted in the feed (go through post history of the profile), and run a reverse picture search on google image, it is very efficient, check also TinEye for the same purpose. See if the picture has been taken from another site. This is usually a quick and easy bust ! Then report as fake to LinkedIn.

– Search for name and localization, see if information exists on other social networks, privacy freaks like me, most likely don’t have a Facebook account, but most people do, if not facebook, you may find some references allowing you to cross information.

– Check studies background, and see if things align properly, country, place, address/city, feel free to ask the person for details that would allow you to confirm your assumptions.

– Ask your other connections for advice, we all have our approach in this regards, and some might quickly spot issues that you would have missed.

Now, you accepted the connection, and yet, you have to continue the verification process, be on your guard for a while (in terms of exchanges). The usual scenarios are :

– The person wants to sell something to you and have such a great solution for your problem (which you never spoke about), kindly explain that this is super cool, and you’ll get back to them. Assess if you may have any interest in keeping them in your network (sometimes it’s an asset and you may need them later), if the person is decent enough not to harass you, fine.

– The person directly ask personal questions about your private life, your habits, your work, WARNING WARNING WARNING, smell of social engineering from far away. Most likely the person is phishing information about your employer or ex employer. Don’t give anything away that is not public information. Sometimes it’s a cultural difference, if the person doesn’t calm down, cut the link and report spam.

– The person have many technical questions, drilling in your skills and it feels like free consulting, stop it there, and advise to contact some of the previous salesperson that you have in your network (told you, they might be an asset that you’d need later)

– The person ask what seems to be innocent questions but is actually gathering personally identifiable information, politely decline. If you can’t, remain evasive, or worst case provide fake/false information.

Keep in mind :

– It is not normal for a person to ask personal details on a professional network

– Consider that it could be a disguised journalist checking if you are real as good as it seems

– It could be a private investigator from your employer, checking if you’d leak corporate information (yes, frightening, this is good, it keeps you away from mistakes)

– It could be an industrial spy, from a foreign state backed criminal organization, they are usually smart and friendly, don’t share more than what you would share on your linkedin public post

– No one need your email, or mailing address, unless trust is clearly established (and you need to ship them a t-shirt :P )

– If it is an urgent request, delay it, you did not know you needed it before the contact, delay the answer, if really important, you’ll know soon enough.

– Each small information, stored, and added together, is an aggregation process, you may have said much more than you thought. Foreign intelligence agencies are very efficient at connecting dots.

– Always lie a little bit, you did not swear anything for truth, everybody lie, do yourself a favor, lie a little bit as well. Just enough to make information inaccurate. This can save you at some point.

Best lies to protect you and feed social network :

• fake birth date
• typo on the name
• fake living area
• partially fake experience
• wrong dates by a few months

You are a target, if people want to connect with you, it’s because you have a value. Now, are YOU the value, or are you a chess piece ?

Stay safe, technology is a deceptive tool, used to manipulate, from sales to intelligence gathering.

Article written following a collaboration with Thomas Molnar, which allowed us to get rid of bunch of fake profiles from the LinkedIn network.