Spotting LinkedIn fake profiles, the tail of industrial spying, should I trust this contact ?

An article from me initially published on LinkedIn in January 2020

No alt text provided for this image

I’ve been contacted a couple of times about potentially unsafe profiles, or fakes.

Sometimes it was a question of national security, with industrial spies, and collaborated with some law enforcement contacts to report the profile after providing gathered intelligence.

First of all, we have to understand that the social network LinkedIn, like any social network, do not verify any individual information.

Everybody is free to subscribe with any name and potentially each and every profile is fake. Unless you actually met the persons you are in touch with, you should keep a little doubt.

There is this basic saying in cyber security : « trust, but verify« .

I think this is totally applicable in this case.

Social networks are the place where social engineering takes place, fake, lies, impersonation, deception (happens in real life, on the phone, scams are everywhere, but social engineering dominate social networks).

« Escalation of privileges »

As we know the « escalation of privileges » in computer systems, we do have the same on social networks, basically it is happening because we assume our contacts did their due diligence when accepting another contact.

As soon as we see a contact request from someone already linked to someone we trust, we naturally (and wrongly) tend to trust the contact as well.

But here it is, we sometime accept a connection, knowing we’ll be careful during a grace period, after which, depending on interaction, posts, exchanges, you may or may not keep the contact (most likely we forget and this is an issue in the long run).

Even if we don’t forget, this is a vulnerability time frame for your contacts, during this « evaluation » time they’ll assume because you are trustable, most likely, they can trust as well.

As you can guess, 1 trusted contact only, can open the doors to a full network, it escalate quickly.

« Don’t trust by default »

My advice, don’t trust by default, ONLY trust the persons your met IRL (in real life) and which made you comfortable in regards to your own expectations (very subjective I know).

Now, you receive this connection request, and while you are eager to grow your network, you must make sure you are not bringing a potential threat in your network. It would be risky for you, for your contacts, and potentially bad for your personal brand, if ever you care about this.

Quick items you are going to check before accepting a connection :

– How complete is the profile, and use your common sense, does this makes sense

– Is this person anyhow of interest in your field ? If the profile of no interest, check recent posts and activity, and see if anything smart has been posted.

– Does this profile have recommendations and endorsements, if many, this is a very good point, it takes time to gather recommendations, while not impossible to forge them either (fake profiles farms are totally a realistic thing)

– Is this an old profile ? very recent profiles are an higher risk

– Is the activity of the profile linear and aligned with the usual content and comments ? (the account may have been hacked)

– Did the profile engage in comments for a while, and brought some relevant information ? if yes, it is most likely a legit one.

Now, some deeper search might be needed, especially when things are too nice to be true, as the following :

– The lady / guy is amazingly sexy/cute, and the posts are like a top model book

– The person is supposed to be a huge star or political person, or big CEO of great company. Ask yourself why would this profile be interested in you ? very unlikely (that said Sharon Stone had trouble to date on bumble lately ! it’s too good AND true…. )

– The person seems to have a crush on you, kindly redirect the person to proper application for this purpose, even if you’d be interested, don’t mix this professional network and dating site, get to bumble, tinder, POF or others instead.

« Intelligence gathering and data correlation »

But yet you still have a doubt, so you need to switch to data correlation, after all, social networks do this all the time to resell your information, you can use this too !

Here are some key checks that will help you spot fakes :

– Take the profile picture, and all personal pictures potentially posted in the feed (go through post history of the profile), and run a reverse picture search on google image, it is very efficient, check also TinEye for the same purpose. See if the picture has been taken from another site. This is usually a quick and easy bust ! Then report as fake to LinkedIn.

– Search for name and localization, see if information exists on other social networks, privacy freaks like me, most likely don’t have a Facebook account, but most people do, if not facebook, you may find some references allowing you to cross information.

– Check studies background, and see if things align properly, country, place, address/city, feel free to ask the person for details that would allow you to confirm your assumptions.

– Ask your other connections for advice, we all have our approach in this regards, and some might quickly spot issues that you would have missed.

Now, you accepted the connection, and yet, you have to continue the verification process, be on your guard for a while (in terms of exchanges). The usual scenarios are :

– The person wants to sell something to you and have such a great solution for your problem (which you never spoke about), kindly explain that this is super cool, and you’ll get back to them. Assess if you may have any interest in keeping them in your network (sometimes it’s an asset and you may need them later), if the person is decent enough not to harass you, fine.

– The person directly ask personal questions about your private life, your habits, your work, WARNING WARNING WARNING, smell of social engineering from far away. Most likely the person is phishing information about your employer or ex employer. Don’t give anything away that is not public information. Sometimes it’s a cultural difference, if the person doesn’t calm down, cut the link and report spam.

– The person have many technical questions, drilling in your skills and it feels like free consulting, stop it there, and advise to contact some of the previous salesperson that you have in your network (told you, they might be an asset that you’d need later)

– The person ask what seems to be innocent questions but is actually gathering personally identifiable information, politely decline. If you can’t, remain evasive, or worst case provide fake/false information.

Keep in mind :

– It is not normal for a person to ask personal details on a professional network

– Consider that it could be a disguised journalist checking if you are real as good as it seems

– It could be a private investigator from your employer, checking if you’d leak corporate information (yes, frightening, this is good, it keeps you away from mistakes)

– It could be an industrial spy, from a foreign state backed criminal organization, they are usually smart and friendly, don’t share more than what you would share on your linkedin public post

– No one need your email, or mailing address, unless trust is clearly established (and you need to ship them a t-shirt :P )

– If it is an urgent request, delay it, you did not know you needed it before the contact, delay the answer, if really important, you’ll know soon enough.

– Each small information, stored, and added together, is an aggregation process, you may have said much more than you thought. Foreign intelligence agencies are very efficient at connecting dots.

– Always lie a little bit, you did not swear anything for truth, everybody lie, do yourself a favor, lie a little bit as well. Just enough to make information inaccurate. This can save you at some point.

Best lies to protect you and feed social network :

  • fake birth date
  • typo on the name
  • fake living area
  • partially fake experience
  • wrong dates by a few months

You are a target, if people want to connect with you, it’s because you have a value. Now, are YOU the value, or are you a chess piece ?

Stay safe, technology is a deceptive tool, used to manipulate, from sales to intelligence gathering.

Article written following a collaboration with Thomas Molnar, which allowed us to get rid of bunch of fake profiles from the LinkedIn network.


Not f'd — you won't find me on Facebook
juin 2024

Suivez moi sur twitter - follow me on twitter
Follow on LinkedIn
[FSF Associate Member]
Free Software, Free Society
Compacter une image virtualbox VDI
Bon petit tutoriel esxi
Marche d'appliances vmware
Installer ESXi sur un disque IDE
Installer ESXi 3.5 sur un disque USB
Installer proxmox avec DRBD et migration / réplication à chaud
Installer OSSEC avec VMware
Information sur le VDI
Ouvrir des ports dynamiquement iptables - knockd
Autre tres bon tuto knockd
Docs Arp poisoning - Anglais
Metasploit test de pénétration
Zone H - sites piratés en temps réel
Blog invisible things
Tips protection sécurité wordpress
Pfsense - distribution firewall opensource - adsl internet failover
Iproute 2 mini how to - linux advanced routing
ClearOS - la passerelle sécuritaire lan - wan
CDN - Accélération de la distribution de données
drbd iscsi ocfs2 dm multipath tutoriel
Load balancing LVS
Load balancing opensource list
HA-Proxy :
HAproxy - http load balancer
Simple tutoriel HAproxy
HAproxy - debian tutoriel
Centos - Ip failover
Configuratoin DM-Multipath Redhat
VMware Doubletake - continuité
Quelques liens sur la réplication MySQL : Manuel MySQL, chapitre sur la réplication
Manuel MySQL, Tutoriel clair sur la mise en place
Autre tuto sur la mise en place de la réplication MySQL
Références pour optimisation du serveur MySQL
Utilisation de EXPLAIN mysql pour optimiser vos bases
optimiser vos bases - requetes et index
Un outil de clonage disque en reseau
Internet NAS 250Go 250 accès VPN
Server ISCSI avec Ubuntu tuto
ISCSI centos redhat tutoriel
Gérer et étendre un LVM
Créer sa piratebox ! trop cool
Deaddrops, les clés USB dans les murs, aussi cool !
Télécharger Xenu
Comment utiliser Xenu
optimisation hébergement wordpress
Super howto wordpress (En)
Test de charge serveur web - Load impact
Zeroshell - le mini-routeur wifi tout en un
Retroshare, votre réseau d'échange crypté!
Openvpn sur centos redhat
Intégrer Linux dans active directory
Routage inter-vlan avec Linux
Routage avec OSPF
Network Weathermap
Boutons twitter
Analyser les tendances des recherches Google
Protocole sitemap - robots.txt
Creer des animations CSS3
Code php pour interagir avec twitter
E reputation
TRUCS ET ASTUCES GNU/LINUX : - Actus et tips linux
Configurer GRUB2 et grub2 ici
Panoet - en anglais - tips & tricks
Readylines tips and trick pertinents
Squid Clamav - proxy antivirus
Apprendre Unix en 10 minutes
13 tips sur les expressions régulières
IE Sous linux IES
LDAP 2.4 Quickstart guide
Tutoriel LDAP
Installation annuaire LDAP
Serveur Mail Postfix - Dovecot - LDAP - MDS
Créer un linux personnalisé en ligne - custom linux
Super site sur linux - en
Capistrano - déploiement automatisé
Nagios tutoriel et doc
Nagios plugin NRPE tuto
Nagios plugin NRPE autre tuto
Nagios plugin NRPE officiel
Zabbix - fonctionnalités
Zabbix - installation
Guide MRTGsys - grapher la charge locale
MRTGsys - ajouter des graphs
MRTGsys - interpréter les données
Shinken - Monitoring
Thruk Monitoring webinterface
Shinken - Tutoriel
Shinken - Référence chez Nicolargo
RemixJobs IT jobs
USB Multiboot
Reset mot de passe windows
Java python et autres tips, intéressant !
Forum inforeseau
Open Clipart
Excellent comic en ligne