Spotting LinkedIn fake profiles, the tail of industrial spying, should I trust this contact ?
An article from me initially published on LinkedIn in January 2020
I’ve been contacted a couple of times about potentially unsafe profiles, or fakes.
Sometimes it was a question of national security, with industrial spies, and collaborated with some law enforcement contacts to report the profile after providing gathered intelligence.
First of all, we have to understand that the social network LinkedIn, like any social network, do not verify any individual information.
Everybody is free to subscribe with any name and potentially each and every profile is fake. Unless you actually met the persons you are in touch with, you should keep a little doubt.
There is this basic saying in cyber security : « trust, but verify« .
I think this is totally applicable in this case.
Social networks are the place where social engineering takes place, fake, lies, impersonation, deception (happens in real life, on the phone, scams are everywhere, but social engineering dominate social networks).
« Escalation of privileges »
As we know the « escalation of privileges » in computer systems, we do have the same on social networks, basically it is happening because we assume our contacts did their due diligence when accepting another contact.
As soon as we see a contact request from someone already linked to someone we trust, we naturally (and wrongly) tend to trust the contact as well.
But here it is, we sometime accept a connection, knowing we’ll be careful during a grace period, after which, depending on interaction, posts, exchanges, you may or may not keep the contact (most likely we forget and this is an issue in the long run).
Even if we don’t forget, this is a vulnerability time frame for your contacts, during this « evaluation » time they’ll assume because you are trustable, most likely, they can trust as well.
As you can guess, 1 trusted contact only, can open the doors to a full network, it escalate quickly.
« Don’t trust by default »
My advice, don’t trust by default, ONLY trust the persons your met IRL (in real life) and which made you comfortable in regards to your own expectations (very subjective I know).
Now, you receive this connection request, and while you are eager to grow your network, you must make sure you are not bringing a potential threat in your network. It would be risky for you, for your contacts, and potentially bad for your personal brand, if ever you care about this.
Quick items you are going to check before accepting a connection :
– How complete is the profile, and use your common sense, does this makes sense
– Is this person anyhow of interest in your field ? If the profile of no interest, check recent posts and activity, and see if anything smart has been posted.
– Does this profile have recommendations and endorsements, if many, this is a very good point, it takes time to gather recommendations, while not impossible to forge them either (fake profiles farms are totally a realistic thing)
– Is this an old profile ? very recent profiles are an higher risk
– Is the activity of the profile linear and aligned with the usual content and comments ? (the account may have been hacked)
– Did the profile engage in comments for a while, and brought some relevant information ? if yes, it is most likely a legit one.
Now, some deeper search might be needed, especially when things are too nice to be true, as the following :
– The lady / guy is amazingly sexy/cute, and the posts are like a top model book
– The person is supposed to be a huge star or political person, or big CEO of great company. Ask yourself why would this profile be interested in you ? very unlikely (that said Sharon Stone had trouble to date on bumble lately ! https://www.cnn.com/2019/12/30/entertainment/sharon-stone-bumble-intl-scli/index.html – sometimes it’s too good AND true…. )
– The person seems to have a crush on you, kindly redirect the person to proper application for this purpose, even if you’d be interested, don’t mix this professional network and dating site, get to bumble, tinder, POF or others instead.
« Intelligence gathering and data correlation »
But yet you still have a doubt, so you need to switch to data correlation, after all, social networks do this all the time to resell your information, you can use this too !
Here are some key checks that will help you spot fakes :
– Take the profile picture, and all personal pictures potentially posted in the feed (go through post history of the profile), and run a reverse picture search on google image, it is very efficient, check also TinEye for the same purpose. See if the picture has been taken from another site. This is usually a quick and easy bust ! Then report as fake to LinkedIn.
– Search for name and localization, see if information exists on other social networks, privacy freaks like me, most likely don’t have a Facebook account, but most people do, if not facebook, you may find some references allowing you to cross information.
– Check studies background, and see if things align properly, country, place, address/city, feel free to ask the person for details that would allow you to confirm your assumptions.
– Ask your other connections for advice, we all have our approach in this regards, and some might quickly spot issues that you would have missed.
Now, you accepted the connection, and yet, you have to continue the verification process, be on your guard for a while (in terms of exchanges). The usual scenarios are :
– The person wants to sell something to you and have such a great solution for your problem (which you never spoke about), kindly explain that this is super cool, and you’ll get back to them. Assess if you may have any interest in keeping them in your network (sometimes it’s an asset and you may need them later), if the person is decent enough not to harass you, fine.
– The person directly ask personal questions about your private life, your habits, your work, WARNING WARNING WARNING, smell of social engineering from far away. Most likely the person is phishing information about your employer or ex employer. Don’t give anything away that is not public information. Sometimes it’s a cultural difference, if the person doesn’t calm down, cut the link and report spam.
– The person have many technical questions, drilling in your skills and it feels like free consulting, stop it there, and advise to contact some of the previous salesperson that you have in your network (told you, they might be an asset that you’d need later)
– The person ask what seems to be innocent questions but is actually gathering personally identifiable information, politely decline. If you can’t, remain evasive, or worst case provide fake/false information.
Keep in mind :
– It is not normal for a person to ask personal details on a professional network
– Consider that it could be a disguised journalist checking if you are real as good as it seems
– It could be a private investigator from your employer, checking if you’d leak corporate information (yes, frightening, this is good, it keeps you away from mistakes)
– It could be an industrial spy, from a foreign state backed criminal organization, they are usually smart and friendly, don’t share more than what you would share on your linkedin public post
– No one need your email, or mailing address, unless trust is clearly established (and you need to ship them a t-shirt :P )
– If it is an urgent request, delay it, you did not know you needed it before the contact, delay the answer, if really important, you’ll know soon enough.
– Each small information, stored, and added together, is an aggregation process, you may have said much more than you thought. Foreign intelligence agencies are very efficient at connecting dots.
– Always lie a little bit, you did not swear anything for truth, everybody lie, do yourself a favor, lie a little bit as well. Just enough to make information inaccurate. This can save you at some point.
Best lies to protect you and feed social network :
- fake birth date
- typo on the name
- fake living area
- partially fake experience
- wrong dates by a few months
You are a target, if people want to connect with you, it’s because you have a value. Now, are YOU the value, or are you a chess piece ?
Stay safe, technology is a deceptive tool, used to manipulate, from sales to intelligence gathering.
Article written following a collaboration with Thomas Molnar, which allowed us to get rid of bunch of fake profiles from the LinkedIn network.
Links
Calendrier
L | M | M | J | V | S | D |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | |
7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 | 22 | 23 | 24 | 25 | 26 | 27 |
28 | 29 | 30 | 31 |
Recherche
Derniers articles
Tresronours Twitter
Keywords cloud topic
Membre de la FSF
Liens qui vont bien
Mots clés vrac – keyword cloud
License du contenu – CC By NC SA
Archives
- Resumed posting and expanding on X
- Linkedin Access to your account has been restricted – Final debrief and resilience plan
- I’m thankful for the support I get in rough time
- Cyber security news of the day – 2024 May 31
- Alexandre Blanc Cyber Kicked out from Linkedin
- You’ll most likely find me on LinkedIn
- The Russian roulette landing page !
- RTSP, Debian, VLC, not playing, IP Camera
- 5G network hosted in the cloud, no internet, no phone ! So smart ! And I ended on TV, This week in cyber
- They lock the door for privacy… but they keep a copy of the key, and couple of backdoors
- Worst is yet to come, but they all warned you
- Migrating an old WordPress and handling character set, UTF8, latin1, latin1_swedish_ci
- From a broken TLS CA, to Facebook, to FIN12 hit and run
- Yes we can fix this mess, but do we want to ? That’s another story
- Criminals are still dominating the game, why are we doing so wrong, and what can we learn in this tech ocean ?
- Riding cloud can be tricky, don’t fall from it, in the weekly cyber !
- The threat landscape is very dynamic – Cyber news this week
- Cybersecurity is not obvious even for this newsletter !
- Install Slack desktop app on Kali rolling fixing libappindicator3-1 missing dependency
- How to delete all resources in azure to avoid charges after trial on your forced credit card registration
- Proxmox – ZFS – Dead drive on active VM, recover from replicated disk
- Restrict access to proxmox web admin interface
- Migrate your ESXI VMs to proxmox ZFS
- Install your VPN server with pi-hole on OVH VPS in 30 min
- Using raspberry pi 3 as wifi bridge and repeater and firewall
- Raspberry 3 – create a wifi repeater with USB wifi dongle
- raspberry 3 – routeur pare feu point d’acces wifi avec filtrage pub et tracking – router firewall access point with ads and tracking filtering
- Dell XPS 13 touchpad – corriger la sensibilité
- Utiliser Zazeen set top box depuis une connexion videotron
- Fermeture de mon compte facebook – la dernière goutte
- Choisir un kernel par defaut au demarrage de Centos 7.2 – configuration grub2
- Openvpn access server 2.0.25 et android
- Régler la luminosité du laptop par ligne de commande
- chromium outlook web app version complete sous linux
- Nexus 7 2012 – android 5 lollipop solution au probleme de lenteur
- HDD led sur Xubuntu – xfce
- xubuntu 14.04 verrouiller ecran de veille et desactiver mise en veille a la fermeture de l’ecran
- Authentification avec Radmin en utilisant Wine sur Gentoo
- Patcher bash sur une distribution plus supportee comme fedora 11
- Zimbra desktop sous xubuntu 14.04 64bit – fix
- xubuntu 12.10 probleme de son avec VLC – pulse audio – alsa – toshiba L855D – solution
- Evolution sous xubuntu 12.10 – bug affichage a la configuration – solution temporaire
- Booster son acces internet en changeant de DNS pour opendns
- Serveur DLNA sous ubuntu – minidlna
- sshfs sous windows – dokan sshfs
- xubuntu 11.10 Installer le plugin java pour firefox
- Installer Google Earth sur Xubuntu 11.10
- Installer nagios sur Fedora 11 depuis les sources
- Configurer varnish-cache avec des virtualhosts, apache, fedora, redhat, centos
- Installer Varnish depuis les sources sur Fedora 11