Linkedin Fake Profiles on the Rise

While Facebook is being overwhelmed with fake Facebook profiles, Linkedin is also on the rise. I get, on average, out of the blue about 3-4 Linkedin requests per week, out of those, at least one or two a week are fakes, up from last year when it was about once a month. The Linkedin fakes are a little harder to spot right off the bat, they are on Linkedin, so I would guess the average education level of the spammer/scammers might be a little higher and the copies of messages I have gotten from friends and clients are definitely a lot more sophisticated then the Facebook messages you might get having connected with some “one” on that platform. And I’ve been getting quite a few reports from friends and clients that they are getting lots of odd connection requests.

A question I frequently get from people when I’ve messaged, emailed them or in some case called (especially if it’s a large group of connections that has been hit), is how do you know it’s a fake?

Step one, eyeball the full profile. Generic photo (red flag), the fact they don’t have a banner image in the back is negligible unless they are Linkedin power users or in marketing, many regular Linkedin profile do not add an image. generic text in the bio (red flag), but he has over 500 connections…….

Fake Linkedin Profile Screenshot

Step two, look for mutual connections and wait ohhhh, we have a mutual connection….. (sometimes more)

Fake Linkedin Profile Screenshot

Step Three, look at what they list as experience. Do the companies they list have a Linkedin page for the business (in this case it’s a tech business, so if not, red flag). Google the business listed, in quotes, so in this case “Inhouse design” WordPress web design and “Clean Mate Designing” Websites or Website design. Hmm in this no case no search results for either, tad suspicious no for a web development company? The Third one is a real company, but had live chat on their website, so followed through and asked if he had ever worked there. Not that they recall.  I also Google the name and location of the fake profile and in this case got absolutely nothing online, anywhere, no websites, no social media channels, Nada. Sometimes you might get a name hit, but its an appropriated name, so John Doe from Missouri in Healthcare is actually John Doe from Missouri but the real person is a Granite Distributor.

Step Four (in case you were still in doubt when vetting a Linkedin request a this point), Education? “Maybe” I’ve seen schools listed that don’t even actually exist. He (or she) has over 500 connections, but not a single one of them has endorsed them for a skill, that’s a huge red flag.

And finally Step Five, reverse search their profile picture, occasionally they are a dead giveaway, I’ve had connection requests from people with Susan Boyle’s photo, Prince Harry and Michelle Pfeiffer, it does seem like most of the fake profiles set up information with Tech information in the bios, but not all. The Susan Boyle one stood out because it said she was a local realtor. Some are posing as Job Headhunters (especially if you list on your profile you are job seeking.)

In this particular case, I tracked the image down to a free stock photo site, sometimes you have to dig a little, but generally they pop right up in search.

I very much recommend, similar to locking down your friends list on Facebook (even to friends) because once they are connected then they have access, locking down your Linkedin connections, unless you are scrupulous about making sure connection requests are real people, even then unless you are heavily using Linkedin daily, and using it connect with others and facilitate connections, locking it down is a good idea. This is how these people get access, they connect with someone in business and then boom they have access as a connection to see who that person is connected to, and then start sending out connection requests because they know appear as a second degree connection. The same thing happens with Facebook, Billy Joe and Linda Sue are friend/connections so they must be ok.

As I mentioned the messaging is more sophisticated then the Facebook direct messages, frequently offering a special deal or job offers. They are looking to get personal information from you by getting a job application filled out usually with your social security number, or its an investment or buyin scheme requiring you to pay money and get XXXX which never comes through.

Please report/block these profiles and if you are sure it’s a fake, message anyone you know that is connected to them, most people are not aware the connection is fraudulent and may never have received a direct message from the fake account, they are purely being used as a way to leverage more connection requests. When in doubt, ask your connection if they really know them.

Locking down your connections:

A

And while you are in there, I’d recommend besides locking down connections, go through all your back end settings, especially Account -then- Partners and services -then- Permitted Services and disable any application access that you are not 100% sure is safe. If your Linkedin account is or has been or will be hacked, it’s almost 100% of the time through application access you have granted to your account.

I hope this was helpful, and if you get a Linkedin request that your not totally sure of, please let me know and I’d be happy to take a look.

 

 

Computer Safety & Security Checklist for Innkeepers

Image of Man with logos and icons in front of himAt a recent innkeeping conference I did a session for innkeepers on protecting themselves and their businesses in terms of computer related things, both online and offline.

Several people asked me if I could share the checklist I had made up and I thought it might make a helpful blog post.

Online Security Checklist Immediate Action: (estimated time to review all-under 2 hours)

  • Switch Browser to Google Chrome, Safari or Firefox if using Internet Explorer. (1 minute to find, 10 minutes or less to install).
  • Login to all social media accounts and enable two factor authentications. (10 minutes or less).
  • Review Important Passwords, change if simple or using things commonly known or easily guessed. (10 minutes or less).
  • Who is your domain name through? Do you have access? When does it expire? Is the credit card up to date? (10 minutes or less).
  • Who hosts your website? Is there emergency contact information for it? Is there a website backup, where is it stored and how can it be restored? (10 minutes or less).
  • Do you have an antivirus program? Is it up to date? (10 minutes or less).
  • Do you have a malware program? Is it up to date? (10 minutes or less).
  • Enable program(s) or check to see last time updated, file backups (10 minutes or less).
  • Check router to see if it needs to be updated/patched, call your cable company if in doubt (10 minutes or less).
  • Purchase a safe (ETL Verified fire at least 2 hour rated) and other external digital backups (external hard drive and thumb/zip drives) keep offsite with a copy in the safe.
  • Review and initiate all weekly and monthly To-Dos .

 

Weekly Security To-Dos: (Under 10 minutes)

  • Check to make sure antivirus and malware programs are running and up to date.
  • Make sure computer/tablet/mobile phone operating systems are up to date and patched.
  • Check to make sure files are being backed-up.

 

Monthly Security To-Dos: (Under 20 minutes)

  • Check/Review Installed Browser Plugins (Called Extensions in Safari), disable and delete any you are not 100% sure of. You can always reinstall them later if needed.
  • Make Sure Internet Browser Is Up to Date.
  • Check/Review Social Media Channels to see which applications have access to the accounts, disable and delete any you are not 100% sure of. You can always reenable them later if needed.
  • Review passwords to primary accounts, change and/or rotate.
  • Make sure computer/tablet/mobile phone operating systems are up to date and patched.