October 20, 2022

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users.

Jay Pinho is a developer who is working on a product that tracks company data, including hiring. Pinho has been using LinkedIn to monitor daily employee headcounts at several dozen large organizations, and last week he noticed that two of them had far fewer people claiming to work for them than they did just 24 hours previously.

Pinho’s screenshot below shows the daily count of employees as displayed on Amazon’s LinkedIn homepage. Pinho said his scraper shows that the number of LinkedIn profiles claiming current roles at Amazon fell from roughly 1.25 million to 838,601 in just one day, a 33 percent drop:

The number of LinkedIn profiles claiming current positions at Amazon fell 33 percent overnight. Image: twitter.com/jaypinho

As stated above, the number of LinkedIn profiles that claimed to work at Apple fell by approximately 50 percent on Oct. 10, according to Pinho’s analysis:

Image: twitter.com/jaypinho

Neither Amazon or Apple responded to requests for comment. LinkedIn declined to answer questions about the account purges, saying only that the company is constantly working to keep the platform free of fake accounts. In June, LinkedIn acknowledged it was seeing a rise in fraudulent activity happening on the platform.

KrebsOnSecurity hired Menlo Park, Calif.-based SignalHire to check Pinho’s numbers. SignalHire keeps track of active and former profiles on LinkedIn, and during the Oct 9-11 timeframe SignalHire said it saw somewhat smaller but still unprecedented drops in active profiles tied to Amazon and Apple.

“The drop in the percentage of 7-10 percent [of all profiles], as it happened [during] this time, is not something that happened before,” SignalHire’s Anastacia Brown told KrebsOnSecurity.

Brown said the normal daily variation in profile numbers for these companies is plus or minus one percent.

“That’s definitely the first huge drop that happened throughout the time we’ve collected the profiles,” she said.

In late September 2022, KrebsOnSecurity warned about the proliferation of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. A follow-up story on Oct. 5 showed how the phony profile problem has affected virtually all executive roles at corporations, and how these fake profiles are creating an identity crisis for the businesses networking site and the companies that rely on it to hire and screen prospective employees.

A day after that second story ran, KrebsOnSecurity heard from a recruiter who noticed the number of LinkedIn profiles that claimed virtually any role in network security had dropped seven percent overnight. LinkedIn declined to comment about that earlier account purge, saying only that, “We’re constantly working at taking down fake accounts.”

A “swarm” of LinkedIn AI-generated bot accounts flagged by a LinkedIn group administrator recently.

It’s unclear whether LinkedIn is responsible for this latest account purge, or if individually affected companies are starting to take action on their own. The timing, however, argues for the former, as the account purges for Apple and Amazon employees tracked by Pinho appeared to happen within the same 24 hour period.

It’s also unclear who or what is behind the recent proliferation of fake executive profiles on LinkedIn. Cybersecurity firm Mandiant (recently acquired by Googletold Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at cryptocurrency firms.

On this point, Pinho said he noticed an account purge in early September that targeted fake profiles tied to jobs at cryptocurrency exchange Binance. Up until Sept. 3, there were 7,846 profiles claiming current executive roles at Binance. The next day, that number stood at 6,102, a 23 percent drop (by some accounts that 6,102 head count is still wildly inflated).

Fake profiles also may be tied to so-called “pig butchering” scams, wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.

In addition, identity thieves have been known to masquerade on LinkedIn as job recruiters, collecting personal and financial information from people who fall for employment scams.

Nicholas Weaver, a researcher for the International Computer Science Institute at University of California, Berkeley, suggested another explanation for the recent glut of phony LinkedIn profiles: Someone may be setting up a mass network of accounts in order to more fully scrape profile information from the entire platform.

“Even with just a standard LinkedIn account, there’s a pretty good amount of profile information just in the default two-hop networks,” Weaver said. “We don’t know the purpose of these bots, but we know creating bots isn’t free and creating hundreds of thousands of bots would require a lot of resources.”

In response to last week’s story about the explosion of phony accounts on LinkedIn, the company said it was exploring new ways to protect members, such as expanding email domain verification. Under such a scheme, LinkedIn users would be able to publicly attest that their profile is accurate by verifying that they can respond to email at the domain associated with their current employer.

LinkedIn claims that its security systems detect and block approximately 96 percent of fake accounts. And despite the recent purges, LinkedIn may be telling the truth, Weaver said.

“There’s no way you can test for that,” he said. “Because technically, it may be that there were actually 100 million bots trying to sign up at LinkedIn as employees at Amazon.”

Weaver said the apparent mass account purge at LinkedIn underscores the size of the bot problem, and could present a “real and material change” for LinkedIn.

“It may mean the statistics they’ve been reporting about usage and active accounts are off by quite a bit,” Weaver said.


38 thoughts on “Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

  1. Unblinking

    This is like waiting, years back, for manufacturing executives to come clean in tobacco, automobile, herbicide, and other arenas. “Are your bogus account tallies only a few percent, as you claim, or do bots comprise more like 40 percent of your total membership, as all evidence suggests?” Any of these sources, from Apple to LinkedIn, Facebook to Twitter, could provide relatively accurate figures — if their Boards ever asked for the real data — and eliminate most of the fraud quickly.

    1. SlapzyMaxie

      Elon asked Twitter for real world bot numbers and it almost blew up the sale.

    1. David Elsewhere

      nothing shows you don’t care like commenting on the article you claim that you don’t care about

    2. D Stigers

      North Korea getting their state agents jobs at crypto firms could hurt the economy in ways that would affect most of us. It would certainly be a serious blow to an emerging and disruptive industry. Those are bad enough to care about.

  2. Man Jose

    Why can’t Linkedin have a concept of “Verified user” like twitter?

    1. Alex M

      because all social networks are, or quickly become, “troll magnets?”

  3. A. Nonny Mouse

    I got tired of all the scams coming via LinkedIn so I just hibernated my account. Haven’t missed having it yet.

    1. L G Gibbs

      I did the same, then cancelled it as I saw no value for me.

    2. mealy

      Your name is ironic given that you gave it to the biggest data sink in the free world, but yeah.

      1. Anony-mouse

        I just boycott as many Micro$hit products as I can. Some are foisted upon me by employers. Fortunately, I also have the same name as a celebrity, good luck digging through all of that white noise.

        1. mealy

          That’s fine, but you gave your stuff to LinkedIn and hibernating or not…
          Your similarity with a celebrity of the same name is quickly sussed…
          Granted, not by a _single_ google search, perhaps…

          1. Anony-mouse

            You haven’t even realised that you have the wrong mouse …

            1. mealy

              Judging by the laziness of the response one might infer you were just being lazy about the handle also. A bit of a non sequitur, but if you think having the same name as a celeb really obscures you much in any real scenario and yet your employer is storing your PII on a platform you consider insecure and are bragging about not using, non sequitur seems par for the course if not the course record. It’s ok, we don’t have to continue.

  4. GranoblasticMan

    I find LinkedIn’s claim that they care about fraudulent activity extremely dubious, given how they’ve utterly dismissed my own reports. I alerted them to a pretty obvious credential stuffing attack that took over thousands of business and school pages on their platform (they all had their profiles changed to link to the same “marketing” domain, and titles changed to nonsensical things like “technology Jobs” with inconsistent capitalization as such). “There are no bots on LinkedIn” is what I was told by their support. Oh, okay, that clears that up, then.

  5. Gannon (J) Dick

    In Texas the Secretary of State is required by Law to doxx County Level Election Administrators. The Federal Election Committee does a little better, vetting a committee_id. The problem is that come midnight after Election Day it will be time for Law Enforcement to start matching these data base keys in the communication logs. Me is just going to leave those people alone, but 100 million minus one bots is not a major step in the right direction if you are in the DDOS biz.

  6. Alice

    Linkedin restrictions aren’t legal either they can’t proodr proof but keep your account restricted. They are a job seeking platform not social media and the amount of racist and bigoted comments on the platform and who or how restrictions occur should be reviewed

  7. Alice

    Linkedin restrictions aren’t legal either they can’t provide proof but keep your account restricted. They are a job seeking platform not social media and the amount of racist and bigoted comments on the platform and who or how restrictions occur should be reviewed

  8. John D

    And they are happy to block decades old accounts like yours and mine, and can demand more personal info to ‘verify’ us!

  9. John Ken

    As if those overhyped real profiles are authentic.
    Most, especially, those real CISO profiles are anyway inflated and worthless!!

    Welcome to virtual reality once again!

  10. Ronald Vickery

    Linked lost. Lieing about your job was pretty much the same as there resumes. It’s a favorite activity of many in America. Koreans are just capitalizing on it. By all the successfull scams I hear about. You probably do not want to hire those people who are out of touch because they have old skill sets. I turned down turned down 5 jobs last year and none of them were from there site. I have old skills but am savy about internet scams because I read about all the people and companies who have been sued by the goverment. Meeting strangers and handing them tens of thousands. I read most were Chinese American first generation and American Chinese according to the one article. Finding weak links in our social process cost the productivity of first generation Americans. The most productive segment in America. It is a sad story and I may get my response blocked. But you have to be realistic about world or you get used. Life in America today.

    1. Qualified

      That’s not where the watermarks are for that site. Besides, that site doesn’t watermark the 256×256 images, only the 512×512. And 256×256 is plenty for a bot LinkedIn profile.

  11. Moike

    In tomorrow’s headlines, from those who call themselves fair and balanced ‘news’: “Apple and Amazon lay off a third to half of their staff overnight!”

  12. robbers alice

    I didn’t have any expectations concerning that title, but the more I was astonished. The author did a great job. I spent a few minutes reading and checking the facts. Everything is very clear and understandable. I like posts that fill in your knowledge gaps. This one is of the sort.

  13. Ken

    LinkedIn has got serious issues with their job Ads too. Has anyone tried applying for a director level post, and you will notice that within a day, they already have 200+ applicants. If you apply, this is followed by their marketing team to go for the paid subscription to see, where you are positioned at. The funny bit is, either no one cares to read the job profile, or the 200+ is a questionable entity. The ice on the cake is that the same director position will be advertised again after a month, and behold you have 200+ applicants again within an hour. Personally, there is a doubt if someone is creating fake profiles to collect information, or LinkedIn is upping its marketing tempo. 🙂

  14. Niner6

    I as a true and real existing Cybersecurity Expert, would ask the very same question. e.g. “Are your bogus account tallies only a few percent, as you claim, or do bots comprise more like 40 percent of your total membership, as all evidence suggests?”
    I am not sure as to the “as all evidence suggests” part but it is a damn great question!

      1. asdfad

        The suspect is Julius Kivimäki , born in 1997 , but nowadays he uses his second name, Aleksanteri. Kivimäki denies being in any way involved in Vastaamo’s data breach.

        ZEEKILL GOT ARRESTED CHECK THE NEWS!

        WRITE ABOUT IT

  15. Chris

    Hi Brian, sorry to intrude on the current story, but it appears something is wrong w/ the captcha at https://krebsonsecurity.com/about/ — I’m trying to submit something, but the captcha is broken. I tried using Firefox & Google, and have pi-hole, but no success. It says “Enter code above” but the captcha thingie shows basically a broken link.

    Runnning F12 in Chrome for that page shows issues, but that’s not my area of expertise.

  16. Telhados Almeida

    I just don’t understand why these hackers would go through all this trouble to create millions of fake profiles on linkedIn, and associate them with big companies, to a few days later removing those associations with companies.
    Is it to influence the market and perception of these big companies? Why would these massive companies be targeted, when they most likely are the most secure?
    It’s kinda odd if this is just an attempt at identity thefts. Either way, this just looks like the surface of a massive illegal influence manipulation.
    Never really understood why the use of bots is so prominent, but this sparked my curiosity to know more about the subject!

  17. Telhados Almeida

    I just don’t understand why these hackers would go through all this trouble to create millions of fake profiles on linkedIn, and associate them with big companies, to a few days later removing those associations with companies.
    Is it to influence the market and perception of these big companies? Why would these massive companies be targeted, when they most likely are the most secure?
    It’s kinda odd if this is just an attempt at identity thefts. Either way, this just looks like the surface of a massive illegal influence manipulation.
    Never really understood why the use of bots is so prominent, but this sparked my curiosity to know more about the subject!
    crazy stuff

  18. Ken

    The leaders at the helm of these companies are responsible NOT BOTS. Follow the money as Dad use to say. Is Zip recruiter next?

  19. administrator

    Not a single programmer or hacker in the comments. lol

Comments are closed.