October 5, 2022

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.

Some of the fake profiles flagged by the co-administrator of a popular sustainability group on LinkedIn.

Last week, KrebsOnSecurity examined a flood of inauthentic LinkedIn profiles all claiming Chief Information Security Officer (CISO) roles at various Fortune 500 companies, including Biogen, Chevron, ExxonMobil, and Hewlett Packard.

Since then, the response from LinkedIn users and readers has made clear that these phony profiles are showing up en masse for virtually all executive roles — but particularly for jobs and industries that are adjacent to recent global events and news trends.

Hamish Taylor runs the Sustainability Professionals group on LinkedIn, which has more than 300,000 members. Together with the group’s co-owner, Taylor said they’ve blocked more than 12,700 suspected fake profiles so far this year, including dozens of recent accounts that Taylor describes as “cynical attempts to exploit Humanitarian Relief and Crisis Relief experts.”

“We receive over 500 fake profile requests to join on a weekly basis,” Taylor said. “It’s hit like hell since about January of this year. Prior to that we did not get the swarms of fakes that we now experience.”

The opening slide for a plea by Taylor’s group to LinkedIn.

Taylor recently posted an entry on LinkedIn titled, “The Fake ID Crisis on LinkedIn,” which lampooned the “60 Least Wanted ‘Crisis Relief Experts’ — fake profiles that claimed to be experts in disaster recovery efforts in the wake of recent hurricanes. The images above and below show just one such swarm of profiles the group flagged as inauthentic. Virtually all of these profiles were removed from LinkedIn after KrebsOnSecurity tweeted about them last week.

Another “swarm” of LinkedIn bot accounts flagged by Taylor’s group.

Mark Miller is the owner of the DevOps group on LinkedIn, and says he deals with fake profiles on a daily basis — often hundreds per day. What Taylor called “swarms” of fake accounts Miller described instead as “waves” of incoming requests from phony accounts.

“When a bot tries to infiltrate the group, it does so in waves,” Miller said. “We’ll see 20-30 requests come in with the same type of information in the profiles.”

After screenshotting the waves of suspected fake profile requests, Miller started sending the images to LinkedIn’s abuse teams, which told him they would review his request but that he may never be notified of any action taken.

Some of the bot profiles identified by Mark Miller that were seeking access to his DevOps LinkedIn group. Miller said these profiles are all listed in the order they appeared.

Miller said that after months of complaining and sharing fake profile information with LinkedIn, the social media network appeared to do something which caused the volume of group membership requests from phony accounts to drop precipitously.

“I wrote our LinkedIn rep and said we were considering closing the group down the bots were so bad,” Miller said. “I said, ‘You guys should be doing something on the backend to block this.”

Jason Lathrop is vice president of technology and operations at ISOutsource, a Seattle-based consulting firm with roughly 100 employees. Like Miller, Lathrop’s experience in fighting bot profiles on LinkedIn suggests the social networking giant will eventually respond to complaints about inauthentic accounts. That is, if affected users complain loudly enough (posting about it publicly on LinkedIn seems to help).

Lathrop said that about two months ago his employer noticed waves of new followers, and identified more than 3,000 followers that all shared various elements, such as profile photos or text descriptions.

“Then I noticed that they all claim to work for us at some random title within the organization,” Lathrop said in an interview with KrebsOnSecurity. “When we complained to LinkedIn, they’d tell us these profiles didn’t violate their community guidelines. But like heck they don’t! These people don’t exist, and they’re claiming they work for us!”

Lathrop said that after his company’s third complaint, a LinkedIn representative responded by asking ISOutsource to send a spreadsheet listing every legitimate employee in the company, and their corresponding profile links.

Not long after that, the phony profiles that were not on the company’s list were deleted from LinkedIn. Lathrop said he’s still not sure how they’re going to handle getting new employees allowed into their company on LinkedIn going forward.

It remains unclear why LinkedIn has been flooded with so many fake profiles lately, or how the phony profile photos are sourced. Random testing of the profile photos shows they resemble but do not match other photos posted online. Several readers pointed out one likely source — the website thispersondoesnotexist.com, which makes using artificial intelligence to create unique headshots a point-and-click exercise.

Cybersecurity firm Mandiant (recently acquired by Googletold Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at cryptocurrency firms.

Fake profiles also may be tied to so-called “pig butchering” scams, wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.

In addition, identity thieves have been known to masquerade on LinkedIn as job recruiters, collecting personal and financial information from people who fall for employment scams.

But the Sustainability Group administrator Taylor said the bots he’s tracked strangely don’t respond to messages, nor do they appear to try to post content.

“Clearly they are not monitored,” Taylor assessed. “Or they’re just created and then left to fester.”

This experience was shared by the DevOp group admin Miller, who said he’s also tried baiting the phony profiles with messages referencing their fakeness. Miller says he’s worried someone is creating a massive social network of bots for some future attack in which the automated accounts may be used to amplify false information online, or at least muddle the truth.

“It’s almost like someone is setting up a huge bot network so that when there’s a big message that needs to go out they can just mass post with all these fake profiles,” Miller said.

In last week’s story on this topic, I suggested LinkedIn could take one simple step that would make it far easier for people to make informed decisions about whether to trust a given profile: Add a “created on” date for every profile. Twitter does this, and it’s enormously helpful for filtering out a great deal of noise and unwanted communications.

Many of our readers on Twitter said LinkedIn needs to give employers more tools — perhaps some kind of application programming interface (API) — that would allow them to quickly remove profiles that falsely claim to be employed at their organizations.

Another reader suggested LinkedIn also could experiment with offering something akin to Twitter’s verified mark to users who chose to validate that they can respond to email at the domain associated with their stated current employer.

In response to questions from KrebsOnSecurity, LinkedIn said it was considering the domain verification idea.

“This is an ongoing challenge and we’re constantly improving our systems to stop fakes before they come online,” LinkedIn said in a written statement. “We do stop the vast majority of fraudulent activity we detect in our community – around 96% of fake accounts and around 99.1% of spam and scams. We’re also exploring new ways to protect our members such as expanding email domain verification. Our community is all about authentic people having meaningful conversations and to always increase the legitimacy and quality of our community.”

In a story published Wednesday, Bloomberg noted that LinkedIn has largely so far avoided the scandals about bots that have plagued networks like Facebook and Twitter. But that shine is starting to come off, as more users are forced to waste more of their time fighting off inauthentic accounts.

“What’s clear is that LinkedIn’s cachet as being the social network for serious professionals makes it the perfect platform for lulling members into a false sense of security,” Bloomberg’s Tim Cuplan wrote. “Exacerbating the security risk is the vast amount of data that LinkedIn collates and publishes, and which underpins its whole business model but which lacks any robust verification mechanisms.”

35 thoughts on “Glut of Fake LinkedIn Profiles Pits HR Against the Bots

  1. Nick D.

    It’s super common in Facebook, too. I co-admin a group for stock trading/market news/personal finance discussion with over 15,000 members. When I became an admin (third of three, and one of only two active admins), I did so to help combat scammers and spammers because I have professional experience combating online abuse. At that time, the group had over 17,000 members. I have culled over 2,000, in addition to helping field around 100-150 new member requests per week–and most weeks, only (at most) one or two of those requests are legitimate.

    I don’t admin any other active groups, so I assumed my group was likely being targeted because of it’s theme (making a juicier pool of potential victims for financial fraud and crypto scams), but a friend of mine recently made a group for “cheesecake lovers,” and within a couple weeks, was cheering about hitting the 50k members mark, but also complains regularly about the behavior of group members (she seems hesitant to accept that, in all likelihood, half or more of her members are probably fake.

    And Facebook is absolutely awful about acting on abuse reports. No matter how clear, obvious, or blatant the abuse being committed, Facebook almost always says that no rules were broken and declines to take enforcement action, usually without ever allowing a human to get involved, but the humans rarely act even when they are involved.

    1. Mahhn

      now doubt about FB and their customer/consumer interactions. It’s wishful thinking when reporting anything. And they are often heavy handed when it’s automated punishments. 30 days bans for people in a private group that discus security issues, because we mention items in conversation that happen to be “sensitive” topics to the FB police. They have a way to challenge it, but it’s a joke too. I just take it for granted that all social media’s main purpose is to “guide peoples opinions to those that the owner/board want people to have”, to be good little consumers that only think what they are allowed to talk about. Not a place for humans that think.

  2. Impossibly Stupid

    > asking to send a spreadsheet listing every legitimate employee . . . that were not on the company’s list

    That’s not the way data privacy works. Rather than giving up all your employees like that, properly put the onus on LinkedIn not to *libel* you by publishing false claims about your business.

    > We do stop . . . around 96% of fake accounts

    Why do companies say things like this as if they were bragging about doing a good job rather than realizing they’re admitting to doing a *terrible* job? The fullness of their statement is essentially: “You know those 12,700 fake accounts you personally noticed? Well, our garbage system was really allowing around 325,000 fake accounts to get created!”

    There’s no reason to think this isn’t in some way intentional by LinkedIn, for whatever reason. It’s trivially easy to put measures in place to stop this far beyond a simple “created on” date. I mean, the whole site is the network effect in action, and they’re allowing anyone to claim a connected node? That’s a level of ineptitude that rises to the level of malicious/nefarious. No organization that values competence should be dealing with LinkedIn.

    1. John Tillotson

      “No organization that values competence should be dealing with LinkedIn.”

      Absolutely correct. Anyone with a modicum of sense and critical thinking ability should immediately understand that a for-profit “open” social network like LinkedIn that enforces no rules or standards is, and will always be, utterly untrustworthy.

      1. Jack

        LinkedIn used to spam the bejaysus out of me, even after I begged them to stop. I won’t have anything to do with spammers.

  3. mealy

    “cynical attempts to exploit Humanitarian Relief and Crisis Relief experts.”
    Doesn’t that imply they once cared? Else what’s the baseline for cynicism?
    You saw the Ukraine referendums, 99% should be enough for anyone.

  4. Tim2DaG

    The number one reason I left facebook, dating websites, all social media and soon to leave linkedin is fake profiles. I do not want fake profiles wasting my time and I do not like fake profiles trying to influence my values. Life is so much better when I remove the fake profile noise and tune out the internet social media crap.

    1. Gale Boetticher

      Well I wrote a good response that apparently got filtered by the approval bot (I’m used to that; my writing style tends to be a bit colorful and um loquacious so sometimes I may come off as Saul Goodman meets Hunter S. Thompson to these bots), but really all I wanted to say is:

      – “Life is so much better when I remove the fake profile noise and tune out the internet social media crap.”

      Word and church, Tim2DaG, best comment on here yet!

      Nulling FaceBook was a no-brainer for me once I was able to finally suck my mind out of it in about 2018 – and don’t even bother to get me started about their security…

      LinkedIn took a little longer for me to see behind the Oz curtain because many of the potential phishing attempts in my gmail from alledged recruiters appear to be sent through the LinkedIn proprietary message system but don’t stand up to even cursory cross-checking of the alledged recruiter names, company names, eMail addies and URLs against valid company URLs and employee lists and a significant number of these reference alledged Indian divisions of real global corporations…

      What is grossly maddening and saddeningly insidious is that the “n’er-do-wells” – as CyberHero Brian Krebs all too generously refers to them – are abusing these kinds of sites to prey on alot of truly nice people who are earnestly just trying to find honest work because their families need food on their tables…

  5. Moike

    > around 325,000 fake accounts to get created

    Then the 325,000 fake accounts sent requests to everyone in their address books to “Join my LinkedIn network!”. /s

    (Reference to the early days of LinkedIn behavior of conscripting unsuspecting users into spamming all their friends. Of course the bots have no one else in their address books)

  6. Little Pig

    I had a number of weird accounts try to connect not that long ago, they were all crypto related and came out of the blue. Perhaps a similar scenario?

  7. Tom W

    “Stopping 96% of fake accounts” implies they know they must know that other 4% are fake yet aren’t doing anything about it…

    1. Steven

      No you bag of potatoes. It means that their current methods of stopping accounts can take care of 96% of fake accounts. However, there are 4% where their tools haven’t been able to successfully remove, but they still know about them and the accounts will be removed manually (not efficient). Therefore, there is still room for improvement, which will always be the case for fake accounts. It’s an endless battle.

  8. Name

    There should be a place to apply so one can be vetted for created sock puppet accounts – as being authentic and part of an RTE. Because stuff like this happens, it would make sense to test an enterprise against it right?

    Also, why not request that this-fill in the blank- does not exist add metadata that large social media companies can detect. If for anything else to monitor to see unknown TTPs being utilized.

    Then there is the issue of privacy. My profile just doesn’t have a headshot. The only thing that verifying myself through my company does is gives them access to my LinkedIn profile… which kinda defeats the purpose. I dont want my company seeing my profile unless it’s to verify what I am putting as my experience through them specifically. Domain verification…. guess what… didnt work. LinkedIn is caught and tossed from the spam filter immediately.

    There’s a difference between letting companies be assessed for potential insider threats, people saying they had a job that they didn’t (or responsibilities), and letting North Korea set up a ton of CISO (HIGH LEVEL C-SUITE) be created with little to no filtering. How could LI not be going after crypto scams before any of this happened?? That has been a known threat for a decade.

  9. JRHill01

    I used LinkedIn a bunch when I was working (before I retired). I was not shopping connections or prospects but more learning about a legitimate business or person. But it kept getting worse with the solicited connections or groups or people who seem to put some value on how many connections (friends) the have. I had already deleted FB and, after retiring, likewise for LinkedIn. Problem solved.

  10. The Sunshine State

    It can’t be no worse then all the fake accounts on Facebook

    1. mealy

      Except a random FB page isn’t lending undue credential as a security professional.
      The same problems exist in different ratios and means but FB isn’t taken seriously
      where LI unfortunately and ridiculously is.

  11. Sebastian

    Linkedin is the perfect Scam Platform i learned from the movie “The Wolf of Wallstreet”.

    “Sell me this pencil!”

    1. Jack

      > “Sell me this pencil!”

      That was the first exercise in my sales training course.

      The other thing I remember is the phrase “Would you like it in green?” That was the suggested response to a customer asking “Do you have it in green?” when you’re trying to sell them a beige box (i.e. we can get some green car-body spray). In theory, if they say Yes, you’ve closed the sale.

  12. Kevin

    Most of the CISOs and other cybersecurity executives in the US are unqualified and incompetent any way.
    Attorneys, Physicians alike need to go through rigorous academic and real world experience before they start practicing. Any Tom and Dick who have executive contacts can become a CISO in this country with a degree in Music. Not kidding.

  13. Disconcerted

    LEAVE NOW. This is the best advice I can give. I never joined any of those “web 2.0” purveyors, going back to “myspace” and the like, where you are the product, you are providing their content. Disconnect, drop out, tune in; to paraphrase Dr. Tim Leary. It’s all a bunch of bull, meant to keep you preoccupied while they rake in oodles of cash using you as their bait. Illegal? Not in most countries. Immoral? Absolutely.

    I was told, and Brian reiterates here, to “stake my claim, plant my flag” on these slimeball sites, because it is intimated that someone else will impersonate me and “ruin my reputation”. If someone is using these sites to find out what a person is worth, then need to have their head examined. Even profiles that have real people behind them are full of misdirection and bluffs that have replaced the “love-me-wall” at work. I mean “Crisis relief thinker”? “Branding queen”? Yes, I know those are on the fake profiles, but they were copied from “real” ones somewhere.

    Hopefully everyone will soon realize how easy it is to fool these companies into having fake data, fake profiles, fake lives show up when anyone cares to look, and then there will be a great reckoning. Either disconnect and get back to real face-to-face meetings and phone calls, or force these companies to spend millions, or billions to implement hither-to-unannounced highly-invasive features to “remedy” the problem. Which will probably cost the users too, in real dinero.

    Remedy until the next brilliant nefarious mind comes along, that is.

  14. CW

    I just had a fake profile apply to an open position at my org. I am one of those rare hiring managers who reads every resume and cover letter I receive and matches it against LinkedIn or portfolio sites if I want to go the next stage. Nothing, and I mean nothing aside from the name and profile picture (which looked like a stock image) matched between the resume and LinkedIn profile. Everything from the background to location to education was completely different. I flagged it for the hiring team after assuming it was someone trying to get a job for someone else. Now it seems far more sinister.

  15. Tired

    Unfortunately, ever since MSFT took it over, it’s been a cesspool. I always thank God I’m retired from IT, the way it’s going downhill even faster; it’s just taking so long to sink because it’s so huge, and it has the 800lb gorilla in Redmond behind it.
    I STILL get weekly spam/phishing emails from accounts with no picture, 500+ connections, and a very short history.

    It’s really too bad. It started out as a really nice tool from 2003 to about 2016…and it just got worse from there on.


  16. موندو

    Actually, I have been getting a lot of requests from weird accounts lately and this is getting very serious! Thank you for sharing tho

  17. Phillip

    Yes, I tried LinkedIn once or three times. Did not much like it. Have not used it for quite some time. It is a little irritating for me.

  18. me

    Ok now after 3 posts apparently rejected by the site censor bot, this is a test post with no possible objectionable content or verbiage.

  19. Jay

    Internet job sites are manipulators I would stay far away from this crowd people tend to trust anyone in these area’s.

  20. jay

    also what I don’t understand is how the corporate world can fall head over for it.

  21. Joe B

    Fake profiles for fake jobs. Crisis relief expert? Networking Guru? Remote hiring expert? Those are all fake jobs where anyone can easily claim qualifications.

  22. Ahti Kauppila

    I have been following up on crypto trades ever since I got to know about it . I finally decided to involve in it so I got money out of my savings and put into it .. along the line it all seemed good trading then one day I couldn’t gain access to the crypto account and I kept receiving mails that my money was removed from it.. I was fuming and almost went wild with the whole situation until I came across an article about CryptoSwiftRecovery AT g mail. com and how they help with such a case as my own. contacted them and explained my story to them and they required some details from me about the crypto account.. finally they were able to help me recover every bit of my money that I thought was gone…

  23. Anna

    Theb biggest issue is I can create one linkedin profile with one email, no need verification. Should let every one verify this is you and this is a real person.

Comments are closed.