Identifying and Addressing Potentially Fraudulent Profiles

On a completely different subject from the disasters, collapses, fraud, construction fatalities and other similar enjoyable topics I typically post, I thought I would post this brief article on LinkedIn fraud, which I hope will be useful to those interested.

Please note I am no expert on this and so suggest you consult with someone else should you require true expertise. This may be a private investigator, attorney, law enforcement, cyber security professional or other. The information presented below is based on my experience only.

I have found that, as my network grows, so do the number of requests to connect with “questionable” profiles. “Questionable” in that the reason for the connection is unclear, there are inconsistencies in dates/times/descriptions, employment/education history is "sketchy" or absent, contact information cannot be verified, the profile is new (very few connections), my own profile was not viewed prior to sending the invitation and, often, the profile image is purloined from another website. Or any combination of these. If the profile cannot be verified to my satisfaction, I report this to LinkedIn (method of reporting given below). It has been my habit to verify the majority of profiles from which an invitation has been sent.

Occasionally there are far more creative frauds, in which a network of fraudulent profiles have been created purporting to be either references, employees or some other contact, complete with websites, addresses (both real and fictitious) and, on one occasion, a Dun and Bradstreet listing. These I have reported to law enforcement professionals as well as LinkedIn. I have also found a fraudulent profile to have been copied verbatim from another, changing only the name and contact information.

This is in addition to real profiles which have been hacked, which are similar to those profiles which were copied except that they are already populated with connections.

The steps I have used in checking these follow the same pattern.

The simple fraud

Recently 3 invitations were received, all having potentially fraudulent profiles. One was of the "creative" kind (more on that below). The other two were far simpler for which the only flag was a lack of business information. I have sent two messages via LinkedIn to confirm identity to each of these, neither of which have been even viewed as well as a follow-up email.

My first step in confirming any suspect profile is to verify the profile image. In Google Chrome, this is easily done by hovering the mouse over the image, “right-clicking” and selecting “Google Image Search”. Google produces search results with that specific of similar images. Where there is likely fraud, images are typically found on dating sites, stock photo sites, other professional sites (of an individual whose details are significantly different from that of the profile) and porn sites. If the search does not yield a similar image, for a verifiable profile it is most likely a photograph was taken specifically for LinkedIn. No image copy will be found through the search.  Hence, lack of a positive search result does not imply a fraudulent profile, but a positive result with an image of someone other than the purported individual does.

In these two instances there was no profile image to search – one profile had been left blank, the other had a generic image. The lack of any image does not demonstrate that a fraudulent profile exists, but it does suggest further verification is recommended.

I have found there is no danger from “accepting” in invitation. I keep my contacts private, so that a new connection cannot “mine” my contacts for further connections. In my opinion, the failure of most people to hide contacts is a major reason for the proliferation of fraud. Typically, when I have determined a profile is likely to be fraudulent, there are only one or two common contacts and at least one of these have not made their connections private. More on the dangers of accepting a connection from a fraudulent profile below.

Once the contact is accepted the contact information is revealed within the profile. This information is provided by the profile holder and, for bona fide profiles, will typically include a business email, phone number(s), website or some combination. These details can be verified with simple internet searches to check addresses, details, etc. There is no special skill or software needed to do any of this. If needed, I have called businesses using a number from a website rather than that provided to independently confirm an individual. Similar to profile images, lack of business contact information does not demonstrate that a fraudulent profile exists, but it does suggest further verification is recommended.

If there is no contact information , or the email is generic (such as [email protected]) I will send a LinkedIn message requesting verifiable information. I will follow-up after 24-49 hours with a repeat request. In the absence of any response an email may then sent to the email provided. Sample messages are provided at the end of this article.

Should no satisfactory response be received; i.e., the information is demonstrably false or there is no response at all, I conclude the profile is likely fraudulent. Actions which follow are: 1 – remove the connection, 2 – notify LinkedIn, 3 – notify common connections that they may be connected to a fraudulent profile as a courtesy. In this latter step I also request ask if they might have any information which suggesting the profile is real and not fraudulent which, despite the prior precautions, may still occur. If necessary the profile can also be blocked; however, I prefer to keep it “live” for reference except in those rare instances where I start receiving spam or harassing messages (which are also reported to LinkedIn).

Creative Frauds

By “creative” I mean those profiles which have been planned and structured to successfully mimic a normal, bona fide, profile. These are suspect by the possible lack of a clear reason for the invitation to connect, an inability to confirm business information which has been provided, inconsistencies in place, time or other detail in the employment and education history, odd entries for skills and qualifications (including who may be providing the endorsements), activity is unrelated to the purported expertise put forth by the profile, or other reason or to flag the profile as suspect.

Of the three questionable invitations I received recently, one was of the "creative" kind with a business website (copyright 2020) and a complete board membership, all of whom also had websites (copyright 2020). I was unable to verify any but one identity of the more than 12 board members.

The steps to confirm the profile follow the same pattern as for the simple fraud. However, there may be further checking on phone numbers (reverse searches, calling the number, etc.), addresses and even employment history. I have found addresses which do not exist, phone numbers which go to an answering service which provides no response or options, and businesses who have no record of the individual in their database. In two instances, I located and contacted the neighbors of the purported individual and found that no such business had ever been present or, in one instance, could possibly have worked from the location provided (it was the size of a closet and only suitable for storage). Neighbors can easily be located via Google Maps. Other sources of information include realtors, business listings and more.

The steps following a lack of satisfactory response are the same as for the simple fraud.

Dangers of a Fraudulent Connection

I have often been asked what danger there might be from having a fraudulent connection. There are several. The four which follow are those I have personally witnessed, or experienced. There are likely others.

1.     I believe that many of these frauds are based on numbers, much like email fraud. While most individuals would not be fooled, there will be those who may succumb to the straight-forward scam, no matter how outlandish. For these, identifying and reporting potential fraud is a matter of protecting the public.

2.     Once a connection is made, it is not a difficult matter to develop a more personal connection, as normally would be done in any business relationship. If a feeling of trust can be established, then details regarding one’s business or personal matters may be divulged. Again, much of this follows normal business development routines except, in the case of fraud, information might be passed that could then result in harm.

3.     LinkedIn messaging and emails are also typical with a new connection. After all, the primary purpose of connecting on LinkedIn is to establish new relationships via communication, whether for employment or business. Links within emails or messages containing files (doc, pdf, jpg, etc.) are often transferred. Without sufficient care, it is very possible to “click” on a link which results in either a hacked profile or worse. There is far more likelihood of this occurring from a fraudulent profile, though one should always be vigilant.

4.     Credibility is given to a fraudulent profile when they can show many common connections to others within a network. This can be harmful to your own connections who may be more willing to divulge sensitive information or download a suspect file.

Reporting a Suspect Profile

Reporting a profile as suspicious can be very quick.

On the profile page of the suspected fraud, clicking on the “More” box which is located to the right of the banner provides options to block/report a profile. Going through process sends a flag to LinkedIn to investigate. Should LinkedIn find that, in their opinion, the profile is, indeed, fraudulent or otherwise violates their policies, the profile is removed. Note that this process will NOT harm an individual who is erroneously reported.

Should you wish to be more direct, there is a link at the bottom of the profile page for “Questions”. This is accessed through the “?” icon. Questions can be publicly posted. I have found that, in addition to other LinkedIn users, LinkedIn may also respond directly. This is a useful location for any questions on issues with using or benefiting from LinkedIn.

Post-script

It is important to bear in mind that individuals create their own profiles, though these may occasionally be assisted with professionally, and people are not infallible. Consequently, errors, omissions, inconsistencies, etc., may also be innocently present. Unless a profile has been hacked, it is extremely difficult to conclude with absolute certainty that any particular profile is altogether fraudulent. If in doubt, ask. Those interested in establishing new relationships, furthering business interests or simply re-establishing contact will be unlikely to be offended and, I have found, will often be appreciative, both for any suggested improvements to a profile as well as the knowledge that the profile was of sufficient interest to be read.

Finally, any suggestions for improvement to this article, whether it be corrections, amendments, clarification or additions, will be gratefully received and acknowledged.

SAMPLE LINKED-IN MESSAGE (1)

Dear -------,

Many thanks for your invitation to connect. I look forward to exchanging posts and ideas, and, of course, to possibilities of working together. Please let me know if there is any information you might like that would facilitate this.

I note there is very little background information in your profile, nor do you supply any business information. Would you please forward? I receive many invitations to connect from fraudulent profiles and would like to confirm your identity. Thank you for your understanding.

I look forward to hearing from you, staying in touch and, hopefully, working together.

Jim Cohen

FOLLOW-UP LINKED-IN MESSAGE

Dear -------,

The courtesy of a reply would be appreciated. As I said, I receive numerous invitations from potentially fraudulent profiles, all of which I report. Thank you.

Jim Cohen

FOLLOW-UP EMAIL

Dear -------,

Thank you for your invitation to connect on LinkedIn. Due to many requests I receive from likely fraudulent profiles, which I both report to LinkedIn and common contacts in the absence of any verification of the profile, I have sent you two messages requesting confirmation of your identity, neither of which have yet been answered or, it appears, even viewed. On the assumption that you work more with email than LinkedIn, I am asking through this message for your standard business information, typically phone, email, address, much as I provide.

Given that my line of work is in investigations, albeit in engineering, it would be remiss of me to not follow-up.

Thank you for your response in advance.

Regards,

Jim Cohen