A recent proliferation of fake executive profiles on LinkedIn creates something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen potential employees. The fabricated LinkedIn identities – which link AI-generated profile pictures with text taken from legitimate accounts – are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.
Last week, KrebsOnSecurity investigated a flood of inauthentic LinkedIn profiles all claiming the roles of Chief Information Security Officer (CISO) at various Fortune 500 companies, including Biogenic, Chevron, ExxonMobiland Hewlett Packard.
Since then, the response from LinkedIn users and readers has made it clear that these fake profiles are popping up in droves for virtually every executive role — but especially for jobs and industries that are adjacent to recent global events and news trends.
Hamish Taylor drives Sustainability professionals group on LinkedIn, which has more than 300,000 members. Along with the group’s co-owner, Taylor said they have blocked more than 12,700 suspected fake profiles so far this yearincluding dozens of recent accounts that Taylor describes as “cynical attempts to exploit humanitarian and crisis relief experts.”
“We receive over 500 fake profile requests to join on a weekly basis,” Taylor said. “It’s been hitting like hell since about January of this year. Before that, we didn’t get the swarms of fakes that we’re experiencing now.”
Taylor recently posted on LinkedIn titled “The fake ID crisis on LinkedIn,” which highlighted the “60 least wanted ’emergency relief experts’ — fake profiles claiming to be experts in disaster recovery efforts in the wake of recent hurricanes. The images above and below show just such a swarm of profiles the group flagged as fake. Virtually all of these profiles were removed from LinkedIn after KrebsOnSecurity tweeted about them last week.
Mark Miller, the owner of the DevOps group on LinkedIn, says he deals with fake profiles on a daily basis — often hundreds per day. What Taylor called “swarms” of fake accounts Miller instead described as “waves” of incoming requests from fake accounts.
“When a bot tries to infiltrate the group, it does so in waves,” Miller said. “We will see 20-30 requests coming in with the same type of information in the profiles.”
After taking a screenshot of the waves of suspected fake profile requests, Miller began sending the images to LinkedIn’s abuse team, who told him they would review his request but that he might never be notified of any action taken.
Miller said that after months of complaining and sharing fake profile information with LinkedIn, the social media network appeared to do something that caused the volume of group membership requests from fake accounts to drop rapidly.
“I wrote our LinkedIn rep and said we were considering shutting down the group, the bots were so bad,” Miller said. “I said, ‘You guys should do something on the backend to block this.’
Jason Lathrop is vice president of technology and operations at ISOoutsource, a Seattle-based consulting firm with approximately 100 employees. Like Miller, Lathrop’s experience fighting bot profiles on LinkedIn suggests the social networking giant will eventually respond to complaints about inauthentic accounts. That is, if affected users complain loudly enough (publicly posting about it on LinkedIn seems to help).
Lathrop said that about two months ago, his employer noticed waves of new followers, identifying more than 3,000 followers who all shared different elements, such as profile pictures or text descriptions.
“Then I noticed they all claim to work for us with a random title within the organization,” Lathrop said in an interview with KrebsOnSecurity. “When we complained to LinkedIn, they told us that these profiles do not violate their Community Guidelines. But they don’t! These people don’t exist and they claim to work for us!”
Lathrop said that after the company’s third complaint, a LinkedIn representative responded by asking ISOutsource to send a spreadsheet listing all legitimate employees at the company, and their associated profile links.
Not long after, the fake profiles that were not on the company’s list were deleted from LinkedIn. Lathrop said he’s still not sure how they’ll handle getting new employees allowed into their company on LinkedIn going forward.
It’s still unclear why LinkedIn has been flooded with so many fake profiles lately, or how the fake profile pictures were obtained. Random testing of the profile pictures shows that they are similar but do not match other pictures posted online. Several readers pointed to a likely source – the website thispersondoesnotexist.com, which uses artificial intelligence to create unique headshots as a point-and-click exercise.
Cyber Security Company Mandiant (recently acquired by Google) told Bloomberg that hackers working for the North Korean government have copied resumes and profiles from leading job posting platforms LinkedIn and Indeed as part of an elaborate scheme to get jobs at cryptocurrency firms.
Fake profiles can also be linked to so-called “pig slaughtering” scams, where people are lured by flirtatious online strangers to invest in cryptocurrency trading platforms that eventually seize funds when victims try to withdraw money.
In addition, identity thieves have been known to masquerade on LinkedIn as job recruiters, collecting personal and financial information from people who fall for employment scams.
But Sustainability Group administrator Taylor said the bots he’s tracked are strangely not responding to messages, nor do they appear to be trying to post content.
“Obviously they’re not being watched,” Taylor opined. “Or they’re just created and then left to fester.”
This experience was shared by DevOp group admin Miller, who said that he has also tried to bait the fake profiles with messages referring to their fakeness. Miller says he’s worried someone is creating a massive social network of bots for a future attack where the automated accounts could be used to amplify false information online, or at least obfuscate the truth.
“It’s almost like someone is setting up a huge bot network so that when there’s a big message that needs to go out, they can just mass post with all these fake profiles,” Miller said.
In last week’s story on this topic, I suggested that LinkedIn could take one simple step that would make it much easier for people to make informed decisions about whether to trust a given profile: Add a “created” date to each profile. Twitter does this, and it’s hugely useful for filtering out a lot of noise and unwanted communication.
Many of our readers on Twitter said that LinkedIn needs to provide employers with more tools — perhaps some kind of application programming interface (API) — that would allow them to quickly remove profiles that falsely claim to be employed by their organizations.
Another reader suggested that LinkedIn could also experiment with offering something similar to Twitter’s verified badge to users who chose to validate that they can respond to email at the domain associated with their stated current employer.
In response to questions from KrebsOnSecurity, LinkedIn said it was considering the idea of domain verification.
“This is an ongoing challenge, and we are constantly improving our systems to stop counterfeits before they get online,” LinkedIn said in a written statement. “We stop the vast majority of fraudulent activity we detect in our community – around 96% of fake accounts and around 99.1% of spam and fraud. We’re also exploring new ways to protect our members, such as expanding email domain verification . Our community is about authentic people having meaningful conversations and always increasing the legitimacy and quality of our community.”
In a story published Wednesday, Bloomberg noted that LinkedIn has so far largely avoided the bot scandals that have plagued networks like Facebook and Twitter. But that sheen is starting to wear off, as more users are forced to waste more of their time battling inauthentic accounts.
“What is clear is that LinkedIn’s cachet as the social network for serious professionals makes it the perfect platform to lull members into a false sense of security,” Bloomberg’s Tim Cuplan wrote. “Exacerbating the security risk is the vast amount of data that LinkedIn collects and publishes, which underpins its entire business model, but lacks any robust verification mechanisms.”