Fake LinkedIn Profiles Are Impossible to Detect
Don’t trust everything you see on LinkedIn. We created a fake LinkedIn profile with a fake job at a real company. Our fake profile garnered the attention of a Google recruiter and gained over 170 connections and 100 skill endorsements.
Everyone is talking about fake accounts on Facebook and fake followers on Twitter. LinkedIn hasn’t been part of the conversation, but Microsoft’s social network also has a big problem.
for more technology news please visit our blog thank u.
for more technology news please visit our blog thank u.
LinkedIn Doesn’t Verify Anything
We created a fake profile and connected it to a real company. Sadly, it isn’t hard. LinkedIn doesn’t ask for any proof or confirmation of anything. Instead, LinkedIn runs on a sort of honor system.
You can say you work for a large company and give yourself an impressive job title. It worked for us. Our fake profile (John) “works for HP” as an Innovation Technologist. You may think that’s a job title we made up on the spot, but it’s a real position we found in HP’s job listings. We also gave John previous jobs at Exabeam and Salesforce to round out his resume.
You might imagine that HP or someone else would notice and stop us. But that’s not how it works. LinkedIn doesn’t notify companies about new employee profiles.
We didn’t steal anyone’s identity or even use a real photo for our fake profile. See that photo of John? That’s not a stock photo of a real person. Instead, the image came from thispersondoesnotexist.com. Simply put, it’s a fake photo of a non-existent person generated by a computer algorithm. Here’s a screenshot of the fake profile for posterity.
Companies Can’t Stop Fake Employees
Here’s the kicker: LinkedIn automatically adds anyone who lists themselves as an employee to a company’s page. Right now, you can search and find our fake profile in the list of HP employees. All you have to do is visit the company page, click on people, and then search the directory of employees.
With our fake profile in HP’s “official employee list” on LinkedIn, John looks like a pretty legitimate employee!
Even if a company does notice a person listed as an employee when they shouldn’t be, it’s hard to remove them. To remove a rogue employee, a real employee has to log into the company’s LinkedIn profile, go to the contact us page, and explain the situation to LinkedIn. From there, the company is at the mercy of the social network; only LinkedIn can remove an employee from a company’s page. That makes the odds of getting caught AND getting removed incredibly low.
All It Takes Is One “Yes” to Build Your Connections
Of course, there was one problem: John didn’t have any connections at HP. To solve it, we started randomly trying to connect to any HP employee we could find.
It’s a lot like what you do with your own LinkedIn account: You’ll invite or accept anyone remotely associated with you somehow. We didn’t have a single legitimate connection to invite, which was a problem. But all we needed was one person to say yes.
After the first person connected, the process took off. Before we knew it, with just an hour or two of work, John had nearly 50 connections. People who never met him, never spoke with him, and never even emailed with him all wanted to connect. That number continues to grow, and we’ve also received an invitation (as opposed to asking) from an HP employee.
A Google Recruiter Even Contacted Our Fake Profile
With a growing list of connections and a job history in tech, it was only a matter of time before John garnered some notice. But no one noticed John wasn’t real. Instead, Google thought he might be a good fit for a job.
And so a Google recruiter reached out. The recruiter said John’s work history made him a potential fit for a position the company had available and wanted to chat about possibilities. As far as the Google employee was concerned, there were no red flags with John.
We didn’t go through with the chat—John’s not real, and his photo was generated by a computer algorithm. But, if we were trying to land a job somewhere, this would probably have been a great way to build up a real-looking fake resume to get a foot in the door.
Fake Connections and Endorsements Are Easy to Buy
Our fake profile already had nearly 50 connections to its name, and we could have continued using the same process to gain more. But that’s too much work. We wanted a lot of connections fast. So we used a shortcut.
We paid for a service that gave John 100 connections. Those connections then endorsed our ten top skills, giving us a total of 100 endorsements. Not surprisingly, we found our invitation requests answered more quickly once the connection numbers grew so large. Now John’s profile looks impressive! A job at HP, 179 connections (many to HP employees), and countless endorsements—nevermind that he doesn’t exist.
You may wonder whether LinkedIn will notice we paid for connections. As far as we can tell, they’re “valid.” They haven’t disappeared, and each profile we’ve looked at lists the United States for a home country.
That’s what the service promised, too. As the website puts it:
Every profile that will invite you has a profile picture, English name, and location in the United States. They have work experience and educational background.
From what we can see, this is an automated process. The 100 connection invites came in almost simultaneously. The endorsement process used the existing connections we paid for. The connection-buying service maintains ongoing access to all these profiles.
You Can’t Necessarily Trust LinkedIn Connections
LinkedIn shows when you’re connected to someone else through your connections and your connections’ connections. If you’re connected directly to someone, that’s a first-degree connection. Your connections’ connections that you don’t share are second-degree connections. And any connections they have are third-degree connections.
As you build up personal connections, your extended network proliferates. Think about it: if you have ten friends, and each of them has ten friends you don’t know, then you have 100 “friends of a friend.”
So perhaps it isn’t a total surprise that our fake profile is somehow a “3rd” connection away from one of our real profiles. That means our real profile has a connection to somebody who has a connection to somebody else who then has a connection to “John.” It’s a small world, after all.
LinkedIn uses these connections to show the legitimacy of a profile, but it’s easy for fake profiles to get them. “This person knows a friend of a friend” is supposed to be reassuring. But you can’t count on that. There’s no way to trace your connections to that person, either.
LinkedIn Provides an Illusion of Trustworthiness
LinkedIn’s problems are numerous. But most of those issues are small and forgivable on their own. Anyone can create a profile with any name. Anyone can list themselves as an employee of any company. LinkedIn doesn’t provide companies an easy way to moderate and enforce its employee roster. Anyone can buy connections and endorsements. People intuitively trust that a person’s work history is real and accurate and that other people or companies have verified profiles.
On their own, any one of those statements isn’t a significant problem. But, added together, the problem is much bigger than the total of the parts. No one is verifying accuracy; it all relies on an honor system.
When you receive a connection request, you evaluate the person on several fronts. Do you recognize them? If not, do they work for your company or a frequently contacted company? Do they know someone you know? And so on. It’s easy to turn most those answers into yes. And, since LinkedIn operates on the principles of “more connections is always better,” most people are willing to overlook not knowing a person.
LinkedIn Makes Resume Padding and Scamming Easy
We didn’t follow through with the Google recruiter. Google would quickly realize our profile was fake. After all, we used a photo of a person who doesn’t exist!
But you don’t need an entirely fake profile to benefit from LinkedIn’s policies. You could add just one company you never worked for, a job title you never had, or one extra piece of information. You could pay for connections and endorsements. That could help you get a job interview. Resume padding is an old trick, and this is the digital version.
That’s bad for everyone. As recruiters get burned, they’re less likely to trust LinkedIn and may turn to other recruiting methods.
Getting a job might not always be the name of the game. When we investigated a job recruiting scam, the scammers posed as an employee of a company by pointing us the real profile of a real person at a real company. It came with some risk–what if their target tried to connect to and contact the person on LinkedIn? The scammer could simply have created a fake LinkedIn profile. WIth a few hours of work, that fake profile would look every bit as good as an actual employee.
A company who realized their name was being abused on LinkedIn couldn’t stop a scammer from doing this immediately, either. Instead, that company would have to plead its case to LinkedIn.
LinkedIn Could Fix the Problem
LinkedIn could fix these issues. For example, LinkedIn could let companies verify their employees and provide better tools for removing rogue employees. The social network could check IDs and give some profiles a “verified” badge, as Twitter does.
To stop fake connections, LinkedIn could even watch for and detect signs of suspicious activity, like a profile receiving 100 connection invitations all at once. Then it could put a stop to the practice. Other social networks already watch for fake accounts.
But, until LinkedIn takes action, you should look harder at every connection request. And, if a job recruiter points you to their LinkedIn profile, you shouldn’t use that information alone to guide your career decisions.
Post a Comment