By Ryan Hubbs, CFE, CIA, CCEP, CCSA, PHR
President, Houston ACFE Chapter
LinkedIn is a great business tool for professionals. It is the digital business card, Rolodex and Who’s Who all rolled in to one. It helps us connect and stay connected, find new opportunities and find new talent. Those are its good points. The dark side to LinkedIn, and other professional social media sites, is that it is becoming a scammer’s playground where fake personas, fake opportunities, and identity theft and phishing scams are becoming more prevalent and more creative. From stolen photos to copied résumés, it is becoming more difficult to truly certify if that new connection really exists or not. The following article will highlight information that is usually posted within a LinkedIn profile and provide some tips on determining whether the information is fictitious or not. No one piece of information, or lack of information, can be the silver bullet in uncovering a fake profile. As a word of caution: some scammers have perfected the art of fake profile creation, and some profiles are nearly impossible to discern as to whether they are real or not.
This LinkedIn analysis starts from a recently received LinkedIn message from a Ms. Darlene Thomas, Regional HR Consultant from Phoenix, Arizona. She appears professional, although she appears to have a somewhat clueless look on her face. Since I don’t want to judge a book by its cover, I move along.
In her LinkedIn message she requested that I send her my résumé so she could help me find that next opportunity. A quick look at her profile and I could immediately discern that her profile was fake. She enjoys Taekwondo and Nordic skating. I am not a Nordic skating expert, but I would assume that it may be a hard to perfect such a skill in Phoenix, Arizona, but okay. She also lists that she attended the School of Art Institute of Chicago (SAIC) to obtain a Bachelors in Business Administration (BBA). This combination appears somewhat disjointed; who would attend an art school to get a business degree? Consequently, a review of SAIC’s admissions page fails to list a BBA as one of the available undergraduate programs. Her profile summary indicates she is in the human resources field, but she has selected Health, Wellness and Fitness as her Industry. An obvious error since Health, Wellness and Fitness appears in close proximity to Human Resources in the industry drop down box. The final bit of evidence to close out this limited profile investigation are the other profiles which have viewed this profile. As indicated from Ms. Thomas’ page, a Ms. Toni Mendoza, Regional Career Director from the U.A.E bears a striking resemblance to Ms. Thomas.
As the fake profile rabbit hole continues down, Ms. Mendoza bears a striking resemblance to Ms. Helena Grant, Corporate HR Specialist from Missouri.
Inspecting the Image
The photo is one of the important aspects of the LinkedIn profile. It is what people will see first. If the photo is professional and engaging, then the profile may be more likely to be accepted. Scammers use a variety of approaches to obtaining an engaging profile picture. Some steal photos from other individual’s LinkedIn pages or websites. In other instances, such as this scam profile ring, they use computer software to alter the images to give the appearance of multiple personas when, in fact, none actually exist. A quick way to test a new contact is to use Google Chrome’s image search feature.
By right clicking on the photo, Chrome allows you to search the rest of the Internet for similar pictures. A quick search, with a few steps eliminated, provides the following short list of pictures.
Several other profiles appear to be using the same basic photo. While the eyes, nose and hair color appear to be changed, the hairline, suit and collar, and earrings all remain the same. Be suspect of photos with a solid color background as these are easier to manipulate. Also, if the profile pic looks like a freakishly hurried photoshop version, be safe and decline. Take a look at the following fake profile pictures of Ms. Fuller’s and Ms. Bradley’s who were connected to the aforementioned fake profiles.
Inspecting the Name
Very rarely would a professional misspell their name or write it in such a way that makes it appear that a second-grade student created the profile. Scammers who are creating hundreds of fake profiles for a particular scheme have a tendency to get lazy. They forget to capitalize the first letter of the first and last name. They may also only spell out the first name and leave the last name as an initial. Lastly, they may forget that they are creating a U.S. or English-based fake profile altogether and write the name of the profile in their native language. A professional profile that is written entirely in English but which has a name spelled entirely in Chinese characters could be considered a clue that the profile might be fabricated.
The background summary feature is where most professionals summarize their experience so viewers can get an overall picture of the qualifications and interests of the professional. Scammers either put very little effort in to the summary or they copy and paste the same summary from one profile to the next. If the summary appears too good to be true, take 6-10 words from the summary and place in a search engine within quotation marks to see if additional profiles are using the same summary. If the profile summary is short, is written in broken English, contains incomplete sentences or appears as a completely incoherent collection of words, then the profile may be fake. A few examples of incomplete summaries that were taken from fake profiles are listed below.
Depending on the scheme, the employment history of the fake profile may be very robust or be very limited. Be wary of profiles that list only a single instance of employment history. Pay close attention to the title of the individual and see if it matches the work experience listed. Look for items of experience that appear out of place or do not seem to fit together. Pay attention to misspellings, lack of proper punctuation and bulleted lists that appear more cookie-cutter than a true representation of someone’s experience. Also do a quick search online for the name of the company. Does the company exist? Do other individuals work there? Is there even a website where these particular services are offered and marketed? Also, if the company name is linked on the profile, click on the company name and see who else on LinkedIn is associated with the company. An example is identified below.
The staffing company Champions Integrated USA appears to be an outstanding consulting and recruitment company. They appear to have located two separated HR professionals, Ms. Jennings and Ms. Nelson, who look nearly identical. I’ll have to remember this in case I need to find someone else in the anti-fraud field that looks just like me. It’s obvious that not only are the profiles fabricated, but the company is as well.
A LinkedIn profile doesn’t appear truly complete unless the professional’s skills are listed. If the profile is put together in a hurry, the fake profile may not have any skills listed. This should be considered a red flag. But the inclusion of skills does not make the profile more legitimate either. Be on alert for profiles with a few number of identified skills, or a combination of skills that do not complement one another; such as chemical engineering and social media marketing. A review of the other professionals who have certified the skills of the fake profile may or may not be beneficial. As seen below, a fake profile’s skills have been certified by what appears to be a real professional.
This highlights some serious deficiencies and lack of credibility in the skill certification section. A seemingly legit professional has certified that the fake profile is skilled in HR Policies when this profile is entirely fake.
The attainment of a degree is a mark of pride, dedication and effort by a professional. So you can be sure that they will not screw up their alma mater or the degree that they obtained. Those that create fake profiles could care less, and this is where their mistakes can show through. Take for example the degrees highlighted below that were taken from a few fake profiles.
The first profile lists a random bachelor’s degree from the University of Texas Southwestern Medical Center. This university is geared towards medical school. That’s a pretty big deal. A student doesn’t graduate from here with a bachelor’s degree and end up as a human resources specialist for a non-existent company. Also, what type of bachelor’s degree was obtained? That’s a pretty big piece of information that has been left off.
The second profile identified below shows a Bachelor of Science degree from the Petroleum Institute. The Petroleum Institute is an engineering school in the United Arab Emirates (U.A.E). As with the first profile, there is a lack of specificity with regards to the degree. A BS in what? Chemical engineering, mechanical, electrical? It does not make any sense that someone could graduate with an engineering degree from this prestigious institute only to become a recruiting director; who also has the same profile picture as other people on the Internet, but I digress.
As a final example, the School of Art Institute of Chicago (SAIC) that was referenced at the beginning of the article. According to SAIC’s website, a Bachelor of Business Administration is not even offered. Someone was in a little bit of a hurry with their fake profile creation weren’t they?
Personal interests are hit and miss as fake profile indicators. Some people are private about their extracurricular interests, while others like to share. But scammers creating fake profiles somehow feel that having interests provides some level of legitimacy. I would tend to agree if the combination of interests made sense. As you can see from some of the select interest combinations, its apparent that someone is just selecting interests at random.
As a side note, I am trying to connect with other professionals who have the interests of Goldfish Racing and Lumberjacking Sculpting. If you are out there, send me an invite!
Since so many professional groups are open for members, this is one of the areas where fake profiles can troll for victims. Some profiles may be created solely for targeting individuals in a particular industry. As such, the fake profile may be a member of several groups in the same industry. This helps increase the visible credibility of the profile. Other fake profiles may select groups at random just so it can appear that the profile is active and connected. As an example, this fake profile creator must have thought that to have better luck at targeting Americans, they should be a member of groups with “American” in the title.
Coincidentally, another fake profile was focusing on USA.
In reviewing groups, determine if the inclusion and group makeup makes sense. Everyone has different interests and as such, their circle of connections will vary. At a minimum, all of the groups shouldn’t have the same word in the title!
Have you ever wondered how LinkedIn keeps track of everyone’s profile? Each profile is assigned a sequential number. As identified in the link to my personal LinkedIn page, I was the 21,130,271st profile that was created on LinkedIn. I guess I got to the party a bit late in 2006.
If we review the LinkedIn number of a fake profile created more recently, you can see their LinkedIn number. As an example, Ms. Tylor’s profile number is the 396,171,798th LinkedIn profile created. As a reference point, LinkedIn reported on April 18, 2014, that it had reach 300 million members worldwide. So this would indicate that Ms. Tyler’s profile was created some time after April of 2014, more towards the end of 2014 or even early 2015. Additionally, I don’t know any professional recruiter that has operated successfully for five years without a LinkedIn profile. According to Ms. Tyler’s profile, she represents that she has been in global recruiting since February 2010. Liar liar, pants on fire!
Keep Your Friends Close, and Keep Your Enemies Off of Your Connection List
Hopefully the tips identified above will help you become a more skeptical and cautious when accepting LinkedIn connections. While I’ve attempted to inject some humor into this analysis, connecting with fake profiles is a serious security concern. They make you and your organization vulnerable to all sorts of scams, identity theft, malware and misrepresentations that help induce others to share information that they otherwise wouldn’t have. If a fake profile tries to connect, report the profile to LinkedIn. If you see others who have connected with a fake profile, send them a note or email to remove the suspicious contact. It is also a good practice to periodically scrub your connection list to see if you accidentally accepted a fake profile in the past. These fake profiles will not go away on their own and it will take all of us being vigilant and aware to help combat this new and ever expanding approach to digital fraud.
To read more about identifying fake LinkedIn Profiles, consider reading Be on Alert for Fake LinkedIn Profiles, and Faces! also written by Ryan C. Hubbs.
Hubbs has more than 14 years of experience managing corporate investigations, forensic audits and compliance initiatives within the energy sector. Ryan is a subject matter expert on organization-wide anti-fraud and anti-corruption programs and measures, corporate investigation programs and protocols, and ethics and compliance programs. He is a member of the ACFE Faculty and he is an active and highly sought after presenter on anti-fraud topics and is one of the ACFE’s highest-rated speakers. He is an award-winning author as recognized by the ACFE. Ryan can be contacted at RHubbs@HoustonACFE.org.
For more information, contact Sarah Hofmann, Public Information Officer, at (512) 478-9000 ext. 324 or