LinkedIn scams and spam have become a major nuisance for anyone using the professional world’s most popular networking service. The problem is that the site’s whole raison d'être is based on optimistic networking and that eventually involves being contacted or interacting with unknown users. Without that dimension most LinkedIn users' contact lists would barely stretch beyond 50 at most. Compounding this is that even trustworthy contracts can create weaknesses. The fact that you trust or personally know a fellow LinkedIn user doesn’t mean they won’t themselves accept a request from someone dubious, potentially opening a gateway for you to receive scam InMail depending on your account security and privacy settings.
LinkedIn scams – be incredibly careful about invitations
LinkedIn threats can be divided into two types: Bogus connection requests from fake users within the service and Email phishing attacks outside LinkedIn that pretend to be connection confirmations. It’s tempting to see attacks outside the service as less of a concern but remember how the service works – people send out connection requests and by default these are forwarded to the registered email address. People get used to clicking on them and therein lies the threat.
Webmail services will normally filter LinkedIn phishing emails but one way to identify them is to hover the mouse cursor over the blue ‘confirmation’ box LinkedIn embeds inside requests and study the web address. Anything that begins ‘https://www.linkedin.com’ is probably fine. However, a better approach is simply NEVER to accept connection requests from outside LinkedIn, period. Always log on to the service and vet them first.
LinkedIn scams - fake recruiters
Even within LinkedIn, a common technique is to use fake recruiters – security companies regularly document these types of attack. Anyone with more than a few hundred LinkedIn contacts probably has one or two of these bogus accounts hiding within their contact list. The point of these attacks is to persuade a few people to connect to them, which makes them look more legitimate to others as they spread. They also use acceptance as a way to scan for additional and possibly higher-value contacts.
LinkedIn scams - get to know LinkedIn’s privacy settings
The simplest way to avoid the scammers is to become less visible using the service’s Privacy Controls. Unfortunately, LinkedIn can quickly turn into a privacy labyrinth. The first setting to look for is ‘who can send you invitations’ (under Privacy Settings > Communications tab). The three options here are ‘anyone on LinkedIn’ which is recommended but where problems start. The alternatives are only people who already know your email address or appear on an imported contacts list.
The second setting is to specify the types of messages you’re willing to receive under the same tab. One way of filtering out some of the recruitments scammers is to uncheck the ‘career opportunities’ and ‘new ventures’ boxes.
LinkedIn scams - turn off connection visibility
One of the purposes of malicious accounts is to spread and that is achieved by studying a user’s own connections. Stopping that means configuring it so that only you can see your connections (Privacy Controls > choose who can see your connections). You might also have to turn off the visibility of endorsements.
LinkedIn scams - set boundaries
Symantec’s current advice is this: “If you’ve never met the person before, don’t just add them.” That strikes us as completely unrealistic. The better approach is to be discerning and set some criteria for who is accepted and who is not. This also requires actually visiting and studying the profile of anyone asking to connect. LinkedIn is supposed to be about quality, not quantity. Unfortunately, some users persist and seeing this kind of networking as a measure of popularity or importance – bad idea.
LinkedIn scams - spotting fake connections
The final judgment about fake connection request is simply noticing that they are fakes. This isn’t as hard as it sounds. A recent warning put out by Symantec offers good examples of the common elements that often mark fake connections out. These include:
Image of people or logos that look as if they’ve been lifted. Symantec recommends using a reverse image search (Google’s search by image) to check out origins. Images of young women are a favourite.
Depending on the type of fake account, scammers will always fill text with the sorts of SEO terms few real users would ever use. There will often be a lot.
A small number of connections
LinkedIn eventually spots fake accounts and closes them – scammers will almost always have only a single-digit numbers of connections. Ask yourself: why would someone you’ve never heard of request a connection despite being connected to few other people?
Whole sections of bogus profiles will be blank. Genuine connections rarely enter information in this way. Others sections will read as if they’ve been be cut and pasted form elsewhere, employing a generic writing style with misspellings.
LinkedIn scams - report fakes
Find your next job with computerworld UK jobs