LinkedIn is a powerful social network with many professional benefits. It also offers great opportunities for criminals: By connecting with you, people gain access to all sorts of information about you and your colleagues--information that evildoers can use to better impersonate you or a colleague and social engineer their way into business systems, or even sell to others.
One technique criminals use to gain access to people's "private" LinkedIn information is creating fake LinkedIn profiles--profiles of non-existent professionals--and requesting connections with people, many of whom are likely to accept.
Here is some advice on how to quickly spot fake accounts--and avoid the possible repercussions of accepting connections from them:
Photo: Many fake accounts use photos of attractive models, sometimes targeting men with photos of women and women with photos of men. The pictures often appear to be stock photos, but sometimes are stolen from real users. If you receive a LinkedIn request from someone you don't remember meeting, and the picture is of this type, beware. If you are in doubt, you can load the image into Google's reverse image search and see where else it appears. You can also search on the person's name and title to see if any other similar photos appear online, but keep in mind that a crafty impersonator might upload images to several sites. Obviously, any profile without a photo of the account holder should also raise alarms.
Premium Users: Some experts have suggested that Premium status is a good indicator that an account is real. While it may be true that most fake accounts do not have Premium status, some crooks have invested in getting it in order to make their accounts seem more real. So beware.
Connections in Common: Fake people are likely not going to have many connections in common with you, and there usually won't be many secondary connections either. Sure, some of your connections may have fallen for the scam and connected with the fake person (that may be how the fake person found out about you in the first place), but the number of shared connections is likely going to be relatively small.
Group Activity: Fake profiles are less likely than real people to be members of closed groups that verify members when they join, and are less likely to participate in discussions in open groups. They may be members of many open groups--groups that were joined in order to access member lists and link up with other participants with "I see we are members of the same group, so let's connect" messages. Also, keep in mind that real people who use LinkedIn heavily enough to have joined many groups are likely to have filled out all of their profile information--so a person who is a member of many groups but has very little profile information is suspicious.
Industry and Location: Common sense applies here. If, for example, you work in technology and have no pets and receive a connection request from a veterinarian living halfway across the world whom you have never met, something may be amiss.
Recommendations and Human Activities: Many fake accounts seem to list clichéd-sounding information as work experience, but little else that seems to convey a human experience. Look at the content in the Recommendations, Volunteering Experience, and Education sections--does something seem off? Note that the content in these sections may also provide terms that you can Google along with the person's name to easily verify whether the profile belongs to a real person.
Endorsements: Fake people are not going to be endorsed by many real people. And the endorsers of fake accounts may be other fake accounts that seem suspicious as well.
Similar People: If you receive many requests from people with similar titles or who claim to work for the same company, and you don't know the people and are not actively doing some sort of deal with that company, beware.
Work Experience: Some fake accounts have work histories that don't make sense. People who seem to have been promoted too often and too fast, or who have held too many disparate senior positions (e.g., VP of sales, then CTO, then general counsel), may be too good to be true.
Number of Connections: A senior-level person, with many years of work experience, is likely to have many connections. The fewer connections such an account has (the further it is from 500), the more suspicious. Of course, every LinkedIn profile started with 0 connections--so legitimate, new LinkedIn accounts may seems suspicious when they truly are not--but practical reality comes into play: How many of the real, senior-level people who are now contacting you didn't establish their LinkedIn accounts until mid-2015?
Cliché Names: Some fake profiles seem to use common, flowing names (e.g., Sally Smith) that both sound classically "American" and make performing a Google search for a particular person more difficult that it would be with an uncommon name.
Level: Requests from people at far more senior professional levels that yourself can be a signal of problems. It is certainly tempting to want to accept such connections (which is why people creating fake accounts often use senior titles for their personas), but think about it: If you just landed your first job out of college, do you really think the CEO of a major bank is interested in connecting with you out of the blue?
Spelling: LinkedIn is a professional site. Spelling errors in a name or in the name of a business (yes, some crooks have made such mistakes), or the use of lower case letters at the start of a name, are suspicious.
Contact Info: Fake people are not likely to have email addresses at real businesses.
Keep in mind that none of these clues operates on its own or is absolute. The fact that a profile fails one of the aforementioned rules, for example, does not automatically mean that it's fake. But applying these rules should help you identify a significant percentage of fake accounts, and save yourself from the heartache of accepting connections from them.
Please feel free to discuss this article with me online. I'm @JosephSteinberg on Twitter.