Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. Many LinkedIn profiles now display a creation date, and the company is expanding its domain validation offering, which allows users to publicly confirm that they can reply to emails at the domain of their stated current employer.
LinkedIn’s new “About This Profile” section — which is visible by clicking the “More” button at the top of a profile — includes the year the account was created, the last time the profile information was updated, and an indication of how and whether an account has been verified.
LinkedIn also said it is adding a warning to some LinkedIn messages that include high-risk content, or that try to entice the user into taking the conversation to another platform (like WeChat).
“We may warn you about messages that ask you to take the conversation to another platform because that can be a sign of a scam,” the company said in a blog post. “These warnings will also give you the choice to report the content without letting the sender know.”
In late September 2022, KrebsOnSecurity warned about the proliferation of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. A follow-up story on Oct. 5 showed how the phony profile problem has affected virtually all executive roles at corporations, and how these fake profiles are creating an identity crisis for the businesses networking site and the companies that rely on it to hire and screen prospective employees.
Reporting here last month also tracked a massive drop in profiles claiming to work at several major technology companies, as LinkedIn apparently took action against hundreds of thousands of inauthentic accounts that falsely claimed roles at these companies.
For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. At around the same time, the number of LinkedIn profiles claiming current roles at Amazon fell from roughly 1.25 million to 838,601 in just one day, a 33 percent drop.
For whatever reason, the majority of the phony LinkedIn profiles reviewed by this author were young women with profile photos that appear to have been generated by artificial intelligence (AI) tools.
“We’re seeing rapid advances in AI-based synthetic image generation technology and we’ve created a deep learning model to better catch profiles made with this technology,” LinkedIn’s Oscar Rodriguez wrote. “AI-based image generators can create an unlimited number of unique, high-quality profile photos that do not correspond to real people.”
It remains unclear who or what is behind the recent proliferation of fake executive profiles on LinkedIn, but likely they are from a combination of scams. Cybersecurity firm Mandiant (recently acquired by Google) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at cryptocurrency firms.
Identity thieves have been known to masquerade on LinkedIn as job recruiters, collecting personal and financial information from people who fall for employment scams.
Also, fake profiles also may be tied to so-called “pig butchering” scams, wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.
This entry was posted on Friday 4th of November 2022 05:09 PM
Remember the Linkedin breach where they didn’t even salt/hash the passwords. This was well before MS aquisition.
Get ready for another breach now with more personal data including phone numbers.
Most of these profiles on LI are anyway overly exaggerated. What’s the point?
I just checked my LinkedIn account today to see if the 2FA was enabled , which I guess that means that it’s verified
Certain high profile companies could agree with LI that employees can optionally verify their LI account using the work email address (used for that, then forgotten by LI). Such accounts tagged to say so.
1. optional for Apple (etc),
2. optional for people claiming to be employees of said companies, and
3. work email address not retaining after validation.
“576,562 LinkedIn accounts that listed their current employer as Apple Inc.
The next day, half of those profiles no longer existed.” That’s quite the ratio.
Considering Apple allegedly has about 164,000 employed worldwide in 2022,
even with half gone that’s still another 80% ghost ham to go? You’d think
there’d be some way for large organizations to x-check in a list of known
employees with LI and anything else would be obvious for flagging etc.
It’s a mutual responsibility and benefit not to have scammers in the loop,
impersonating or butchering or whatever it is. LI’s value is hurt badly
by the impression that they’re rife with frauds and the companies have
every interest in not having frauds impersonating or intercepting their
business contacts. LI has seemed asleep at the wheel for a long time.
I’m sure this is reassuring to people with accounts that they’re making
incremental improvements but when they’re chopping HALF of a given
company’s total employees as fraud as recently as a few weeks ago,
and that company is as well known and obvious as APPLE? Yikes.
That doesn’t bode well for lesser known mid-sized shops out there.
LinkedIn could do so much more.
The list of companies whose domains qualify as “verified email” is ridiculously small and obviously not even public knowledge.
Also, they have suspended the profiles of so many for troll-originated “abuse reports” and subsequently forced the owners of the suspended accounts to go through the humiliating process of having to submit photos of their identity documentation in order to restore access to their profiles; LinkedIn retaining this data adds another information security nightmare that will eventually play out in a catastrophic fashion.
The least they could do is add a flag to these accounts that would show up in “About this profile” as “identity verified” and that would pre-emptively block any future attempts to flag the account as fake and subject any other flagging by other members to a much higher standard of scrutiny to strengthen their position against the inevitable trolls.
LinkedIn is just a site to aggregate and sell people’s personal info to third parties. That is all it has ever been.
Yeah, I’ve been getting sooo many messages from what appear to be young, female, fake profiles. I just delete them. It’s annoying though.
Your email address will not be published.
A New York Times Bestseller!
Thinking of a Cybersecurity Career?
All About Skimmers
Click image for my skimmer series.
The Value of a Hacked PC
Badguy uses for your PC
Badguy Uses for Your Email
Your email account may be worth far more than you imagine.
Most Popular Posts
Why So Many Top Hackers Hail from Russia
Category: Web Fraud 2.0
Innovations from the Underground
ID Protection Services Examined
Is Antivirus Dead?
The reasons for its decline
The Growing Tax Fraud Menace
File ’em Before the Bad Guys Can
Inside a Carding Shop
A crash course in carding.
Beware Social Security Fraud
Sign up, or Be Signed Up!
How Was Your Card Stolen?
Finding out is not so easy.
Krebs’s 3 Rules…
…For Online Safety.