I have a confession to make. I created a fake profile on LinkedIn and we are probably connected. Curious after receiving several obvious and some not so obvious fake profiles, I did a bit of experimenting creating my own.

Creating the Back Story
Creating a believable backstory, complete with education, degree, work history, groups, certifications is the first step. I found that being a female had a higher response rate than male. I started by listing several real companies as previous employers, then followed their employees, many followed me back, some even asking me how I was doing since I left their company.

When creating my profiles I realized that one of the first things some will do to test if a profile is fake is to check the image through a reverse Google image search to see if it matches stock photos, or is tied to another name. However an easy work around is to flip the image, try it, it won’t match. If my targets can’t find the image I used it helped to develop false confidence that the account is real.

Then I started following others they were connected to. I started getting invitations to social events and even a few job offers, over time the profile had its own life, with people inviting me to connect with them.

Trust Me I’m A Recruiter
Listing my position as a technical recruiter made it easy to get people to give information about themselves and their work. The prospect of a new position, or a future position with higher pay provides a good channel to establish a level of trust, as they want something from you, making it easier to request something from them.

I did not request information or directly communicate with anyone, I simply connected. However the amount of information people would give a fake account, even without direct request for it was surprising. I could easily identify security professionals in Fortune 500 companies who were not happy with their jobs. I also received many invitations from many to meet face-to-face to discuss career opportunities and network.

Who Do You Trust?
LinkedIn is a great tool for business, however it can also be abused, something to consider when blindly accepting connections is what information does this open up about you? Could being connected to this person somehow serve as an endorsement to their validity to your other connections?

If used en masse to target a specific company, LinkedIn can easily be a data mining tool to for attackers to recruit insiders who could give up information unknowingly to a competitor, or even fully enlist them to their nefarious cause.

Think you can guess who I am?

 Upcoming Webinar: Insider Threat Kill Chain: Detecting Human Indicators of Compromise

  • Learn how human resources, legal and IT can work together to help prevent insider threats before they become a problem
  • Learn to identify risk indicators with employee attitudes and behavior and how it correlates to their patterns of activity on your network.
  • Discover how you can use log intelligence and security analytics to automate actions and alerts and rapid reporting and forensics.

Webinar Details:

  • Date: May 08, 2014
  • Time: 11:00 AM Pacific/2:00 PM Eastern
  • Duration: One Hour



Related Articles:



picCheck out Tripwire SecureScan™, a free, cloud-based vulnerability management service  for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.


picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].

Categories ,

Tags , , , , , , , , , , , , ,

SANS Endpoint Security Maturity Model
  • Michael Scheidell, CCISO

    I hope I was smart enough not to connect with you. ;-), but you never know. I did reject (and then report) a profile that was using the photo of a murder victim, and yes, she/he/it was posing as a recruiter.

    LinkedIn won't take these down, even obviously fake ones like a fake minister of defense at an african country, so everyone needs to be on alert.

    Anytime anyone asks me for a connection, I look at the profile (do a google image search..), and if < 100 connections, usually ignore them.

    If their connection request was one of those generic 'click the button' ones without a reason they want to connect, I reply back to them and ask them where we met. 99% of the time I don't get an answer.

  • http://twitter.com/kwestin @kwestin


    No worries if you did, that account has been deleted once I completed the research and I never actively communicated with anyone. I did the research after some of my own frustrations around fake accounts connecting to me, I reported them to LinkedIn as well, but nothing happens to those account it is not something that is actively policed. I have started to clean up my own account to include only people I have met in person or actively worked with on projects in some capacity.

  • http://twitter.com/LittleLadyCook @LittleLadyCook

    Interesting, some people ask to connect on LinkedIn to because "we both have large networks". Every time you read a post on how to make the best use of LinkedIn they suggest you to connect with folks that have a minimum of 500+.

    I do believe that like with most things, quality over quantity, but who knows.

    Now, you're going to have to tell us more about those job offers ha! Did you apply to anything while using that fake profile?

    Thanks for sharing your experience. Cheers!

    • http://yourmortgageoryourlife.com Paisano1

      The author simply created the profile and did noting to promote it, nor did he make any attempts to contact anyone, connect with anyone, or deceive anyone directly. He simply watched and waited, then wrote up his findings. LinkedIn really should do more to police the platform and put an end to the very real and malicious faux profiles that nefarious types are suing to harm others.

  • http://twitter.com/LittleLadyCook @LittleLadyCook

    So pretty much the "job offers" he received were fakes? I was just curious as to how he received job offers without applying to jobs on LinkedIn.

    Most of the spam I've received it's been when I've joined a random group. Strange requests from accounts from the other side of the planet, but it's not common in my personal experience at least.


  • http://twitter.com/kwestin @kwestin

    No they were not fake job offers, but I did not follow up on them. Other recruiters reached out to me who were part of bigger companies telling me they were hiring additional recruiters. I was invited to a networking event and had offers to meet in person. It might have helped that I used the image of a somewhat attractive female.

Ken Westin

Ken Westin has contributed 157 posts to The State of Security.

View all posts by Ken Westin >