Glut of Fake LinkedIn Profiles Pits HR Against the Bots:
A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.
Last week, KrebsOnSecurity examined a flood of inauthentic LinkedIn profiles all claiming Chief Information Security Officer (CISO) roles at various Fortune 500 companies, including Biogen, Chevron, ExxonMobil, and Hewlett Packard.
Since then, the response from LinkedIn users and readers has made clear that these phony profiles are showing up en masse for virtually all executive roles — but particularly for jobs and industries that are adjacent to recent global events and news trends.
[...] Lathrop said that about two months ago his employer noticed waves of new followers, and identified more than 3,000 followers that all shared various elements, such as profile photos or text descriptions.
"Then I noticed that they all claim to work for us at some random title within the organization," Lathrop said in an interview with KrebsOnSecurity. "When we complained to LinkedIn, they'd tell us these profiles didn't violate their community guidelines. But like heck they don't! These people don't exist, and they're claiming they work for us!"
[...] Cybersecurity firm Mandiant (recently acquired by Google) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at cryptocurrency firms.
Fake profiles also may be tied to so-called "pig butchering" scams, wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.
In addition, identity thieves have been known to masquerade on LinkedIn as job recruiters, collecting personal and financial information from people who fall for employment scams.
But the Sustainability Group administrator Taylor said the bots he's tracked strangely don't respond to messages, nor do they appear to try to post content.
[...] This experience was shared by the DevOp group admin Miller, who said he's also tried baiting the phony profiles with messages referencing their fakeness. Miller says he's worried someone is creating a massive social network of bots for some future attack in which the automated accounts may be used to amplify false information online, or at least muddle the truth.
"It's almost like someone is setting up a huge bot network so that when there's a big message that needs to go out they can just mass post with all these fake profiles," Miller said.
[...] "What's clear is that LinkedIn's cachet as being the social network for serious professionals makes it the perfect platform for lulling members into a false sense of security," Bloomberg's Tim Cuplan wrote. "Exacerbating the security risk is the vast amount of data that LinkedIn collates and publishes, and which underpins its whole business model but which lacks any robust verification mechanisms."
(Score: 5, Insightful) by Username on Wednesday October 19 2022, @08:50AM (4 children)
Maybe you shouldn't hire based on social media profiles.
LARPing isn't illegal, neither is parody.
For instance I used to be a lawyer at wolfram & hart.
(Score: 1, Insightful) by Anonymous Coward on Wednesday October 19 2022, @09:21AM
Was going to say something similar. In a battle between the HR people I've met (a limited sample) and a modest bot army, I might bet on the bot army winning.
(Score: 3, Funny) by Thexalon on Wednesday October 19 2022, @10:50AM
I remember you - I used to argue against you working for Dewey, Cheatham, and Howe.
Since headhunters often have bots that crawl LinkedIn and spam candidates, I'd say turnabout is fair play. Let the bot try to recruit the bot, have fun you two! It's a bit like hooking up Eliza to talk to another Eliza.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by Freeman on Wednesday October 19 2022, @03:40PM
Depends on who you Parody and where you're from. King/Queen of England anyone?
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by legont on Thursday October 20 2022, @12:16AM
They are getting it. For the last couple of months I started to get actual human head hunters calls as opposed to robocalls and linkedin robomesssages.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 2) by looorg on Wednesday October 19 2022, @02:22PM (4 children)
I'm surprised it took them this long to flood LinkedIn with fake profiles, references etc.
The article seems somewhat short on the why they do it. I guess they don't really know or can't figure it out. But there appears to be various hints about scams. I would be surprised if that was the core reason.
While possible it wouldn't be my first goto idea. I would think they want to pad cv:s (possibly for a non-american/european market) and create fake references for later use for more real applications. You put people in LinkedIn that you can later claim where coworkers or bosses etc that can vouch for you. So the infiltration begins ...
(Score: 1, Funny) by Anonymous Coward on Wednesday October 19 2022, @02:43PM
I blame aristarchus.
(Score: 0) by Anonymous Coward on Wednesday October 19 2022, @08:41PM (2 children)
That was my question as well. Why? To what end? Trying to build a legend? Trying to hook HR people to later phish? Inquiring minds want to know!!
(Score: 2) by legont on Thursday October 20 2022, @12:20AM (1 child)
One does not necessarily knows in advance how she is going to use the tool she builds. You built it - they come. That's the first lesson of any start up.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 0) by Anonymous Coward on Thursday October 20 2022, @01:53AM
> You built it - they come.
Sorry, I already left. Shortly after MS bought LinkedIn I closed my account...at least I tried to. I think those f****** may have left my profile up anyway, but it was bare minimum in content.