I Link, you Link, they could steal your staff and clients

Last week on LinkedIn I saw a post about a fake profile that had been set up to try and connect to people in an industry that I know very well. The imposter was pretending to be part of the HR team of a well know company. When the company found out, they let everyone know.

So what harm can connecting to a fake profile do? LinkedIn exists to allow us to create networks of people we know, and contact others with that could have a similar background or be useful business contacts. Once you have connected with someone you can access their connections (unless they have disabled that facility and most people don’t). Connecting to the fake profile would give them access to all your contacts and clients. As they were pretending to be from an HR team, they were probably after details of people in your company and others in your industry. If the fake profile was set up by a sales team, they would be after your client contacts. Once they have them, they will contact them and try to persuade them to switch business to their company.

Fake profiles can also be set up by criminals that are targeting your company to get at business details or ways into your networks. A recent interview with a Social Engineer showed how he used social networks in his methods to check the security of companies; “I look them up on social media, I interact with them online, building trust and securing a credibility I will abuse later on”.

If you receive a connection request from someone you don’t know check out their profile. Does it look credible? Have they bothered to look at your profile? I recently received a connection request from someone that was allegedly the director of the security team in a bank. When I looked at the profile it had no details of what they currently did, no employment history no picture and only 10 connections – it was a NO from me. If a connection looks suspicious, there is an option to report it to LinkedIn as spam after you click Ignore.

Don’t stop using LinkedIn, but be wary of accepting connection requests from people you don’t know and check them out before connecting.