Whether it be those crypto scams, annoying bot comments, or even the more nefarious spying and information gathering that goes on within LinkedIn, it is always hard to verify digital identities. In my opinion, social media sites should develop a feature that would scan account attributes (followers, connections, requests) for certain characteristics and deliver a score based on the probability that the account is a bot/sock puppet (this will most likely never happen as it would drastically decrease platform user numbers).
After receiving another fake connection request, I decided to write up a few methods that can be used to identify fake accounts. The rest of this article will be a walkthrough of my thought process and my actions to validate that the account is fake.
It started with the following connection request in my inbox.
Now the person behind this account did put in more effort than others by personalizing the request with a few sentences, however, it is clear that this was a copy/paste. There is no specific name or personalized information, besides the word Security, which oddly has a capitalized S. Next, the profile image is strange because the woman is not looking at the camera. Not many real people would upload a profile photo in which they are not looking at the camera. We know how much effort people put into their profile photos. So, the next step is to check out the account further.
Based on this information, focus on the Connections, About, and Activity sections. "Karen" has 46 connections, now this isn't a surefire sign of a fake account, but either the user never uses LinkedIn, just created a LinkedIn profile, or is a fake account that was just created. Also, if the first option was true, she most likely would not be following me as I do not know her personally. Most legit accounts with such a low number of connections only connect with those they know outside of LinkedIn.
"Karen's" About section also gives us zero information. It is very unspecific and does not tell us a single thing about this person. Fake accounts usually try to be as generic as possible on details. And on to the Activity section, "Karen" has not made a single post, comment, or like. So, once again, she has either just created her account, never used LinkedIn for the beneficial purposes it offers, or is a fake account that was just created. I'm leaning towards the third option at this point. It is also worth noting that there is no banner image. This is not super abnormal, but most people do have a banner on their profile.
The Experience section is where the person behind this account really messed up when creating this fake profile. By using the same verbiage for multiple roles with multiple companies, it's almost a guarantee that this is not a real profile. It is clear that no effort was put into creating a realistic-looking Experience section. I know of Capgemini and Cox, but I have never heard of AppSOC. When clicking on the company's LinkedIn account, it shows 3 employees and was started in 2021. I cannot confirm that this is a fake company, but it is certainly suspicious.
Now for the final step, let's reverse search the profile picture to confirm that it is a stock photo. *This step requires the desktop version of LinkedIn. You must right-click and copy the profile image and then you can paste it in the desired site. I like to use TinEye, but there are many sites available to reverse search an image. Just google some and find one that works for you. Here are the results I got from TinEye:
And those 28 results confirm that this is indeed a stock photo.
So there you have it, based on the generic wording, no activity, pasted experience descriptions, and stock photo, I can say with high confidence that this profile is a fake account. Sorry Karen Davis, but I will be declining the request.
AUTHOR: Micah VanFossen
Micah is a SIEM / Data Engineer. He works to defend against threats by identifying, obtaining, and utilizing relevant data to create detections and inform strategic decisions. He holds a Master's degree in Cybersecurity and a list of top industry certifications, but the differentiator in his career has been his passion to learn, create solutions, and educate others. He is a firm believer in resourceful education and the power of curiosity.