The (LinkedIn) platform occupies a unique position among social networking platforms, as it allows communication between jobs and jobs in the labor market, allowing continuous communication with new people, almost complete access to user information, and at the same time a significant rise in social networking. Trust level means between users who have not processed it.
For example, while the above disadvantage is that it is relatively easy to create fake and hidden accounts, one security expert (Brian Krebs) leaked several fake accounts on the LinkedIn platform, allegedly belonging to high-ranking information security officials in several companies. major international. And it's now the fall of 2022. In addition, Brian has unveiled thousands of fake accounts that point to a real company as the account holder.
Although the motives of the scammers differ, the common denominator among all of them is that they are indifferent to the brand image of HR or the reputation of the company they are being asked to work for. With this in mind, two questions come to mind: Is it possible to get rid of fake employee accounts on your company's LinkedIn page and how can you protect your company's brand?
Firstly ; How does LinkedIn handle fake employee accounts?
The problem of creating fake accounts on the LinkedIn platform is not new at all. Every six months, the platform publishes, among other things, the number of fake accounts it has banned. Exact numbers vary from year to year, but we're talking about tens of millions of fake accounts being reported from time to time. For example, LinkedIn suspended approximately 140 million fake accounts from early 2019 to mid-2022.
Most fake accounts on LinkedIn are automatically banned — the platform's defenses blocked 95.4% of fake accounts in the first half of 2022 — and the most common ban is default accounts upon login, which ranges from 70% to 90% depending on the time period. % of virtual accounts are currently suspended.
Fake accounts blocked due to user complaints accounted for less than 1%, and the figure was low: 190,000 fake accounts were banned due to user complaints in the first half of 2022 alone.
LinkedIn didn't reveal what defenses it uses to identify suspicious accounts, but it did provide some details about what makes them suspicious. In this regard, too much news is a serious warning.
Another sign is geographic mismatch, when the geographic location of the user account relates to one region, but the account is registered in a completely different region. In addition, if suspicious sites share certain popular patterns, they can be flagged along with other previously banned fake accounts.
Late last year, LinkedIn introduced several innovations to combat fake accounts:
- The platform now checks account photos so you can tell if they were created by AI tools.
- Pipeline now adds alert alerts for suspicious messages.
- Another new feature is the "About This Profile" section, which displays the approximate date the account was registered, as well as other information designed to help users determine if an account is trustworthy.
second; Has LinkedIn succeeded in solving the problem of fake accounts?
To find out, WIRED ran a small experiment: First, two journalists created entirely fake accounts filled with text and images generated by AI tools. The next day, LinkedIn asked both users for identification and eventually suspended both accounts.
Then the journalists tried a different approach: They made an exact copy of WIRED's editorial profile, with one difference: They replaced the profile picture (with a real one). They also provided an email address as contact information to sign up for an encrypted messaging service called Proton Mail — a service popular among those who wish to remain anonymous — a dummy LinkedIn account. It lasted a full two months, choosing to upvote messages he had sent, adding new people and promoting WIRED's content before journalists removed it himself.
What was the conclusion of this experiment?
This experience shows that the LinkedIn platform is very good at managing virtual accounts that are easy to create using generic images and plain text. But if someone takes the time and effort to create more convincing fake accounts with real information about real people, they can bypass the measures LinkedIn has taken to deal with fake accounts.
third; To remove fake LinkedIn Company Page accounts:
Anyone can use your real company name and employee information for malicious purposes without your knowledge or consent. Therefore, it is advisable to remove all dummy accounts from your company's employee lists.
Kaspersky security experts recommend measuring the scale of the problem first: just compare the number of accounts that appear in your company's list of current employees on LinkedIn with the number of your actual employees.
You can also perform a geographic assessment by comparing the number of employees you list in certain regions of the LinkedIn platform to the actual situation. This should help identify the problem as fake accounts are likely to point to specific areas where scammers are looking for victims. Therefore, fake accounts that list your company as a place of work may not be evenly distributed across the world, and are likely to be based in one or more regions.
Depending on the results of these detection attempts and the size of your organization, the next steps may vary. If there are relatively few fake accounts and you can geotag them, it's easy to identify most of them and report them to the LinkedIn support team.
When the scale of the problem is greater, it makes sense to start sorting these fake accounts from most important to least important, prioritizing those posing as CEOs.
The easiest way to do this is to create a list of top executives and use their names to find their real LinkedIn accounts. If duplicate accounts are found, a distinction will be made between real and fake accounts based on the date of registration. Also find locations and profile photos that don't match.
The platform itself can solve this problem, at least for fake accounts posing as executives, by verifying the accounts of public figures and company executives, at least with the usual blue tick.
fourth; How do you deal with the other side of the problem?
There is another side to the problem: scammers can target your employees with fake LinkedIn accounts, which may be people who work for another organization. You don't need to look for an example showing the results of such an attack: last year, such an attack was carried out against Sky Mavis, the developer of the monetization game Axie Infinity.
The attackers contacted an employee of the company via LinkedIn, claiming he had a job offer. They then sent the employee a PDF containing malware, gained access to the company's network, and stole the keys used to authenticate transactions. They then used these keys to empty the company's cryptocurrency accounts. The total loss amounted to more than $500 million, making the incident one of the largest cryptocurrency thefts in history.
Defending against such attacks may not be easy. But raising employee awareness of information security can definitely make a big difference. The best way to achieve this is through regular cyber security training. Therefore, the perfect solution is an automated security awareness platform.