Organised criminals are on Linkedin and out to get you

By Neil Patrick

Inadequate cyber security has enabled an explosion of online fraud. Yesterday the BBC reported that online fraud and computer misuse is now the largest category of crime happening in the UK today. There were over 5 million cases reported in the last year and probably many more which went undetected.

Social media is the new hunting ground for criminals and fraudsters. And they are exploiting it with virtual impunity because the platforms are simply not doing enough to counter this threat to users.

Worse, police resources are just not large or capable enough to combat a problem which is often conducted from outside their jurisdictions. So we have to take care of ourselves and do our bit to protect our online friends as well.

Criminals are lurking even in places we’d not expect to find them. Like Linkedin. Here, fake or misleading profiles are used to create aliases that are then used to commit fraud on unsuspecting victims.

Security specialists Symantec recently investigated LinkedIn. Its investigation uncovered dozens of fake accounts on the social network, across a variety of industries.

I was shocked. Not that they found some. But that they found so few. I’d expect them to do better than this because even my cursory review suggests there are not dozens of these but thousands.

Depending on the nature of the fraud intended, the fake profile will vary. Some aim to acquire sensitive intelligence information from government employees. Others have more humble crimes in mind such as phishing or email scams. But one which has had fatal consequences is sexploitation. This has already resulted in at least one suicide by the victim.

I don’t know how extensive Symantec's project was, but it took me about 5 minutes to uncover a whole heap of fake profiles without any of Symantec’s technology or resources.

You might think that anyone stupid enough to get caught like this deserves all they get. That you’d never be lured into such a trap. But it’s happening all the time. So much so that the government have invested in this film which warns of the dangers:

An increasingly common tactic is to set up a fake profile as a recruiter. Posing as recruiters, the fake accounts enable hackers to see your personal network and gain the trust of those in it.

By making these connections, criminals can entice users to give up personal details, direct them to malware-laden websites and, if they can get their email addresses, launch phishing campaigns - targeted emails that aim to steal personal information.

Linkedin is simply not doing enough to combat this problem. When challenged about it, they said:

"We investigate suspected violations of our Terms of Service, including the creation of false profiles, and take immediate action when violations are uncovered.

We have a number of measures in place to confirm authenticity of profiles and remove those that are fake. We encourage members to utilise our Help Center to report inaccurate profiles and specific profile content to LinkedIn."

Linkedin’s processes are clearly not working well enough to eliminate this problem. They say they ‘encourage members to report inaccurate profiles’. I’ve not once seen a message from them about this. It’s clearly something they’d rather not talk about more than they must, because it reflects badly on their platform.

So we should follow some basic common sense rules to avoid being scammed:

  • Treat all invitation requests from people you don’t know as suspicious until you are satisfied they are genuine. Look for them on other social media sites. Google them. See who else they are connected with. Only accept the invitation when you are satisfied they are genuine.
  • If you are still not sure, cut and paste their profile summary into Google. This way you can see if it has been lifted from someone else’s (a common trick).
  • Understand if your work makes you potentially a high risk person. This includes if you are employed by a large organisation, including government agencies; if you have a position of seniority and influence; if you are a high net worth individual.
  • Review the settings on your Linkedin connections. In your profile privacy settings, you may choose to make your connections not visible to anyone else.
  • Treat invitations to connect from alleged recruiters with caution. Few recruiters that are genuine actively seek to connect with jobseekers. They just don’t need to because they can see all they need to without actually being connected with you.
  • When you encounter a suspicious profile report it to LinkedIn. They do take such things seriously and they will take action. I know because I’ve done it.

And if you need any more encouragement to improve your LinkedIn profile, this has to be it. Often the first suspicious aspect of a fake profile is scantiness of information (or clothes). Putting up information which is verifiable and credible about yourself is one way to distance yourself from those you really don't want to know or resemble.

The value of being an outsider

By Neil Patrick

The desire to conform to the expectations of a group is a primal urge for most people. Tribalism is underpinned by conforming to group norms. So being different sets us at a disadvantage – or an advantage if we choose to make it one.

This week I was delighted to be quoted by Marc Miller of Career Pivot in Austin Texas in a post he put together with predictions from several career experts (and me) about the world of work for 2017. Mark had asked us all for our thoughts and I was happy to provide mine.

You can see Marc’s post here:

I was intrigued to see what others had said. My co-contributors were mostly well known to me and I have Skyped, emailed and collaborated with Marc and many of them in the last couple of years. I respect them all and value their friendship towards me - the oddball.

I am the odd man out for at least three reasons:

  • I am a Brit not an American
  • I am not a careers coach, HR person, or recruiter
  • I have no officially recognised accreditations in this field

In fact my day to day ‘normal’ work has nothing to do with careers at all – I am by profession a marketing person.

I chose to set up this blog about the world of work because it interested me. No more. No less. Yet conventional wisdom is that a marketing person who blogs should blog about marketing.

Perhaps I made an elementary mistake. Or I didn’t…

I confess this is post-rationalisation (a dodgy habit at best).

But here’s the thing. I have ventured beyond my comfort zone, I have been stretched. I have learned new things. I’ve not been constrained by years of immersion in a topic. I have come at it like an over-excited kid for whom everything is new and interesting.

I have made many fantastic new friends along the way that I would never have encountered by sticking to marketing. I ask questions that if I knew better, I probably wouldn’t. My personal network has been enriched and diversified. My mailbox is constantly full of interesting things people send me for discussion.

And because I don’t share the same background as others in the field, I come at the subject from a different perspective. And as a marketing person, I know that being different has a special value of its own.

When we are young, it makes sense to focus our network building on our field of specialism. But when we are older and perhaps looking for something fresh and inspiring, we benefit more by venturing into new fields and delight in the discovery of new people and new things. And this restores the excitement in our work which we may have lost way back when.

All it takes is the courage to risk ridicule and rejection. But my experience is that like most fears, this terror exists only in our heads.

On reflection, I have no regrets at all.