Can LinkedIn profiles be fake?

Fake LinkedIn profiles cannot be detected

Don't trust everything you see on LinkedIn. We created a fake LinkedIn profile with a fake job in a real company. Our fake profile caught the attention of a Google recruiter and received over 170 connections and 100 skill pledges.

Everyone is talking about fake accounts on Facebook and fake followers on Twitter. LinkedIn wasn't involved in the conversation, but Microsoft's social network has a big problem too.

LinkedIn doesn't check anything

We created a fake profile and linked it to a real company. Unfortunately it is not difficult. LinkedIn does not ask for proof or confirmation of anything. Instead, LinkedIn runs on a kind of honor system.

They can say you work for a big company and give yourself an impressive job title. It worked for us. Our false profile (John) “works for HP” as an innovation technologist. You might think this is a job title we invented locally, but it's a real position we found in HP's job openings. We've also given John previous jobs at Exabeam and Salesforce to round off his résumé.

You could imagine HP or someone else catching us and stopping us. But that's not how it works. LinkedIn does not notify companies of new employee profiles.

We have not stolen anyone's identity or even used a real photo for our fake profile. Do you see the photo of John? This is not a stock photo of a real person. Instead, the picture is from thispersondoesnotexist.com. Put simply, it is a fake photo of a non-existent person, created using a computer algorithm. Here is a screenshot of the fake profile for posterity.

Companies can't stop fake employees

Here's the kicker: LinkedIn automatically adds anyone who signs up as an employee on a company's site. At the moment you can look for and find our fake profile in the list of HP employees. All you have to do is visit the company page, click People, and then search the directory of employees.

With our fake profile on HP's “Official Employee List” on LinkedIn, John looks like a pretty legitimate employee!

Even if a company notices a person acting as an employee when they shouldn't, it's difficult to remove them. To remove a fraudulent employee, a real employee must log into the company's LinkedIn profile, go to the contact page, and explain the situation to LinkedIn. From there, the company is at the mercy of the social network. Only LinkedIn can remove an employee from a company's page. This makes the chances of getting caught AND removed is incredibly low.

All you need is a "yes" to start making your connections

Of course there was a problem: John had no connections at HP. To solve the problem, we happened to try to connect to an HP representative that we could find.

It's very similar to what you do with your own LinkedIn account: you will invite or accept someone who is related to you in some way. We didn't have a single legitimate connection to invite, which was a problem. But we just needed one person to say yes.

After the first person is connected, the process continues to go off-hook. Before we knew it, John had nearly 50 connections with just an hour or two of work. People who never met him, never spoke to him, and never emailed him all wanted to connect. That number continues to grow, and we've also received an invitation (as opposed to a request) from an HP representative.

A Google recruiter even contacted our fake profile

With a growing list of connections and a job, it was only a matter of time before John noticed. But no one noticed that John wasn't real. Instead, Google thought he might be well suited for a job.

And so a Google recruiter put out a hand. The recruiter said John's work experience made him a potential candidate for a position the company had available and he wanted to talk about opportunities. There were no red flags for the Google employee at John.

We didn't work through the chat - John wasn't real, and his photo was generated by a computer algorithm. But if we were trying to get a job somewhere, this would probably have been a great way to create a really looking fake resume to get a foot in the door.

Fake links and endorsements are easy to buy

Our fake profile already had nearly 50 connections to his name and we could have continued the same process to gain more. But that's too much work. We wanted lots of fast connections. So we used an abbreviation.

We paid for a service that brought John 100 connections. These connections then confirmed our ten best skills and gave us a total of 100 recommendations. Unsurprisingly, once the connection numbers got this big, our invitation requests were answered faster. Now John's profile looks impressive! A job at HP, 179 connections (many to HP employees) and countless endorsements - it doesn't matter that it doesn't exist.

You may be wondering if LinkedIn will notice us for connections. As far as we know, they are "valid". They didn't go away, and every profile we looked at listed the US for a home country.

The service promised that too. As the website puts it:

Each profile that you will invite has a profile picture, an English name, and a location in the United States. You have work experience and an educational background.

As far as we can see, this is an automated process. The 100 invitations to join were received almost simultaneously. The endorsement process used the existing connections that we paid for. The link buying service maintains constant access to all of these profiles.

You can't necessarily trust LinkedIn connections

LinkedIn shows when you are connected to someone through your connections and the connections of your connections. When you are directly connected to someone, it is a first degree connection. Your connections that you do not share are second-degree connections. And all the connections they have are third degree connections.

As you establish personal connections, your expanded network will multiply. Think about it: if you have ten friends and each of them have ten friends you don't know, then you have 100 "friends of a friend".

So it might not come as a complete surprise that our fake profile is somehow a "third" connection away from one of our real-life profiles. That is, our real profile has a connection to someone who has a connection to someone else who then has a connection to "John". It's a small world after all.

LinkedIn uses these connections to validate a profile's legitimacy, but it's easy for fake profiles to obtain. "This person knows a friend of a friend" is meant to be reassuring. But you can't count on that. There is also no way to track your connections with that person.

LinkedIn gives an illusion of trustworthiness

LinkedIn's problems are numerous. But most of these problems are small and forgivable on their own. Anyone can create a profile with any name. Anyone can register as an employee of a company. LinkedIn does not offer companies an easy way to moderate and enforce their employee list. Anyone can buy links and endorsements. Employees intuitively trust that someone's work experience is real and accurate, and that other people or companies have checked profiles.

Each of these statements is not a significant problem on its own. However, taken together, the problem is much bigger than the sum of its parts. Nobody checks the accuracy; Everything depends on an honor system.

When you receive a connection request, you get evaluating the person on several fronts. Do you recognize her If not, do they work for your company or a frequently contacted company? Do you know someone you know? And so on. It is easy to convert most of these answers to yes. And because LinkedIn operates on the principle that "more connections are always better," most people are willing to overlook the fact that they don't know a person.

LinkedIn makes it easy to populate and cheat resumes

We didn't develop the Google recruiter any further. Google would quickly see that our profile was fake. After all, we used a photo of a person who doesn't exist!

However, you don't need a completely fake profile to benefit from LinkedIn's guidelines. You could just add a company you've never worked for, a job title you've never had, or additional information. You could pay for links and endorsements. This could help you get an interview. Continuation padding is an old trick, and this is the digital version.

It's bad for everyone. When recruiters are laid off, they are less likely to trust LinkedIn and they may turn to other recruiting methods.

Getting a job isn't always the name of the game. When we investigated a job recruiting scam, the scammers posed as employees of a company by showing us the true profile of a real person in a real company. There was some risk involved - what if the target tried to connect and contact the person on LinkedIn? The scammer could have simply created a fake LinkedIn profile. With a few hours of work, this fake profile would look just as good as a real employee.

A company that realized their name was being misused on LinkedIn couldn't stop a fraudster from doing it right away either. Instead, the company would have to turn to LinkedIn.

CONNECTED:Fraud Warning: Fake recruiters tried to catch us

LinkedIn was able to fix the problem

LinkedIn could fix these issues. For example, with LinkedIn, companies could screen their employees and provide better tools to remove fraudulent employees. The social network, like Twitter, could check IDs and give some profiles a “verified” badge.

To stop bogus connections, LinkedIn could even look out for suspicious activity and find them receiving 100 connection invites at once. Then it could put an end to the practice. Other social networks are already looking for fake accounts.

But until LinkedIn takes action, you should be looking harder with each connection request. If a recruiter points you to their LinkedIn profile, do not use this information to help you make decisions about your career.