Navigating the LinkedIn Security Minefield
It's been 254 days since I was laid off. I am not going to talk about my Cybersecurity layoff journey yet, as it's something that I intend to do in another blog post. Today, I want to talk about how LinkedIn has become a security minefield. Fake profiles and scams from bots are at an unprecedented level. I have seen so many posts on LinkedIn of people fed up with the bot epidemic. This creates an untrustworthy environment where both recruiters and job seekers are feeling fatigued. Recruiters are inundated with bot-generated applications, while job seekers are at a much higher risk of falling victim to these scams because of their situation of being without a job. On top of this, job seekers are feeling depressed, burnout, and are losing hope because they're battling a job market that is brutal because the system is simply broken. So how do we deal with all of this? Is there anything in our control we can do to protect ourselves?
Leveraging OSINT to Protect Against Bot Rampage
Over the past few days, I have been personally targeted by bots on scam job opportunities. I had about three bots target me within 24 hours. Most that I have come across are pretty easy to detect. They start off by some kind of pitch to quickly grab your attention like the one below.
We can see that this bot is replying to various users saying the same thing over and over from a post that I had reacted to and later commented. They specifically target us green open to work banner people. I have not yet seen a bot trying to scam someone without the green open to work banner, just wanted to point that one out. It seems like it is more of a spear phishing attack targeted specifically at those with the green open to work banner. I also recently got a phishing email but this had nothing to do with LinkedIn.
This phishing email was very well presented. However I took the time to verify if I had even submitted an application at this company, as well as reached out to the name that appears in the sender address. Always keep track of your applications! I track them on a txt file in Notepad if you're on Windows. You can also use LinkedIn's Jobs - My Jobs feature, which tracks all of the jobs you've applied to. Lastly, using a quick search in Gmail works wonders when you're trying to find a confirmation email stating that you applied for a job at x company. I was able to find the user on LinkedIn using the name in the sender address, which they informed me that this email was phishing, and was not sent by them.
These measures taken to protect ourselves from falling victim to job scams off and on LinkedIn are good, but we can do better! Let's leverage OSINT to greatly give us more power and visibility in making informed decisions. Open source intelligence (OSINT) is "the process of gathering and analyzing publicly available information to assess threats, make decisions or answer specific questions." Heading over to the profile account of the bot we can see that the account was just created. We can also see this account not having any other activity other than spamming multiple posts and they also don't have any verified verifications even though this feature is something that requires to be put on a waiting list to be enabled on your LinkedIn account.
Another tactic you can use is the "Search with Google Lens" feature if you're on Chrome. I used this on another bot account, and was able to find the real user in less than 10 seconds. I took the time to alert the real user that someone was impersonating them on LinkedIn since I found out that the real person had a LinkedIn account, and also told the user to report the bot account to LinkedIn with the hopes that more users reporting the same account will flag the bot account as suspicious and ultimately LinkedIn would take down the account. What you want to do to use this feature is simply right click on your mouse and click on Search with Google Lens. A popup window to your right will open, while your mouse will be used to search what you want to search for. For example, I focused my mouse on the profile picture of the bot account as shown in the picture below.
The Way Forward
With everything mentioned, I took the time to address my concerns through a case I submitted when I reported the bot account. I wanted to do something differently because I know very well that people don't do these kinds of things in creating a case. Some may just report the bot account and end it there. However I wanted to take a step up and express how rampant these bots are becoming. How feasible it is for someone to just impersonate someone so easily. That one account from the user I was conducting OSINT on had already a LinkedIn account. How was a bot able to just use a different name but still use a profile picture of the user so easily? Can AI be used to utilize searches to determine if a LinkedIn account with a similar profile picture already exists in another account? Especially if another name is used? Below is the case I opened with LinkedIn.
LinkedIn did not really give me a good response at all. They did not even let me know if the account had been taken down. I found out about it when I got a 404 error when I headed over to the bot's LinkedIn page.
Neither was I informed on whether any AI is being used to check suspicious account creation like checking profile pictures with names, figuring out some type of correlation where if an account already exists and another name is used, flag that account as suspicious and keep a close eye on what they are posting. This will help in some way minimize the frequency of these bot accounts from being created. Let me know what you think? What other measures can LinkedIn take to prevent such problems from becoming so widespread? What about measures that we can take ourselves that were not mentioned? As always let me know your thoughts! Staying informed and helping each other out is what we do best!