In 2022, the business social network LinkedIn removed over 80 million fake profiles, according to data from Allure Security, a firm that offers online brand protection-as-a-service and handles such takedowns every day. If that sounds a lot (it is!), then consider this – Allure says it’s an increase of 152 per cent over the previous year.

Fake or fraudulent LinkedIn profiles present significant potential risks, such as reputational damage, data theft, and fraudulent activity.

It’s the focus of episode 410 of the For Immediate Release podcast, where Shel Holtz and I discuss this partly in the context of the communication profession, where a proliferation of fake LinkedIn profiles was reported by PRovoke Media last week. It adds to the overall wider picture of such fakery on a huge scale.

PRovoke Media’s investigation revealed at least 11 fake profiles claiming to be employees of a PR recruitment firm, Phifer & Company. These profiles boasted impressive credentials and included stock photos from websites like Shutterstock and a Russian photo stock site. CEO Brian Phifer told PRovoke Media that he attributes the fake profiles to a disgruntled former employee, saying, “I don’t know what this is all about, and why someone is trying to defame me”.

In our podcast conversation, Shel and I speculate about other possible motives, including efforts by persons unknown to pad the company’s reputation, or malicious activities by competitors or others.

You can listen to our 15-minute conversation right here. If you don’t see the embedded audio player below, listen on the FIR website.

How to Protect Your LinkedIn Presence

The fake profiles problem clearly extends far beyond one company, with LinkedIn removing tens of millions of inauthentic accounts annually that impersonate real businesses and executives. It’s an ongoing challenge as fraudsters use increasingly sophisticated methods like AI-generated images to create fake profiles (and the profile texts themselves being created via generative AI) for scams, phishing, and reputational harm. It also points to broader concerns about disinformation and fraud across social networking platforms.

In the case of Phifer & Co, LinkedIn removed the fake profiles after being alerted by PRovoke Media. In a statement to the publication, LinkedIn said, “We have robust measures in place to prevent and detect fake profiles. When we become aware of fake profiles, we take appropriate action, including removing the profiles”.

However, the incident does raise concerns about the platform’s ability to manage and prevent such fraud, especially when we consider the big numbers in Allure Security’s findings.

What should you and your organisation do to help ensure your best defences are in place?

Here are ten suggestions. Some are simple to do, others will likely require far greater effort, resourcing and time:

1. Be vigilant when accepting connection requests. Carefully review the profile of anyone who tries to connect, looking for red flags like suspicious profile images, incomplete work history, few connections, or inconsistent details. For LinkedIn’s new ‘Follow’ feature that does not require your permission to be followed by someone, you should regularly check the list of people who follow you (and likewise, who you follow).
2. Check profile images using reverse image search tools like Google Images to see if the photo is a stock image or used elsewhere online under a different name, or is AI-generated.
3. Look at the account’s content and activity. Fake profiles often have little to no original content, lack of genuine engagement, generic statements, or even duplicate posts.
4. For organisations, regularly audit your company’s LinkedIn page and employee list. Compare the profiles listed as current employees against your actual employee roster. Look out for suspicious profiles and report them to LinkedIn.
5. Provide cybersecurity awareness training to employees on how to spot fake profiles, avoid interacting with suspicious accounts, and report any red flags. Educate employees on the risks of engaging with fakes.
6. Set clear social media policies for your organisation on what information employees should and should not share about their roles and the company. And be sure you have clear guidelines on who can claim a connection with your company if they’re not an employee: contractors, for example, and others working with your employees as freelancers or placed in work with you by agencies.
7. Enable two-factor authentication and use strong, unique passwords for LinkedIn accounts to prevent unauthorised access if login credentials are compromised.
8. If you identify fake profiles impersonating employees or your brand, report them to LinkedIn immediately. LinkedIn relies heavily on user reports to take down fake accounts.
9. Stay informed on the evolving tactics and red flags of fake LinkedIn profiles. Scammers’ methods grow more sophisticated, such as using AI-generated profile images, so awareness is key.
10. Consider using LinkedIn’s built-in verification and security features, such as work email verification and proof of identity.

By proactively monitoring for fakes, reporting suspicious activity, and educating employees on the risks, individuals and organisations can better protect themselves from the reputational harm, data loss and fraudulent activity that fake LinkedIn profiles enable.

As with using any social network or online place today, the combination of vigilance and verification is essential.