Before LinkedIn, lying on your resume was common practice for job seekers. According to a 2020 ResumeLab study, 56% of people embellish the truth on their resumes, with 36% outright lying. Recruiters are experts at honing in on the usual areas where white lies exist – experience, skills, grade point average, salary, and references.
On LinkedIn, profiles are digital resumes and fall into diverse forms of exaggeration and sometimes fraud. According to the Federal Trade Commission, fraud reports across social media have soared over the last five years.
LinkedIn is equally vulnerable to hackers and impersonators seeking to take advantage of the increased demand in employment and challenges straining human resource departments since the pandemic, everything from the debate of remote or hybrid work environments, pay gaps, diversity and inclusion, scarcity in middle management, and now, “quiet quitting.” These are all factors that play into the high cost of employee turnover.
In this brief, Overwatch analysts investigate the common mis- and disinformation found on LinkedIn. We will also explore the impact on human resources and how recruiters can apply critical thinking skills taught in open-source intelligence (OSINT) to hire qualified and honest candidates to reduce turnover costs.
The Bottleneck of Employment Verification
According to LinkedIn’s mission statement, they strive to connect the world’s professionals to make them more productive and successful. This makes LinkedIn an excellent source to publish employment history and a glimpse into a candidate’s professional circle of influence. However, a surprising lack of verification goes on when posting information on the site.
When individuals update their profile, they can link to companies, universities, and professional connections, but like Wikipedia or other social media platforms, not all content posted can be taken at face value, leaving it to recruiters to verify the information.Notifications are not sent to page administrators to verify the information. Only mentions in LinkedIn posts receive LinkedIn notifications to invite companies or brands to engage with the post.
Based on the latest information on LinkedIn’s site, it does look like there is progress to help recruiters verify employment.
The feature was unavailable when we attempted to turn on employee verification for our company page. As HR recruiters, we recommend turning on the option, if available. This helps monitor brand sentiment and gives fellow recruiters greater confidence and validation behind LinkedIn profiles. Instead, it leads to a backlog of validation.
It all starts with a LinkedIn profile. A LinkedIn profile consists of a profile picture, avatar, and digital resume of experience, certifications, referrals, and posts to share accolades and gain grassroots professional development. Because of this, LinkedIn is where 94% of recruiters vet potential candidates for a position. This is where good actors’ white lies live and where bad actors thrive.
In LinkedIn’s User Agreement, it is prohibited to create a fake profile. This does not hinder bad actors from creating accounts to spread disinformation with the intent of spamming job seekers for money or building a digital presence for more significant harm. LinkedIn’s latest Transparency Report outlines how they combat fake accounts and scams through automated defenses. Last year, LinkedIn said they removed more than 32 million fake LinkedIn accounts.
Bad Hires and Bad Actors
Beyond bad hires and the cost of turnover, there is the risk of bad actors. A bad actor’s intent could range in scope and scale from personal stalking, spreading disinformation online, or even targeting specific people or businesses to perform material theft or corporate espionage. When uncovering a fake profile, some indicators can help you spot the profiles. It is why inviting and connecting with another profile without knowing their intent requires you to stop and take a moment to ask yourself why the connection matters.
Perhaps the most well-known example demonstrating just how far a bad actor with a fake profile can go in exploiting LinkedIn comes from the “Robin Sage Experiment” conducted by Thomas Ryan, a “White Hat” hacker and Threat Intelligence expert. Ryan created a fake profile on LinkedIn and other social media channels. In 28 days, he connected with nearly 300 people, including security specialists, military personnel, defense contractors, and intelligence personnel. In addition, the profile gained privileged information about the people she connected with and their businesses; information such as home addresses, email addresses, bank accounts, and even classified information about the location of military units.
However, the revelations of Robin Sage do not appear to have stemmed the tide regarding the ease with which a fake profile can connect to high-value targets on LinkedIn. A confidential source close to Overwatch analysts spoke with us during the research process for this brief and claimed to be running a similar experiment. In just one week, they maintain that they have been able to amass fifty LinkedIn connections, all of whom are in the aerospace and defense contracting sector. Some people have even reached out to talk with this fake profile, unprompted.
While the above-listed examples showcase altruistic experiments to raise awareness about the dangers of bad actors online, there still exist actual bad actors on LinkedIn. A more recent example is an incident with the company Meta-Play, which brands itself as a blockchain incubator for Defi, Gamefi, and the Metaverse. On January 12, 2022, the company released a tweet claiming that a former employee named Jikun Liao had stolen $2.7 million.
A look at Liao’s LinkedIn profile begins to paint an interesting picture. He is from Singapore, allegedly living in Houston, Texas, and since 2013 he has worked for eleven companies, lasting 2-3 months or less. Attempts to verify employment using open-source business data aggregators and company websites confirmed only three of the listed experiences. While Liao had deleted his LinkedIn profile after the theft, the company had an archived version and published it on the tweet. This leads analysts to believe that the profile’s work experience could be exaggerated or fabricated.
A close look at the profile photo also shows an indication that it is a fake or at least an altered picture. A look at Liao’s ears shows that they are somewhat mismatched, a general sign of an altered profile picture of a human being. Additionally, the outline of Liao is blurry, suggesting that the photo was possibly cropped and dropped onto a vague background.
Taking the research further, analysts searched for Liao on various social media sites and forums using his names, including multiple variations/aliases in English, Mandarin, Malay, and Tamil. Overall, Liao has a minimal online presence and appears not to be present on any of the leading social media platforms where most people usually congregate. Analysts could find potential profiles on GitHub, KeyBase, Telegram, DXDao, OutSourcely, and VK. The OutSourcely and VK profiles contain the most interesting information, as the OutSourcely profile lists Liao’s age as 29. In contrast, the VK profile includes a new picture and a birthday that would fit the age listed on OutSourcely. In addition, the VK lists Mr. Liao’s location as Vladivostok, Russia.
Analysts then ran the account’s profile photo through a free, open-source tool called FotoForensics. As can be seen from the results, the lack of color on the background indicates that the photo was cropped and placed on a different background, accounting for the fuzziness of the edges. Proof that this photo is inauthentic can further be seen in the video below, provided by Forensically, which shows that the edges of the individual in the photo are full of inconsistencies and errors, again denoting that it was cropped.
The above evidence leads Overwatch analysts to believe that Jikun Liao is likely not a real person and that MetaPlay potentially hired someone posing as Liao based solely on his LinkedIn profile. The use of open-source intelligence techniques by HR recruiters and knowledge of the potential threats on LinkedIn likely could have stopped this alleged crime from happening, saving the company and its investors a large amount of money.
Overwatch analysts assess that companies will have to make a more significant investment in human resource departments to grow their skills and capabilities in open-source intelligence training (OSINT). To meet the growing demands and respond to cultural trends in a digital hiring age, employers will require a more in-depth understanding of how social media platforms play into hiring. The role of recruiters has evolved tremendously, requiring critical thinking skills to invest in a company’s most significant investment – their people.
Similar to the skills used to monitor current trends, HR experts will require a long-term investment in OSINT skills. While these skills may be used to monitor the activities of current employees, it is more likely they will be used to anticipate trends within the workforce and to monitor former (possibly disgruntled) employees. Understanding this digital space allows recruiters to proactively show current and prospective employees how a company’s core values come to fruition.
The most significant value a company will see from this investment is protecting its brand and its assets. A loud voice ofg brand sentiment comes from employees and having bad actors represent your company without acknowledgment can devastate your brand as they are an extension of your team.
Ultimately, companies will not be able to rely on social media sites like LinkedIn to protect them. While many sites are making strides to verify and validate information, it will always be up to the company to take their best interests to heart by investing in additional skills for their people.
Learn more about open-source intelligence courses for recruiters, check out Echo Academy here: https://echoanalyticsgroup.com/open-enrollment/