A cautionary tale about accepting connection requests from people you don’t know–even famous ones

Will the real John Sculley please stand up?

Earlier this summer, Forbes shared the story of a fake LinkedIn account created in the name of former Apple CEO John Sculley. The goal of the scam isn’t quite clear, but hundreds of users were duped into thinking Sculley wanted to connect with them. That’s no surprise, says Forbes, given what they refer to as “a gaping hole in the LinkedIn API”:

Unfortunately, gaming LinkedIn is surprisingly easy. A user simply creates a profile, then let’s it “sit” for about a month to “age”. After a time the account receives a notification that they should add employment history at which point they add something to their background. LinkedIn then accepts whatever employment information is provided. After that, the user verifies their email address…and runs the “Import contacts” feature to import the account to send invites to thousands of contacts at a time. Then, using the LinkedIn API, the attacker is able to collect all of the information from the profiles of those who accepted the connection.

The upshot of this cautionary tale? It’s another reason to limit your LinkedIn connections to people you know. While it may be a small boost to your ego when you get a connection request from someone famous whom you’ve never met, it’s probably better to do a little research before taking action. That might end up leading to disappointing news, but at least it won’t lead to bigger problems down the road.

Hat tip on the Forbes story: the LinkedIntelligence blog

2 thoughts on “A cautionary tale about accepting connection requests from people you don’t know–even famous ones

  1. I get more “catfish” connection requests on LinkedIn than I do on Facebook. The clues are obvious. The profile is a month old. A profile photo that is obviously nicked from an ad. Scant employment and education history. In one case, someone went from receptionist to lawyer with no indication of having attended a law school.

    • Thanks for the comment, Tom. I’ve found another fairly reliable indicator of phishing that applies to men: the more attractive the profile photo, the more likely it is that it’s not real. It doesn’t always apply but it’s proven to be a good reason to think twice before making the connection.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s