Earlier this summer, Forbes shared the story of a fake LinkedIn account created in the name of former Apple CEO John Sculley. The goal of the scam isn’t quite clear, but hundreds of users were duped into thinking Sculley wanted to connect with them. That’s no surprise, says Forbes, given what they refer to as “a gaping hole in the LinkedIn API”:
Unfortunately, gaming LinkedIn is surprisingly easy. A user simply creates a profile, then let’s it “sit” for about a month to “age”. After a time the account receives a notification that they should add employment history at which point they add something to their background. LinkedIn then accepts whatever employment information is provided. After that, the user verifies their email address…and runs the “Import contacts” feature to import the account to send invites to thousands of contacts at a time. Then, using the LinkedIn API, the attacker is able to collect all of the information from the profiles of those who accepted the connection.
The upshot of this cautionary tale? It’s another reason to limit your LinkedIn connections to people you know. While it may be a small boost to your ego when you get a connection request from someone famous whom you’ve never met, it’s probably better to do a little research before taking action. That might end up leading to disappointing news, but at least it won’t lead to bigger problems down the road.