https://krebsonsecurity.com/2022/10/battle-with-bots-prompts-mass-purge-of-amazon-apple-employee-accounts-on-linkedin/ Advertisement [5] Advertisement [6] Krebs on Security Skip to content * Home * About the Author * Advertising/Speaking Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn October 20, 2022 9 Comments On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users. Jay Pinho is a developer who is working on a product that tracks company data, including hiring. Pinho has been using LinkedIn to monitor daily employee headcounts at several dozen large organizations, and last week he noticed that two of them had far fewer people claiming to work for them than they did just 24 hours previously. Pinho's screenshot below shows the daily count of employees as displayed on Amazon's LinkedIn homepage. Pinho said his scraper shows that the number of LinkedIn profiles claiming current roles at Amazon fell from roughly 1.25 million to 838,601 in just one day, a 33 percent drop: [LI-Amazon] The number of LinkedIn profiles claiming current positions at Amazon fell 33 percent overnight. Image: twitter.com/jaypinho As stated above, the number of LinkedIn profiles that claimed to work at Apple fell by approximately 50 percent on Oct. 10, according to Pinho's analysis: [LI-Apple] Image: twitter.com/jaypinho Neither Amazon or Apple responded to requests for comment. LinkedIn declined to answer questions about the account purges, saying only that the company is constantly working to keep the platform free of fake accounts. In June, LinkedIn acknowledged it was seeing a rise in fraudulent activity happening on the platform. KrebsOnSecurity hired Menlo Park, Calif.-based SignalHire to check Pinho's numbers. SignalHire keeps track of active and former profiles on LinkedIn, and during the Oct 9-11 timeframe SignalHire said it saw somewhat smaller but still unprecedented drops in active profiles tied to Amazon and Apple. "The drop in the percentage of 7-10 percent [of all profiles], as it happened [during] this time, is not something that happened before," SignalHire's Anastacia Brown told KrebsOnSecurity. Brown said the normal daily variation in profile numbers for these companies is plus or minus one percent. "That's definitely the first huge drop that happened throughout the time we've collected the profiles," she said. In late September 2022, KrebsOnSecurity warned about the proliferation of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world's largest corporations. A follow-up story on Oct. 5 showed how the phony profile problem has affected virtually all executive roles at corporations, and how these fake profiles are creating an identity crisis for the businesses networking site and the companies that rely on it to hire and screen prospective employees. A day after that second story ran, KrebsOnSecurity heard from a recruiter who noticed the number of LinkedIn profiles that claimed virtually any role in network security had dropped seven percent overnight. LinkedIn declined to comment about that earlier account purge, saying only that, "We're constantly working at taking down fake accounts." [botgroup2] A "swarm" of LinkedIn AI-generated bot accounts flagged by a LinkedIn group administrator recently. It's unclear whether LinkedIn is responsible for this latest account purge, or if individually affected companies are starting to take action on their own. The timing, however, argues for the former, as the account purges for Apple and Amazon employees tracked by Pinho appeared to happen within the same 24 hour period. It's also unclear who or what is behind the recent proliferation of fake executive profiles on LinkedIn. Cybersecurity firm Mandiant (recently acquired by Google) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at cryptocurrency firms. On this point, Pinho said he noticed an account purge in early September that targeted fake profiles tied to jobs at cryptocurrency exchange Binance. Up until Sept. 3, there were 7,846 profiles claiming current executive roles at Binance. The next day, that number stood at 6,102, a 23 percent drop (by some accounts that 6,102 head count is still wildly inflated). [LI-Binance] Fake profiles also may be tied to so-called "pig butchering" scams, wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out. In addition, identity thieves have been known to masquerade on LinkedIn as job recruiters, collecting personal and financial information from people who fall for employment scams. Nicholas Weaver, a researcher for the International Computer Science Institute at University of California, Berkeley, suggested another explanation for the recent glut of phony LinkedIn profiles: Someone may be setting up a mass network of accounts in order to more fully scrape profile information from the entire platform. "Even with just a standard LinkedIn account, there's a pretty good amount of profile information just in the default two-hop networks," Weaver said. "We don't know the purpose of these bots, but we know creating bots isn't free and creating hundreds of thousands of bots would require a lot of resources." In response to last week's story about the explosion of phony accounts on LinkedIn, the company said it was exploring new ways to protect members, such as expanding email domain verification. Under such a scheme, LinkedIn users would be able to publicly attest that their profile is accurate by verifying that they can respond to email at the domain associated with their current employer. LinkedIn claims that its security systems detect and block approximately 96 percent of fake accounts. And despite the recent purges, LinkedIn may be telling the truth, Weaver said. "There's no way you can test for that," he said. "Because technically, it may be that there were actually 100 million bots trying to sign up at LinkedIn as employees at Amazon." Weaver said the apparent mass account purge at LinkedIn underscores the size of the bot problem, and could present a "real and material change" for LinkedIn. "It may mean the statistics they've been reporting about usage and active accounts are off by quite a bit," Weaver said. This entry was posted on Thursday 20th of October 2022 01:07 PM A Little Sunshine Employment Fraud Web Fraud 2.0 Amazon Anastacia Brown apple Binance Indeed Jay Pinho LinkedIn Mandiant Nicholas Weaver SignalHire Post navigation - How Card Skimming Disproportionally Affects Those Most In Need 9 thoughts on "Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn" 1. Unblinking October 20, 2022 This is like waiting, years back, for manufacturing executives to come clean in tobacco, automobile, herbicide, and other arenas. "Are your bogus account tallies only a few percent, as you claim, or do bots comprise more like 40 percent of your total membership, as all evidence suggests?" Any of these sources, from Apple to LinkedIn, Facebook to Twitter, could provide relatively accurate figures -- if their Boards ever asked for the real data -- and eliminate most of the fraud quickly. Reply - 2. Anthony Oveka October 20, 2022 Why should I care? Why should anyone care? Reply - 3. Man Jose October 20, 2022 Why can't Linkedin have a concept of "Verified user" like twitter? Reply - 4. A. Nonny Mouse October 20, 2022 I got tired of all the scams coming via LinkedIn so I just hibernated my account. Haven't missed having it yet. Reply - 5. GranoblasticMan October 20, 2022 I find LinkedIn's claim that they care about fraudulent activity extremely dubious, given how they've utterly dismissed my own reports. I alerted them to a pretty obvious credential stuffing attack that took over thousands of business and school pages on their platform (they all had their profiles changed to link to the same "marketing" domain, and titles changed to nonsensical things like "technology Jobs" with inconsistent capitalization as such). "There are no bots on LinkedIn" is what I was told by their support. Oh, okay, that clears that up, then. Reply - 6. Alice October 20, 2022 Linkedin restrictions aren't legal either they can't proodr proof but keep your account restricted. They are a job seeking platform not social media and the amount of racist and bigoted comments on the platform and who or how restrictions occur should be reviewed Reply - 7. Alice October 20, 2022 Linkedin restrictions aren't legal either they can't provide proof but keep your account restricted. They are a job seeking platform not social media and the amount of racist and bigoted comments on the platform and who or how restrictions occur should be reviewed Reply - 8. John D October 20, 2022 And they are happy to block decades old accounts like yours and mine, and can demand more personal info to 'verify' us! Reply - 9. John Ken October 20, 2022 As if those overhyped real profiles are authentic. Most, especially, those real CISO profiles are anyway inflated and worthless!! Welcome to virtual reality once again! Reply - Leave a Reply Cancel reply Your email address will not be published. Required fields are marked * [ ] [ ] [ ] [ ] [ ] [ ] [ ] Comment * [ ] Name * [ ] Email * [ ] Website [ ] [Post Comment] [ ] [ ] [ ] [ ] [ ] [ ] [ ] D[ ] Advertisement [6] Advertisement Mailing List Subscribe here Search KrebsOnSecurity Search for: [ ] [Search] Recent Posts * Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn * How Card Skimming Disproportionally Affects Those Most In Need * Anti-Money Laundering Service AMLBot Cleans House * Microsoft Patch Tuesday, October 2022 Edition * Report: Big U.S. Banks Are Stiffing Account Takeover Victims Spam Nation Spam Nation A New York Times Bestseller! Thinking of a Cybersecurity Career? Thinking of a Cybersecurity Career? Read this. All About Skimmers All About Skimmers Click image for my skimmer series. Story Categories * A Little Sunshine * All About Skimmers * Ashley Madison breach * Breadcrumbs * Data Breaches * DDoS-for-Hire * Employment Fraud * How to Break Into Security * Latest Warnings * Ne'er-Do-Well News * Other * Pharma Wars * Ransomware * Russia's War on Ukraine * Security Tools * SIM Swapping * Spam Nation * Target: Small Businesses * Tax Refund Fraud * The Coming Storm * Time to Patch * Web Fraud 2.0 The Value of a Hacked PC valuehackedpc Badguy uses for your PC Badguy Uses for Your Email Badguy Uses for Your Email Your email account may be worth far more than you imagine. Donate to Krebs On Security Most Popular Posts * Sextortion Scam Uses Recipient's Hacked Passwords (1076) * Online Cheating Site AshleyMadison Hacked (798) * Sources: Target Investigating Data Breach (620) * Trump Fires Security Chief Christopher Krebs (534) * Why Paper Receipts are Money at the Drive-Thru (530) * Cards Stolen in Target Breach Flood Underground Markets (445) * Reports: Liberty Reserve Founder Arrested, Site Shuttered (416) * Was the Ashley Madison Database Leaked? (376) * DDoS-Guard To Forfeit Internet Space Occupied by Parler (374) * True Goodbye: 'Using TrueCrypt Is Not Secure' (363) Why So Many Top Hackers Hail from Russia [computered-580x389] Category: Web Fraud 2.0 Criminnovations Innovations from the Underground [shreddedID-copy-285x189] ID Protection Services Examined Is Antivirus Dead? Is Antivirus Dead? The reasons for its decline The Growing Tax Fraud Menace The Growing Tax Fraud Menace File 'em Before the Bad Guys Can Inside a Carding Shop Inside a Carding Shop A crash course in carding. Beware Social Security Fraud Beware Social Security Fraud Sign up, or Be Signed Up! How Was Your Card Stolen? How Was Your Card Stolen? Finding out is not so easy. Krebs's 3 Rules... Krebs's 3 Rules... ...For Online Safety. (c) Krebs on Security