Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn – Krebs on Security – Krebs on Security - eComEmpireStore + Brought to You By: Robert Villapane Ramos

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn – Krebs on Security – Krebs on Security

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of […]



On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users.
Jay Pinho is a developer who is working on a product that tracks company data, including hiring. Pinho has been using LinkedIn to monitor daily employee headcounts at several dozen large organizations, and last week he noticed that two of them had far fewer people claiming to work for them than they did just 24 hours previously.
Pinho’s screenshot below shows the daily count of employees as displayed on Amazon’s LinkedIn homepage. Pinho said his scraper shows that the number of LinkedIn profiles claiming current roles at Amazon fell from roughly 1.25 million to 838,601 in just one day, a 33 percent drop:
The number of LinkedIn profiles claiming current positions at Amazon fell 33 percent overnight. Image: twitter.com/jaypinho
As stated above, the number of LinkedIn profiles that claimed to work at Apple fell by approximately 50 percent on Oct. 10, according to Pinho’s analysis:
Image: twitter.com/jaypinho
Neither Amazon or Apple responded to requests for comment. LinkedIn declined to answer questions about the account purges, saying only that the company is constantly working to keep the platform free of fake accounts. In June, LinkedIn acknowledged it was seeing a rise in fraudulent activity happening on the platform.
KrebsOnSecurity hired Menlo Park, Calif.-based SignalHire to check Pinho’s numbers. SignalHire keeps track of active and former profiles on LinkedIn, and during the Oct 9-11 timeframe SignalHire said it saw somewhat smaller but still unprecedented drops in active profiles tied to Amazon and Apple.
“The drop in the percentage of 7-10 percent [of all profiles], as it happened [during] this time, is not something that happened before,” SignalHire’s Anastacia Brown told KrebsOnSecurity.
Brown said the normal daily variation in profile numbers for these companies is plus or minus one percent.
“That’s definitely the first huge drop that happened throughout the time we’ve collected the profiles,” she said.
In late September 2022, KrebsOnSecurity warned about the proliferation of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. A follow-up story on Oct. 5 showed how the phony profile problem has affected virtually all executive roles at corporations, and how these fake profiles are creating an identity crisis for the businesses networking site and the companies that rely on it to hire and screen prospective employees.
A day after that second story ran, KrebsOnSecurity heard from a recruiter who noticed the number of LinkedIn profiles that claimed virtually any role in network security had dropped seven percent overnight. LinkedIn declined to comment about that earlier account purge, saying only that, “We’re constantly working at taking down fake accounts.”
A “swarm” of LinkedIn AI-generated bot accounts flagged by a LinkedIn group administrator recently.
It’s unclear whether LinkedIn is responsible for this latest account purge, or if individually affected companies are starting to take action on their own. The timing, however, argues for the former, as the account purges for Apple and Amazon employees tracked by Pinho appeared to happen within the same 24 hour period.
It’s also unclear who or what is behind the recent proliferation of fake executive profiles on LinkedIn. Cybersecurity firm Mandiant (recently acquired by Googletold Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at cryptocurrency firms.
On this point, Pinho said he noticed an account purge in early September that targeted fake profiles tied to jobs at cryptocurrency exchange Binance. Up until Sept. 3, there were 7,846 profiles claiming current executive roles at Binance. The next day, that number stood at 6,102, a 23 percent drop (by some accounts that 6,102 head count is still wildly inflated).

Fake profiles also may be tied to so-called “pig butchering” scams, wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.
In addition, identity thieves have been known to masquerade on LinkedIn as job recruiters, collecting personal and financial information from people who fall for employment scams.
Nicholas Weaver, a researcher for the International Computer Science Institute at University of California, Berkeley, suggested another explanation for the recent glut of phony LinkedIn profiles: Someone may be setting up a mass network of accounts in order to more fully scrape profile information from the entire platform.
“Even with just a standard LinkedIn account, there’s a pretty good amount of profile information just in the default two-hop networks,” Weaver said. “We don’t know the purpose of these bots, but we know creating bots isn’t free and creating hundreds of thousands of bots would require a lot of resources.”
In response to last week’s story about the explosion of phony accounts on LinkedIn, the company said it was exploring new ways to protect members, such as expanding email domain verification. Under such a scheme, LinkedIn users would be able to publicly attest that their profile is accurate by verifying that they can respond to email at the domain associated with their current employer.
LinkedIn claims that its security systems detect and block approximately 96 percent of fake accounts. And despite the recent purges, LinkedIn may be telling the truth, Weaver said.
“There’s no way you can test for that,” he said. “Because technically, it may be that there were actually 100 million bots trying to sign up at LinkedIn as employees at Amazon.”
Weaver said the apparent mass account purge at LinkedIn underscores the size of the bot problem, and could present a “real and material change” for LinkedIn.
“It may mean the statistics they’ve been reporting about usage and active accounts are off by quite a bit,” Weaver said.
This entry was posted on Thursday 20th of October 2022 01:07 PM
This is like waiting, years back, for manufacturing executives to come clean in tobacco, automobile, herbicide, and other arenas. “Are your bogus account tallies only a few percent, as you claim, or do bots comprise more like 40 percent of your total membership, as all evidence suggests?” Any of these sources, from Apple to LinkedIn, Facebook to Twitter, could provide relatively accurate figures — if their Boards ever asked for the real data — and eliminate most of the fraud quickly.
Why should I care? Why should anyone care?
nothing shows you don’t care like commenting on the article you claim that you don’t care about
North Korea getting their state agents jobs at crypto firms could hurt the economy in ways that would affect most of us. It would certainly be a serious blow to an emerging and disruptive industry. Those are bad enough to care about.
Doesn’t that vary by person? Don’t care, great!
Why can’t Linkedin have a concept of “Verified user” like twitter?
because all social networks are, or quickly become, “troll magnets?”
Fire up the 14.4 BBSes.
I got tired of all the scams coming via LinkedIn so I just hibernated my account. Haven’t missed having it yet.
I did the same, then cancelled it as I saw no value for me.
Your name is ironic given that you gave it to the biggest data sink in the free world, but yeah.
I find LinkedIn’s claim that they care about fraudulent activity extremely dubious, given how they’ve utterly dismissed my own reports. I alerted them to a pretty obvious credential stuffing attack that took over thousands of business and school pages on their platform (they all had their profiles changed to link to the same “marketing” domain, and titles changed to nonsensical things like “technology Jobs” with inconsistent capitalization as such). “There are no bots on LinkedIn” is what I was told by their support. Oh, okay, that clears that up, then.
Linkedin restrictions aren’t legal either they can’t proodr proof but keep your account restricted. They are a job seeking platform not social media and the amount of racist and bigoted comments on the platform and who or how restrictions occur should be reviewed
Linkedin restrictions aren’t legal either they can’t provide proof but keep your account restricted. They are a job seeking platform not social media and the amount of racist and bigoted comments on the platform and who or how restrictions occur should be reviewed
And they are happy to block decades old accounts like yours and mine, and can demand more personal info to ‘verify’ us!
As if those overhyped real profiles are authentic.
Most, especially, those real CISO profiles are anyway inflated and worthless!!
Welcome to virtual reality once again!
Your email address will not be published.



document.getElementById( “ak_js_1” ).setAttribute( “value”, ( new Date() ).getTime() );
Mailing List
Search KrebsOnSecurity
Recent Posts
Spam Nation
A New York Times Bestseller!
Thinking of a Cybersecurity Career?
Read this.
All About Skimmers
Click image for my skimmer series.
Story Categories
The Value of a Hacked PC
Badguy uses for your PC
Badguy Uses for Your Email
Your email account may be worth far more than you imagine.
Most Popular Posts
Why So Many Top Hackers Hail from Russia
Category: Web Fraud 2.0
Innovations from the Underground
ID Protection Services Examined
Is Antivirus Dead?
The reasons for its decline
The Growing Tax Fraud Menace
File ’em Before the Bad Guys Can
Inside a Carding Shop
A crash course in carding.
Beware Social Security Fraud
Sign up, or Be Signed Up!
How Was Your Card Stolen?
Finding out is not so easy.
Krebs’s 3 Rules…
…For Online Safety.

source

storefronts06-20
US