Employment scams have become a popular way for scammers and hackers to steal money and gain access to sensitive information. And while there’s been a lot of talk about work from home scams and other types of employment scams, candidate catfishing hasn’t received as much attention.

If you’ve ever seen the 2010 film Catfish or the popular MTV reality show it inspired, Catfish: The TV Show, you’re no doubt familiar with catfishing. If the term is totally new to you, spoiler alert: it doesn’t have anything to do with fishing.

Catfishing is when a criminal deceives a victim by pretending to be someone they’re not. This unfortunately happens with online dating, but the practice is also widespread among hackers for social engineering attacks and scammers for stealing money and data. Recently, some criminals have started catfishing recruiters by posing as candidates applying for jobs.

What is a fake candidate scam?

Creating fake LinkedIn profiles is a common tactic criminals use to steal money through schemes like recruiting and cryptocurrency scams and to gain access to organizations’ sensitive information through social engineering attacks. More commonly, though, cybercriminals are using fake profiles to pose as candidates applying for jobs to steal private company and employee information.

“There are many reasons why someone might pose as a fake candidate,” says Richard Ram, Lead Cloud Recruitment Consultant at NerdRabbit. “Usually they’re after sensitive information or data from the company they’re targeting. That could include trade secrets, client lists, or other intellectual property.”

Ideally for the scammer, a convincing LinkedIn profile would add legitimacy to a job application and help them land a job. If hired, the scammer would have access to a treasure trove of sensitive information, like company financials and employee contact information, which could be used again in future social engineering attacks or sold on the dark web.

But even if the fake candidate is found out before accepting a job offer, an interview or two could potentially supply them with enough information to make the scam worth their while.

The rise of fake LinkedIn profiles

In October 2022, investigative cybersecurity journalist Brian Krebs wrote an article in KrebsOnSecurity about a concerning increase in fake LinkedIn profiles flooding professional networking groups on the social media site.

It’s unclear if this was an organized attempt by a group of would-be scammers or just the culmination of many individual scammers going after similar targets, but either way, the proliferation of bots raised concern among LinkedIn community moderators, who were dealing with hundreds of fake join requests a day.

> Tech Recruiting Strategies to Hire Cloud Developers

But it’s not just cybercriminals—many legitimate businesses also create fake profiles for underhanded attempts at conducting market or competitor research.

The thinking seems to go, it might be easier to get a sales target’s contact information or a competitor’s prices by pretending to be someone else, like a professional seeking to expand their network or a potential customer shopping for the best price. However, this is widely considered to be unethical and should be avoided.

How LinkedIn fights bots

For social media companies, moderating content and removing bots are constant struggles. These are particularly important tasks for LinkedIn, since it’s specifically a social networking site for working professionals.

LinkedIn provided a statement in the aforementioned KrebsOnSecurity article saying they were able to detect around 96 percent of fake accounts on the platform, and recent advances in the company’s fake account detection tech now put that number higher.

According to Search Engine Journal, LinkedIn has developed a new AI image detector that it claims can spot AI-generated images with a 99 percent success rate. Considering many would-be scammers use AI to generate profile pictures for fake accounts, this is cause for hope in the fight against the bots.

How to spot fake LinkedIn profiles

But cybercriminals are wily, and there are still ways to create fake profiles undetected. NerdRabbit spoke with two experts on the subject to share tips for how you can protect your organization from fake candidate scams.

TK Kitts, CCCI is the Chief Investigator at Redbeard Intelligence & Investigations, and he recommends looking first at the candidate’s profile picture on LinkedIn if it’s visible.

“Fake profiles often use stock images or photos of models instead of real individuals,” Kitts says. “Look for signs of professional editing or generic images. If you have the time, it’s even smart to run the profile image in Google’s Image Search and see if you find any matches.”

Beyond that, Kitts says recruiters should do a thorough review of the rest of a candidate’s profile, looking specifically at their work history to make sure the locations and dates of different experience entries align logically. An abnormally low number of connections can sometimes indicate a fake profile, and little to no engagement activity can also signal that something isn’t right.

Alon Golan, Product Marketing Manager at odix, echoes this last point and makes a couple other suggestions.

“You have the person’s name from their profile, their location, and past experience,” he says. “Google those keywords, and see what you catch. Found their Facebook or Instagram profile? Great. Search for items that match information written in their professional profile, like Tweets, YouTube videos, and anything else that can verify you are talking to a real person and not a fake one—or someone who’s stolen someone else’s identity.”

Use common sense when receiving InMail messages from interested jobseekers, and use multiple ways to verify a candidate’s authenticity when reviewing job applications. Taking these precautions should help you avoid getting catfished by a fake candidate and potentially finding yourself the victim of a data breach.

Worried about fake candidate scams? Gain hiring peace of mind using Nerdly. Every member of our US-based community of cloud, IT, and marketing talent is pre-vetted and verified by our in-house team of cloud-certified cloud recruitment consultants. Sign up for free today.

Headshot of Forrest Brown.
About Forrest Brown
Forrest Brown is the Content Manager at NerdRabbit. An AWS Certified Cloud Practitioner, he lives in Atlanta with his wife and two cats.

Related articles

The Evolution of IT Job Roles in the Age of AI and Automation

The Evolution of IT Job Roles in the Age of AI and Automation

In today's world, the field of Information Technology (IT) is transforming fast, driven by the advancement of artificial intelligence (AI) and automation technologies. This evolution is creating new jobs and responsibilities, signaling a new era filled with...