I Seem to Have a LinkedIn Account

I seem to have a LinkedIn account.

This comes as a surprise, since I don't have a LinkedIn account, and have never logged in to LinkedIn.

Does anyone have any contacts into the company? I would like to report this fraudulent account, and possibly get control of it. I'm not on LinkedIn, but the best defense against this is probably to create a real account.

Posted on August 11, 2017 at 2:34 PM • 50 Comments

Comments

Austin LesesaAugust 11, 2017 2:53 PM

Another interesting miss-use of one's professional credentials is certain academics in certain foreign countries publishing papers with 'famous' co-authors who never have, in fact, contributed to the publication. This has happened to more than a few of my colleagues.

As the papers might be in Mandarin initially (one example), a search will not reveal their presence until the paper is translated into english.

It seems these are unscrupulous academics inflating their importance, gaming the college employment field.

Austin Lesea,
Principal Engineer,
Xilinx Research Labs
San Jose Ca.

Matthew NettletonAugust 11, 2017 2:58 PM

If you do decide to open an account, make sure to add the folks at Belgacom to your contacts list! ;-)

GeorgeAugust 11, 2017 3:05 PM

Now you'll be listed in the dubious industry statistics for identity theft, lumping you in with people whose credit is damaged for years or those who are erroneously arrested by police.

Gwynne RaskindAugust 11, 2017 3:09 PM

Ben A.'s suggestions are the correct official ways to go about handling this, but please feel free to email me if you need any extra help; I'd be glad to reach out internally on your behalf.

Clive RobinsonAugust 11, 2017 3:09 PM

@ Bruce,

I would like to report this fraudulent account, and possibly get control of it.

Atleast with your name being as rare as it is you have a reasonable chance of success.

Others of us have names that appear suprisingly common, as I've mentioned before.

Like you I've never had a Linkedin account, inpart because of the way they have tried to coerce me by atleast questionable if not illegal techniques[1]. Also there was that less than minor issue over passwords. Oh then there was... etc etc etc.

Further it's been overly free with peoples details in the past manging to leak almost all the PPI in a way that almost anybody could exploit to Dox people.

To put it short, I don't trust them, their security sucks and they always appear well behind the curve in that regard as well as in other areas...

I'm not a fan of social media having early on decided people were being totaly indiscreet and handing over way to much PII. I thus limited myself to various Email accounts which I've since mainly disposed of.

But other people with the same name as me have been a lot lot less discreet. So if people search for me as others have in the past, you will end up not with me but somebody else...

[1] One little trick they pulled in the early days was to go through peoples Email contacts list when they joined up. Then they repeatedly emailed the people in it, and cross corelated the information to try other ways to get people to sign up. It was why I dumped three of the email accounts I used to use.

RhysAugust 11, 2017 4:05 PM

Seems like an impossible task on LinkedIn. How does one distinguish inauthentic fraud from authentic fraud?

chuck bAugust 11, 2017 4:19 PM

Don't get a LinkedIn account unless you want spam from member's accounts whose contact lists have been pilfered to use to market LinkedIn through phony requests for interactions. You will get lots and if you contact the people directly they will tell you it is fraudulent most of the time.

Simon in BelmontAugust 11, 2017 4:35 PM

"How do you know it's not really your account?"

Exactly.

Late at night Bruce's subconscious takes over, poring over new careers.
He sits there in a semi-conscious state grumbling "IOT... IOT.. nooo..."

Eventually dawn breaks and vanquishes the evil night.

Ed BennettAugust 11, 2017 4:59 PM

FWIW, I just logged into LinkedIn, looked up up the fake account, then reported it as fraudulent. (and yes the fake account was there as of 5 minutes ago)

Andrew L.August 11, 2017 5:25 PM

Wow, someone really wants to go to jail...isn't impersonation in professional matters a more serious crime, potentially?

WaelAugust 11, 2017 5:48 PM

@Bruce Schneier,

but the best defense against this is probably to create a real account.

Wise choice. It was the same mechanism in the past used to defend against hypervisor type malware. Problem is: you'll have to do that with a zillion social media applications. Your solution doesn't scale ;)

This comes as a surprise, since I don't have a LinkedIn account, and have never logged in to LinkedIn.

Ok, all joking aside... Top ten reasons Bruce has a LinkedIn account:

1: He really created the account but forgot (link to prescription omitted for clarity)
2: Chuck Noris is getting even (payback is a ...)
3: Some clueless amateur scumbag rat bastard spook is trying to tarnish @Bruce's reputation by misapplying the steps.
...

NervousTeenagerAugust 11, 2017 5:56 PM

"the best defense against this is probably to create a real account."

As a teenager with an interest in Privacy I always wonder if something like this could to me.

Can someone post threats in my name, could somebody ask a girl in my school to Prom under my name, would someone use my name on an account then come type "Im gay". You all get the threat game I play by not haveing social media.

Won't somebody please think of the childreb(said jokeingly and seriously)

DV Henkel-WallaceAugust 11, 2017 6:20 PM

Although the proximate problem has been fixed, do not forget that LinkedIn, Facebook and Google et al maintain profiles on everyone whether those people have accounts or not.

Thankfully your use of the manually-enabled "share" buttons is a blow against this pernicious practice

John GaltAugust 11, 2017 8:33 PM

Great! If your account is fake, I've been trying to recruit the wrong person.

65535August 11, 2017 9:01 PM

@ John

That is a good link.

+1

I see Bruce S' KinkedIn account is now gone – good.

Could Bruce S. have gotten the Kinkedin account from one of the many “IDs” Microsoft has?

Such as, Microsoft Passport, .NET Passport, Microsoft Passport Network, and Windows Live ID or any of the other Microsoft accounts?

“…the Electronic Frontier Foundation's staff attorney Deborah Pierce criticized Microsoft Passport as a potential threat to privacy after it was revealed that Microsoft would have full access to and usage of customer information… privacy terms were quickly updated by Microsoft to allay customers' fears.”- Wikipedia

https://en.wikipedia.org/wiki/Microsoft_account

@ Milo M.

I agree with you.

I will say it again:

“I thought Steve Ballmer was not the best but John Wendell Thompson position on the board of directors and his bringing in of Satya Nadella as CEO was a huge mistake. The Microsoft trust became the Entertainment and data mining of all time.. [but Giggle probably beats them]."

Data mining is quite a big game.

I think Weiner is KinkedIn's CEO I don't know if he has a Microsoft board seat. You probably are up on that aspect.

HandyAugust 11, 2017 9:42 PM

So I just recently checked LinkedIn and I can say that there is no record of Bruce Schneier on there.

What I did find interesting was there is a Bruce Schneider that works in Norway at a company called Schneier on Security... The pic looks like The Amazing Randy.

MeAugust 12, 2017 12:54 AM

@NervousTeenager @schneier
If you don't want an account on a website don't create it. I agree that in the schneier case is the best defense but is not what you want to do.
I don't like social accounts in general. And i don't like the idea of someone publishing my personal info/photos.
For NervousTeenager the best defense is not have social account, if someone create one in your name is someone that you know and your defence will be "you know me, i don't like fb, is fake"

WaelAugust 12, 2017 1:42 AM

There once was an amateur with a burning desire
Who wanted to be the top Security hire.
He hacked LinkedIn ...
And said with a grin:
"goddamn it! I'm now @Bruce schneier"

Clive RobinsonAugust 12, 2017 3:29 AM

@ Wael,

Tut tut again, that's not a palindrome, but a lymeric.

OK how about I give you a seed based around "reverse",

    Now evil DES reversed live won

WaelAugust 12, 2017 4:30 AM

@ Clive Robinson,

OK how about I give you a seed based around "reverse",

Good one. I'll attempt to decrypt your message so "they" don't think we're just playing with words: Did you mean SEED since Reverse is another "cipher" (REA)?

CallMeLateForSupperAugust 12, 2017 7:41 AM

I would eschew even bumping elbows with LinkedIn.

HaveIBeenPwned says that email accounts belonging to six members of my extended family are owned. Five of those six accounts have this in common: a LinkedIn breach. None of these people have, or ever had, a LinkedIn account.

A nony mouseAugust 12, 2017 10:08 AM

Interestingly I have a fairly broad social presence [at least in terms of number of accounts and services] and rarely have a problem. Specific to LinkedIn there has been nothing of any statistical meaning.

I also maintain a number of "honey pot" identities - many based on totally fiction, other chimeras of real people [with their permission]. The analysis of what attracts and what does not attract attention of mal-intent is quite interesting.

HahahaAugust 12, 2017 12:41 PM

Apparently fixed. I never knew Bruce was a sought after porn star. The Ron Jeremy of security analysis. Suddenly, crypto is getting exciting.

R FairAugust 12, 2017 4:18 PM

Based on my personal experience of deleting not one but two accounts I didn't open, I suspect the majority of LinkedIn accounts are ones the company itself created.

HahahaAugust 12, 2017 5:30 PM

That's my problem: LinkedIn violates my personal security policy. I don't even use free or paid personal cloud upload. It's a joke. How to get your life enumerated.

Microsoft bought LinkedIn for its mission to acquire cubicle influence. In this case, the human resources department.

I don't even use Facebook but I have a blank account locked down just for control. That is what you have to do and it sucks. I don't like Zuckerberg's stupid smirk as he lets the govt browse for what amounts to failed profiling.

I don't think companies should have the right to build a LinkedIn profile on you and should not be a condition of employment. Corporate psychology and interview is an evil exercise in making sure they know you will bend over. Employment law needs to be amended on this matter.

ShavedMyWhiskersAugust 13, 2017 12:08 AM

One defense is a spare email address only used for LinkedIn.
Use a seriously good password and monitor it from an old school mail client like mutt in a VM. Run passwordsafe in a second VM.

The more famous you are the more mess someone can generate.

The ability to own an identity is an interesting problem. DCMA take downs and other foolery are beginning. See the recent DCMA take down of a list of spam domains to block (or accept).


0lafAugust 15, 2017 4:59 AM

I think LinkedIn only exists to generate spam email and phone contacts.

As per advice above I really need to move it onto a 'spare' email address.

TatütataAugust 15, 2017 10:18 AM

I was creeped out by these social networks soon after they appeared, when I received from Fessbuck invitation messages mentioning a nephew of mine and his bl**dy business school, a US electronics part supplier from which I had once purchased something, and a German theatre where I had seen a play by Ibsen.

It is possible that you have appeared in so many others' contacts lists that LinkedIn created a stub account for you to entice you to join.

Now that's even creepier. Resistance is futile, you will be assimilated!

Some guy I knew registered at Linkedin and released his contact info. IIRC, it took more than a couple of years for the unwanted invitation spam to finally die down.

Pour vivre heureux, vivons cachés!

k15August 15, 2017 1:24 PM

Should companies offer a consistent way, or email account, for people to report problems? What government organization would be in charge of making this happen?

EvanAugust 16, 2017 12:11 PM

Good luck Bruce! LinkedIn doesn't care about this kind of abuse, in fact it's to their preference. Your account is an asset. I deleted my LinkedIn account due to the annoying flood of incompetent recruiters offering me second rate jobs. The volume of mail went down after that but it didn't stop. Now the recruiters occasionally trigger a notification to re-activate your account and you get a message about that so that they can then offer you their second rate engineering jobs :|

DanAugust 16, 2017 1:59 PM

If they have done it using your email address (which they somehow discovered), you should be able to recover it using the password reset mechanism and then just set the account to dormant.

GawAugust 16, 2017 6:39 PM

Now the recruiters occasionally trigger a notification to re-activate your account and you get a message about that so that they can then offer you their second rate engineering jobs :|

You forgot after jobs "in Lossiemouth, Saskatoon, or Springfield".

Back in analog days the tactic was to refer the recruiter to the least liked guy in the lab (or your impatient project leader), or that salesman who keeps pestering you every other week with his three-phase distribution panels, his crinkle washers, or other similarly "useful" stuff. After all, the fellow allegedly has a degree...

TMAugust 18, 2017 2:30 AM

"the best defense against this is probably to create a real account."

Why? There can be a zillion accounts for the same name. How should LinkedIn know that one of them impersonates another?

DJT August 18, 2017 10:29 AM

Hi,

it looks like your identity was fraudulently used by one of (allegedly intel services-sponsored) trolls on LinkedIn. http://russia-insider.com/en/politics/hating-russia-trolls-ipredators-inhabit-linkedin/ri15931

This network's Trust&Safety team fails to verify users' credentials at the stage of registration and afterwards, that's why LinkedIn is infested with scams in trolling and cyber-harassment, some of whom they have kick out though, including ex-CIA Charles Leven, Joel Harding and Desmond Brennan:
http://russia-insider.com/en/politics/young-russian-woman-shows-why-newsweek-deep-state-lie-factory/ri20661

Joel HardingOctober 11, 2017 5:33 PM

Bruce, create your own account.

I do want to rebut the comment from August 17, 2017 by DJT. It cites two hit-pieces written in Russia-insider. One was written by a certified Russian troll, Yana Dianova. The backchannel chatter about her is sometimes overwhelming.

Yes, Bruce, you and I have been associates for years. I am also the Joel Harding in that comment that was kicked off LinkedIn on 8 March 2017. They said it was for violating "terms and conditions set forth in our July 2016" correspondence. That email, and I still have a copy, says crapola. Nada, zero, zip. Yana and the law firm she works for powered that one through.

So... bottom line, you have attracted enough attention from Russian trolls to have them raise a dead issue. DJT is a Russian Troll, spreading lies about me and others. You might want to mark him as spam and/or find a way to completely bock him/her/he/she/it.

Feel free to call!
Joel


Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.