Friday, 21 July 2023

My LinkedIn Profile Was Stolen, a Cautionary Tale

 


“ERIN SMITH IS A LIAR!!”

I went to log onto my LinkedIn profile, to post a link to my latest blog, but I was locked out of it. There was a message saying my account had been locked because of “suspicious activity”. But all I had been posting on it were links to my writing.

I checked my emails and found ones from LinkedIn, several of the many emails from them telling me someone had messaged me, someone had viewed my profile, someone had posted another notification, but the recent ones weren’t addressed to me, they were addressed to someone called “Erin Smith”. It was her name at the top of the email, her face in the message’s profile picture, but the email had been sent to me. The email address contained my full name, which certainly couldn’t be mistaken for Erin Smith. My profile had been stolen by this Erin Smith person.

I had no email address with which I could contact LinkedIn. All their emails to me were non-reply ones. It looked as if the only way I could contact them was if I could log onto my profile, but I couldn’t because it was locked. It looked as if I mightn’t get my profile back. It felt like it did when I was a child and another child at school stole my work book, scratched out my name, and wrote their name over it. It was my profile; I had created it and I wanted it back. It wasn’t fair.

When I tried to log on to my profile, I got a message asking me to confirm my identity. They required me to upload a photo of the information page of my passport. At first, I just wouldn’t do it. LinkedIn had let my profile be stolen right out from under me, how could I trust them with such personal information? But as the week stretched on my will weakened. This was mainly because I kept receiving emails from LinkedIn, all addressed to Erin Smith, congratulating her on all the connections she was making and notifying her she had yet another message. She was using my profile and I was still locked out of it. A week later I uploaded a photo of my passport to LinkedIn.

I heard nothing from LinkedIn for over a fortnight, except for all those emails addressed to Erin Smith. It was as if they were ignoring me.

Then, two weeks later, I received an email from LinkedIn actually addressed to me, by name. It had a time sensitive link to change the password to my account, which I used, straight away. I changed my password to a three-word phrase that also contained a date (not related to my birth or marriage dates). When I finally logged onto my profile, I received a message saying that LinkedIn did not keep old information from profiles. I thought nothing of it, I was too concerned to get to my profile and didn’t pay it much attention. In retrospect, this should have warned me to LinkedIn’s poor security. It they don’t keep a copy of a profile; they can’t observe that a profile has been hijacked and how can they protect their members?

My profile had been completely hijacked by this Erin Smith. She had changed everything but my contact details, that was why I was still receiving LinkedIn’s emails. I set about repairing her vandalism and returning the profile back to being my own. As I reversed her damage, I noticed something very obvious, Erin Smith was a fake persona.

She claimed to have been to university in both America and China, she had lived in both countries and gained separate degrees. She now claimed to live in France. She claimed to have worked for, first Microsoft and then L’Oréal, a strange work profile, and now she said she was running her own “Beauty Consultancy”, whatever that was. She mainly seemed to have been using my account to send out messages.

These messages all seemed to run along the same lines. She always messaged men who had their own companies, she certainly seemed to have a type, saying she didn’t know why LinkedIn had recommended them to her as a contact (??). If they replied to her, she’d flirt with them and then asked where they lived. Wherever the man lived, and they seemed scattered across Europe and America, she would tell them that she would be visiting their home city in the next month and would “love” to meet them.

This was obviously a fake persona and she was trying to catfish and con those men, but why did she need to steal my profile to do this? Why didn’t she just create a new one for this?

I spent a long time replying to all the men she had contacted, telling them that she stole my profile and she was fake and probably trying to con them. When she originally contacted them, she had control of my profile and her picture and name was at the top of the message. Once I had control of my profile back, my name and picture were returned to the top of the message, so hopefully it was obvious that she was trying to con them.

I was annoyed at all the time I wasted over this, especially having to return everything on my profile back to the way it had been. The next day I logged onto my profile again and found another message from LinkedIn. A third-party program had accessed my profile and they had blocked it. Only now LinkedIn decided to practice some security to keep my profile safe(ish). When I got to my profile, I found Erin Smith had accessed it again, though only to send out a message from it. Obviously, she had a program that allowed her to remotely send messages from my profile. This one was typical of her messages, to a male company owner, all flirtatious and wondering why LinkedIn was recommending him to her, accept the message had my name and picture at the top of it. He hadn’t replied to it but I still sent him a message saying Erin Smith was probably trying to con him.

I’ve logged onto my LinkedIn profile daily since then but Erin Smith, in all her fakeness, has not tried to send anymore messages from it.

I don’t use my LinkedIn profile to network and find work, anymore, I mainly just post links to my writing on it, but it is still my profile, about me, another little corner of the internet that is solely about me. That might sound selfish but I’m not an important person with a big presence online. My online presence is very small but having my LinkedIn profile stolen away from me felt like another part of me had been taken away, I was cut off from people I once knew and worked with. I wanted it back and it was a relief to finally have it back.

I don’t know how she was able to steal my profile. I didn’t share my password and I only logged onto it from my home computer, which is protected by a reliable security program. How did she get hold of my password? Only I and LinkedIn knew it and I kept it secure.

I am still so angry at LinkedIn for letting this happen. Why didn’t they have systems in place to notice things like this. Erin Smith changed everything on my profile accept my contact details, why didn’t LinkedIn’s systems notice this and flag up what had happened? LinkedIn still doesn’t have two-step verification. I’ve created a password as strong as I can but that is all I can do; LinkedIn needs to step-up and start protecting their users.

I used to consider two-step verification an annoyance, especially if I’d left my phone away from my computer, but not anymore, not after this.

LinkedIn keeps promoting their premium membership to me, which is paid for, telling me how good it would be if I upgraded to it. If this is how they treat me as a basic member, I cannot trust them to treat me any better if I pay for a premium membership, and what good would that do for me anyway?

 

Drew

 

PS. Find my LinkedIn profile here.

No comments: