Sign in Subscribe
scam

LinkedIn scammer 0, Jonathan 1

Beware of scam recruiters.

Jonathan

4 min read
AI generated photograph showing a woman in a suit.She has a devil's tail, devil horns,and red glowing eyes.The woman is shaking hands with a man who is blurred out.
Image generated by Google Gemini.

LinkedIn is an odd entity at the best of times, with everyone seemingly competing for attention and multiple posts (maybe the majority) that must be "AI slop" [1]. Scrolling my feed can take over an hour a day, which I'm somewhat compelled to do given I'm trying to grow my company, and finding the useful information is a challenge.

Recently I was approached by a "recruiter" on LinkedIn going by the name Amanda W Hannah, but they failed due diligence as I'll describe in this post.

Initial contact

This week I enabled the "open to work" option on my profile, so prospective clients could see me easily. When you do this on LinkedIn your profile picture also gains a "#opentowork" green swish:

Photograph showing Jonathan, a man with glasses and brown hair, with an office in the background. There is a green curve across the bottom left corner which contains the curved text "#opentowork".
How the #opentowork image looks.

I had commented on a former colleague's post, where she was promoting her Human Resources business, People Pillar, when a recruiter replied to my comment. Apparently they had "noticed that my skills aligned with what their client needed" and they'd be interested in a chat.

Now, when you are growing a business you're definitely interested in comments like these. Plus, at this stage this could be a legitimate approach. A quick look at the profile showed the recruiter had worked for various recruitment agencies that I'd heard of, albeit the recruiter was based in America. Their profile did show they'd sent a number of similar messages - not necessarily unexpected but a slight red flag nonetheless 🚩.

Having a chat

After sending a connection request I was quickly chatting to the "recruiter". They asked what I was looking for but I had to run to a meeting, so advised I'd come back to them later, which they were fine with. Following my meeting I explained what I was looking for in a contract role - I was happy to share that information with them as it's not sensitive. As part of that information I stated my preferred day rates and working practices.

Now, if you've ever used an "AI" tool like ChatGPT, Gemini, Copilot, you'll notice that the tool is often really positive and keen to help. That was true here too, and I was offered more than my suggested day rate, which was highlighted ("which is more than your requested day rate") while also being advised the working practices were compatible ("1 to 2 days in the office"). When I asked for more information on the office working the "recruiter" was happy to help and thanked me for "that great question".

"Your current résumé"

My spidey senses were well and truly tingling at this point, so I asked how we would proceed. I was asked to send my current "resume" (résumé really). In the UK we talk about CVs (curriculum vitae) rather than résumés, but I knew I was talking to someone in the USA so that wasn't completely odd. I could have sent my CV via LinkedIn's chat function, but I was well and truly into due diligence by this stage.

Jonathan: "What email address can I send my CV to?"
"Recruiter": [email protected]

I would not expect, nor recommend, a professional company to use an @gmail.com address for their business. It gives the wrong impression, suggesting you don't really work for the company. I'd expect the person's email address to be on the same domain as their website, or at least easy to link back to the company website.

Challenging them

I explained that the use of Gmail was a concern, and "given my job" that was a red flag. The "recruiter" was taken aback, immediately asking "What are you talking about?". I sent my explanation, and then their account ceased:

I'm a security professional, so I perform due-diligence on who I'm talking to. I would expect to be sending my CV / resume to an email address on the same domain as your company website. You have given me a gmail address.
Also, your profile picture is incredibly similar to someone else on LinkedIn.

What more can you tell me about your recruitment company please?

Profile picture

I won't post the picture here, or name the (presumably genuine) owner of the likeness, but taking the "recruiters" photo and performing a reverse image Google search showed me only two results, both for a completely different individual. One result was for the real person's company website, and another for their LinkedIn profile. I quickly sent them a connection request, with a note explaining someone had stolen their image.

The red flags

🚩 Unsolicited contact via a thread hijack

🚩 Multiple duplicate messages sent

🚩 "AI" type replies

🚩 Overly positive in all replies

🚩 Use of a Gmail address (@gmail.com) for professional work

🚩 Company website very slow to load and didn't have much in the way of content

🚩 Stolen profile picture image

🚩 Recruiter in USA recruiting for a London / Guilford (UK) role

🚩 USA contact talking during UK hours (not impossible, but was odd)

The clean up

Credit where it's due, LinkedIn have done a good clean up job on this. As soon as I called the scammer out they advised they had "another call, I'll come back to you" and then LinkedIn immediately warned me that the messages could be "harmful". The account was deleted (I presume by LinkedIn, but maybe by the scammer) and all the chats I had, and the comment on the initial post is gone too.

It appears the website operated by the scammer, which was slow and lacking much content, has been taken down by Microsoft. Instead, visiting the site just says "An unexpected error occurred" and "Azure WAF" (Web Application Firewall) is allegedly in use.

Conclusion

I'm sure this will come as no surprise, but there are bad people out there! In this case, someone likely wanted to steal my identity, potentially to pose as me in order to get work using qualifications and credentials that could be validated. For example, it's possible to verify my CISSP and degree.

I suspect I wasn't targetted personally, more likely I had some attributes that the scammer wanted along with various other people. It's important to keep your guard up, especially when growing a business is something that would see you sharing more information than normal.

Stay safe out there! 🙂

Banner image: Gemini produced image following the (approximate) prompt "Generate a banner image (wider than tall) for a blog post about being approached by a scam recruiter on LinkedIn. Can you make the scammer female? Remove the text and keep the rest of the image."

[1] - Content generated by an "AI" that follows a common pattern and likely has limited value.