LinkedIn OSINT for a quick background check: A guide for HR
Although most organisations conduct background checks before an employee joins, sometimes things do not go the intended way. With moonlighting, the over-employment trend, and job dearth, there are chances that candidates might falsify information. I have seen cases where employees working two full-time jobs lied about their experiences or even kept working with their previous organisation. These situations look bad for a human resource team and if not identified on time, may lead to serious consequences like trade secret espionage.
So what do you do?
Use LinkedIn.
Everyone has a LinkedIn account, well most of the professionals. They keep it updated as it is a digital resume, a window to their professional achievements.
Why not use it for background verification?
Although, I understand this would not a full-fledged background verification but a genuine candidate can be identified in less than 5 minutes and an HR team member can be well-prepared to ask questions from the candidate during the initial discussions.
But How?
LinkedIn has a lot of information but an HR team member can mainly focus on the following things:
Name and URL
Profile Photo
Headline
Experience
Education
Connections
Activity
Contact Info
Name and URL
This should be the first thing you check. For LinkedIn users, the URL of their profile is made up of first name and last name by default unless it is changed.
For example, for a user John Doe, the URL would look something like this — https://linkedin.com/in/john-doe-sgdtehefu6483hr/
It might be the case that the user has a custom URL which can look like this -
https://linkedin.com/in/johndoe/
Typically, you would find it consistent but what if it’s not?
What if the user Jane Doe has the LinkedIn username — hunter53?
You can do a further investigation with the username found in the URL to gauge the authenticity.
Normally a Google search of the username can find you other accounts where the candidate used the same username. There is a high chance that they have used the same username on other social media accounts (sometimes even questionable presence like posts, and retweets) as well.
Profile Photo
Look for the profile photo. Check if it’s an authentic photo or an AI-generated one.
There are sock puppet accounts that target LinkedIn accounts, send them connection requests, initiate a conversation and look for ways to drop malware. Be cautious of that. Typically for these accounts, either there is no photo or a random AI-generated photo.
Sock Puppet — A sock puppet, in the context of online communications, is a fake identity created to promote someone or something through blogs, wikis, forums or social networking sites such as Facebook or Twitter.
Try to gauge if the profile photo looks like a real person’s photograph. You can visit this-person-does-not-exist and look at a couple of pictures. This website generates photos of persons who do not exist.
You will get an idea of what a random AI-generated image looks like.
But don’t stress too much about the photo. It’s perfectly okay if the candidate does not have a profile photo, there are other ways that you can use to identify the legitimacy of the profile.
Headline
It’s worth checking the headline and seeing how the candidate has described themselves. Check if the headline summarises and correlates with their experience. It’s okay if they haven’t updated in a while or it’s blank but make sure that whatever they have written in the headline correlates with the rest of the profile.
Experience
Look at the experience section and verify their most recent employment.
You can use tools like hunter.io or Zoominfo to validate the employee email for their most recent employment. Typically, the email address format is — <firstname>.<lastname>@<domain>. You can start with this information and try a couple of permutations as well. There is a really good tool for the email permutation which you can use — Metric Sparrow Email Permutator+
This way you can establish the authenticity of the candidate working there.
Education
Look at the Education section of the LinkedIn profile and check for the authenticity of the institute mentioned. A quick Google search can help you verify the authenticity of the institution they have studied. You can even verify if the institute offers the degree program they have mentioned in their profile.
Connections
Check for the number of connections the candidate has. Usually, everyone has 500+ connections but it’s okay to have fewer connections. But more than the number, check for the quality of the connections. If a candidate is decently active on LinkedIn, then they would have connections from their school/ university and previous employment. You can use LinkedIn’s advanced search feature to filter out the connections. If they do have the connections, that’s well and good, if they do not, either they do not maintain their profile well or it’s a sock puppet.
Contact Info
Check for the candidate’s contact info. Check if it is consistent with the resume they have provided.
Activity
Check the candidate’s activities. Check what sort of posts they engage with and how frequent these interactions are. For example, a sock puppet account would have heavy activity recently or no activity at all.
Also, having some sort of background check will give you a heads-up while talking to the candidate and if you have doubts about what you see on LinkedIn, you can always ask -
“Hey, as a part of our background check, we found this on LinkedIn. Could you please tell us more about it?” Or you can simply ask — “why do you not maintain your LinkedIn? The candidate may state concerns such as too much spam, social media cleanse, only using LinkedIn for job searches, or privacy issues.
Holistically tying the responses to all the other information gathered should give a better picture of the candidate.
These are some of the things which you can check as an HR team member to do a quick background verification of the candidate. Although this is not a full background check and may give you false alarms, it’s worth gauging a candidate’s history before you invest resources in hiring. The guide is written keeping in mind that the candidate is LinkedIn’s average user. You might find authentic candidates with no LinkedIn presence or fraud with a heavy LinkedIn presence, but this would give you a head-start for most of the candidates you come across.
If you want to learn more about LinkedIn OSINT and sharpen your skills, here are some awesome resources for you -
- OSINT Dojo
- LinkedIn OSINT Techniques — Part 1, Part 2
- How to conduct LinkedIn OSINT
