If you were just looking at his LinkedIn page, you’d certainly think Mai Linzheng was a top-notch engineer. With a bachelor’s degree from Tsinghua, China’s top university, and a master’s degree in semiconductor manufacturing from UCLA, Mai began his career at Intel and KBR, a space tech company, before ending up at SpaceX in 2013. Having spent the past eight years and nine months working in the human race to space, he’s now a senior technician.
Except all is not as it seems.
Upon closer inspection, there are plenty of red flags: Despite having been in the US for 18 years, Mai has written all his job titles, degrees, and company locations in Chinese. His bachelor’s degree is in business management, even though his alma mater, Tsinghua, only offers that degree to student athletes, and Mai was not one. Besides, the man in his profile photo looks younger than Mai’s stated age. The image, as it turns out, was stolen from Korean influencer Yang In-mo’s Instagram. In fact, none of the information on this page is true.
The profile of “Mai Linzheng” is actually one of the millions of fraudulent pages set up on LinkedIn to lure users into scams, often involving cryptocurrency investments and targeting people of Chinese descent all over the world. Scammers like Mai claim affiliation with prestigious schools and companies to boost their credibility before connecting with other users, building a relationship, and laying a financial trap.
Since last year, such activities have been steadily on the rise on LinkedIn, following years of proliferation on other social media platforms and dating apps. In the second half of 2021, LinkedIn removed 7% more profiles because of fraudulent identities than in the six months before that, according to Oscar Rodriguez, LinkedIn’s senior director of trust, privacy, and equity.
“Scammers are highly sophisticated and proactive in terms of how often they adapt tactics,” he says. For instance, a week after the Biden administration announced its student loan forgiveness plan, LinkedIn started seeing scammers incorporating the news into their scripts.
By now, victims have lost millions of dollars through scams that originated on the platform. This summer, the FBI announced it would investigate these scams and work with victims to identify the bad actors and disable their accounts, even though the financial losses are almost impossible to recover.
Scammers “are always thinking about different ways to victimize people, victimize companies,” Sean Ragan, the FBI’s special agent in charge of the San Francisco and Sacramento field offices, told CNBC in June. “And they spend their time doing their homework, defining their goals and their strategies, and their tools and tactics that they use.” He called the work of these criminals a “significant threat.”
A SpaceX “employee” invited you to connect
At one point in July, there were over 1,000 LinkedIn profiles for individuals who, like “Mai Linzheng,” claimed to have graduated from Tsinghua University and to work at SpaceX. The eye-popping number even triggered patriotic Chinese influencers to lament the brain drain and accuse Chinese university graduates of disloyalty to their country.
This caught the attention of Jeff Li, a Toronto-based tech influencer and columnist at Financial Times China. He confirmed on July 11 that he could find 1,004 Tsinghua graduates by searching for SpaceX employees on LinkedIn; this would have made the alumni group the largest at the company. But many accounts he saw claimed the exact same education and work experiences—suggesting that someone was mass-generating fake profiles.
“They all graduated from Tsinghua and went on to the University of Southern California or similar well-known universities,” Li says. “Besides that, they all worked at a certain company in Shanghai. Obviously, I suspect these are fake, generated data.”
(SpaceX did not reply to a request from MIT Technology Review to confirm the number of Tsinghua graduates working at the company.)
This wasn’t the first time Li had noticed what he thought were fake LinkedIn accounts. Starting in late 2021, he says, he started seeing profiles with less than a few dozen connections—rare for real LinkedIn users—and with profile photos that were always good-looking men and women, likely stolen from other websites. Most appeared to be of Chinese ethnicity and to live in the United States or Canada.
Around the same time, the phenomenon caught the attention of Grace Yuen, the spokesperson for the Global Anti-Scam Org (GASO), a volunteer group that tracks “pig-butchering scams.” Scammers involved in this practice, which started as early as 2017 in China, create fake profiles on social media sites or dating sites, connect with victims, build virtual and often romantic relationships, and eventually persuade the victims to transfer over their assets. The scammers themselves came up with the name “pig butchering,” comparing the intensive and long-term process of gaining victims’ trust to raising a pig for slaughter.
In recent years, as China has cracked down on fraudulent online activities, these operations have pivoted to targeting people outside China who are of Chinese descent or speak Mandarin. GASO was established in July 2021 by one such victim, and the organization now has nearly 70 volunteers on several continents.
While these fake accounts are relatively new to LinkedIn, they have permeated other platforms for a long time. “Scammers started moving to LinkedIn maybe after dating sites tried to crack down on them, [like] Coffee Meets Bagel, Tinder,” Yuen says.
In certain ways, LinkedIn is a great way for fraudsters to expand their reach. “You might be already married and you are not on the dating sites, but you probably have a LinkedIn account that you check occasionally,” says Yuen.
A scammer on LinkedIn may try to connect with someone through common work experience, a shared hometown, or the feeling of living in a foreign country. Over 60% of the victims who have reached out to GASO are Chinese immigrants or have Chinese ancestry, which these actors lean on to evoke nostalgia or a desire for companionship. The fake claims to have graduated from China’s top universities, which are notoriously difficult to get into, also help scammers earn respect.
While the pig-butchering scams targeting Chinese nationals are not the only kind of fraud happening on social media platforms like LinkedIn, they are exceptional for the amount of financial losses they have caused. GASO surveyed 550 victims and calculated the median loss to be $52,000; in comparison, the median financial loss from all types of fraud in the US in 2021 was $500, according to the Federal Trade Commission.
And on average, LinkedIn victims in particular tend to lose more money than victims of fraud on other platforms—oftentimes over a million dollars, says Yuen.
“Unlike dating sites, which are where the first scam victims were coming from, LinkedIn actually has a lot of information that’s really useful for the scammers,” she says. “They know your earning potential based on the type of work you listed.”
Your new LinkedIn friend wants you to learn about crypto
For one victim, a woman in her 40s who lives in Northern California and asked to remain anonymous to protect her identity, it was the perpetrator’s claim to share her background of working in accounting that made her accept his connection request last summer. From there, they moved on to talking on WhatsApp about their families, education, and careers.
“You just find there’s a good personality,” she says. “You just have things to talk about, and you just feel like what the person says makes sense. Just like you are making a new friend.”
Soon, the “accountant” started telling her about the earning potential of cryptocurrency investments. Being a finance professional herself, she did her own research and thought she understood what her new friend was talking about. The scammer coached her to exchange $10,000 into crypto through Coinbase, a common crypto exchange based in the US, and then to deposit the crypto assets to a separate platform where she could make investments.
In the beginning, everything seemed fine. She could successfully withdraw her investment gains from the crypto wallet, so she put in more and let it sit in the account. But two months in, when she wanted to withdraw a larger amount, the platform no longer let her.
Eventually, she found out that the investment platform her so-called friend had suggested was a fake, set up just to trap people like her. She lost over a million dollars in total.
The introduction of crypto is relatively new to these types of scams. The traditional con often asks victims to complete a wire transfer to a fraudulent bank account, join a gambling platform, or invest in assets like crude oil futures.
But according to data collected by GASO, crypto emerged as a new way to funnel money around January 2021 and is now used in 77% of the cases that the group documented. Crypto is less traceable and more convenient for cross-border transactions, and it involves fewer intermediaries like banks, which can potentially warn victims of fraud risks. Since last year, over $1 billion in crypto has been lost to scammers, a June FTC report shows—more than any other payment method.
Similar to what the California-based victim experienced, targets are typically asked to buy crypto through legitimate platforms, like Coinbase or Binance, and then to unknowingly deposit the assets into the scammers’ crypto wallets, which are disguised as investment platforms.
The methods, though, are already evolving. In October 2021, GASO noticed operations getting sophisticated enough to involve a smart contract—a blockchain program that automatically executes itself—through a phishing link that can drain money not only from the victim, but also from whoever clicks on the link shared by the victim.
A global puzzle to solve
While the “pig-butchering” scams originated in China, they have increasingly become a global operation.
The crackdowns at home have driven many criminal groups into Cambodia, Myanmar, Laos, and other Southeast Asian countries where telecom fraud regulations are less rigorous. New scammers are recruited from Mandarin-speaking communities across Asia, sometimes having been lied to and trafficked to what have been called “industrial-scale” scam headquarters.
By tracing fraudsters’ crypto wallets and tricking them into sharing their IP and geolocation information, GASO has been able to determine that all the LinkedIn scammers they’ve come across are located in Myawaddy, Myanmar, says Brian Bruce, GASO’s chief operations officer. More specifically, they are operating in a building complex called KK Park—the subject of an increasing number of reports of individuals from other parts of Asia being trafficked and forced to work in online schemes. This seems to suggest that this one criminal group has, above all others, realized the scam potential of combining LinkedIn and cryptocurrency.
Yet the fact that such scams are run globally makes it hard to identify the individual criminals and hold them accountable. Bruce says GASO is collaborating with the FBI and the US Secret Service, and hopes to work with Southeast Asian governments to find the culprits, but progress will be slow because of the crimes’ cross-border nature.
US lawmakers are also calling on crypto platforms to step up. Just last week, the House Committee on Oversight and Reform requested information from five leading crypto exchanges—Coinbase, FTX, Binance.US, Kraken, and KuCoin—on what they have done to combat crypto scams.
The responsibility, though, also falls on the sites where scammers hunt for their victims in the first place. After several media reports about the rampant scams on LinkedIn, the platform released a report in June that says it has been able to detect 96% of fake accounts before the people behind them make any contact with users.
LinkedIn does this through a mix of algorithms, industry expert suggestions, and human user reports, says Rodriguez. It looks for behavioral signals, like whether a new account immediately starts to message other users, and whether any of these users block or flag the account. He also says LinkedIn is beta-testing a feature that notes when an account was registered; it could “help [users] understand that ‘Hey, this account I’m engaging with in a conversation just registered two days ago,’” he explains. “Your attitude toward that conversation may be different.”
To LinkedIn’s credit, Li, who confirmed the presence of fake SpaceX engineers on LinkedIn, says this year he has noticed that scam accounts are being taken down more quickly. “At the end of last year, the account might survive three or four days; now they’re being taken down in hours,” he says.
But if anyone searches on LinkedIn today for SpaceX employees who graduated from Tsinghua University, they are still likely to find around 200 results—including “Mai Linzheng” and other scam accounts. Generally speaking, Rodriguez explains that the platform prioritizes identifying fake accounts that are actively engaging with real users; accounts that remain could have been dormant after registration.
Some victims still hope the platform can do better and find more ways to warn unsuspecting users.
“I trust people pretty easily. Unfortunately, [what happened] is a very, very expensive lesson,” says the California woman who was scammed out of $1 million. “I’m just hoping all the parties involved in this—not just the consumers but everybody else—are on high alert.”