3 Things to Do Before You Accept That LinkedIn Request (and 1 to Do After)


I want to be liked.

You want to be liked.

We all want to be liked.

But you can’t let your desire to be liked trick you into getting scammed. That’s why, after I share this strange anecdote about a bizarre LinkedIn request I got the other day, I’ll offer some tips to keep yourself safe on LinkedIn.

The Flattery of a LinkedIn Request

Now, I like it when I get a “friend” request on Facebook. But I’m a little tapped out on that particular platform. I’m already friends with my real friends, so the new ones all seem to be high school classmates who are at best a distant memory. Garth Hamlin? The name rings a bell.

But LinkedIn requests are a little different, right? They’re not about friendship really, but about seeing some professional commonality, a chance to connect over work issues, maybe your next big opportunity.

Of course, where you are in your career and life will change this a bit. I’m, let’s just say, “late in my career.” I’ve got a lot of connections already, and I’m not really looking for the next gig. But I am still interested in meeting interesting new colleagues.

When a LinkedIn request comes in cold, no note, I ignore it as often as not. But I’m more prone to accept a request when it comes with a personal note, say, like this:

Hi Tom,

I’ve just come across your profile and thought we might benefit from being connected!

I would love to connect here if you’re open to it.



The person took time to look at my profile and explain their request. How nice. I typically look at the profile from there, to see if I think it will be worth connecting.

I’m not super picky, mind you. I happily accept students, early career people who are looking to learn, mid- and late-career people who might share interests, someone who reads my blog or attended a webinar (just to shamelessly self-promote a bit). But I tend to ignore biz dev reps and salespeople for offshore software dev shops.

Something's Fishy Here

Oksana’s profile caught my eye, though. Take a look at the profile. What catches your eye?

Is it her 500+ connections? The fact that she boasts of experience in tons of hot tech areas? That she’s young and pretty?  There’s something there for everyone.

At this point, my Spidey-sense was tingling. That photo was too glamourous, the list of skills too long, the connection count too high for someone who seemed to be so young.

I suspected right then and there that this was the start of an attempted scam.

Scrolling down “her” profile did nothing to convince me otherwise.  She’d earned a degree from the London School of Economics (impressive) and had been working for just four years at two smaller companies. The sales part of her career might explain the connection count, but not all the areas of expertise.

Then I looked over at the “People Also Viewed” section—and it got even fishier.


It seems the people who look at Oksana’s profile manage to find a suspicious number of other young, pretty women with equally non-work-oriented profile pictures.

I dug around; some were clearly real people, but others … well, I don’t think so. None struck me quite like “Tom.”

I’ll leave the specifics of what made me suspicious of “Tom”‘s profile to your imagination.

Don't Trust, but Also Verify

I knew enough at this point to ignore the request, and that’s what I’d recommend you do in a similar situation.

I’m a student of scamming, though, so I thought I’d at least try to string “Oksana” along.

I replied to her request with my standard reply to unexpected requests:

Hi [Oksana],

I appreciate the connection request. Before I accept, can you tell me what prompted you to request a connection?



I rather hoped this person—who I now assumed to be a scammer trying to lure me into who knows what—would write back. I might even get to experience an attempted “romance scam” similar to what Roger Grimes chronicled in a 2019 CSO article.

But I never heard back from Oksana, and I didn’t accept her request.

Two weeks later her profile is still there. She might even exist. I’ll never know for sure. Opportunity lost … or time gained?

Scam Vs. Spam

Not every unwanted attempt to connect is as transparent as Oksana’s, nor do they fall apart so quickly. Just the other day, for example, I got this nice message alongside a connection request:

Hi Tom – Your page just came up on LinkedIn as someone I should like to know. I don’t know how LinkedIn does this. But after seeing what you do, I’d have to agree. 👍

I’d like to add you to my professional network on LinkedIn if you are open to it. Thanks – [Name withheld]

Okay, I thought, I’ll accept, this is obviously a real person who wants to connect.

I then got a much longer reply.

Great to connect Tom!

Also, what one thing can’t I learn about you just from looking at your profile?😏

Here’s mine – “I LOVE to Mountain Bike .. so much so that I often ride on trails and tracks that teen-agers ride (my wife gets nervous!). I have taken a few spills, and if you were to look at my shins, they are pretty scared up from hitting my pedals, usually on the way down.”

Can you top that one?!

All kidding aside, I realize so many LinkedIn messages can be spammy sales pitches or boring business jargon right off the top. Instead, I like to remind myself we’re still communicating with human beings(!) on the other end of these notes and have some fun (especially these days), break the ice, etc.

Either way, great to connect and excited to see if you can top my Mountain Biking story!

I suspected right away I was no longer connecting with a “real person” but instead with a marketing scheme, so I ignored the message, and got an even longer follow-up the next day, where it started to become clear how this person was trying to monetize the connection request. Ah well, so much for the authentic request. It was just spam.

Marketing outreach that comes through LinkedIn is becoming more common, according to Business Insider, and it often hides behind the “flattery” of a personal connection request—but it doesn’t mask the fact that it’s just spam, sadly, run through a site where we (too often) let down our guard to make personal connections.

How to Stay Safe on LinkedIn

You may think it’s LinkedIn’s job to protect you from the scams and spam.

LinkedIn is doing their part with their extensive help sections on protecting yourself, but you’re the one ultimately clicking those links or accepting those requests.

Despite all the work they do, bad stuff slips through the cracks. So here are three things to do before you accept a connection request—and one thing to do once you’ve already connected.

#1: Ignore the Bots

Your #1 weapon against spam and scams on LinkedIn is your skepticism. When you get a connection request, the first thing you should do is ask yourself: is this person real? That alone will weed out a lot of the fake accounts in your inbox.

#2: Review the Profile

If you think the person is real, you should then ask: do I want this connection? If there is nothing in their profile to suggest a meaningful work connection, and if they haven’t told you why they’re connecting, they will likely be a nuisance, so just click Ignore. As I mentioned above, I have criteria for connections that I’ll ignore, and that makes it really easy to filter out the noise.

#3: Ask Why

If they seem real and potentially worth knowing, but didn’t tell you why they wanted to connect, I’m a big proponent of asking. I have a boilerplate response I send out asking what prompted the connection request. If it’s a legit request, this is often a fine way to start a conversation. But if the sender blindly spammed you with a request, they may just ignore your reply, which is as good a reason as any not to connect.

#4: Block and Report

You can do all these things and still end up connected to someone you don’t care for. It happens to me all the time. The moment you find out that the connection isn’t worth your time, it’s easy to remove the connection (on their profile, click More … then click Remove Connection). If things go awry from there, you can even use the same process to Report/Block them. I’ve only had to do this once.

From LinkedIn to the Real World

If the skills I’m suggesting you practice on LinkedIn sound familiar, it’s because they are just like the skills you’ve learned in identifying and deleting phishing attempts and other forms of social engineering. They are the core skills everyone needs as they navigate our crazy digital world: lots of skepticism, some occasional sleuthing, and a willingness to ruthlessly weed out the obvious crap that clutters up your digital life.

And if all this sounds interesting to you, connect with me on LinkedIn. We’ll see how it goes.

*I’m obscuring names and some photo details, even though I don’t think any of these people are “real.”


Like What You Read?

Check out more content from Tom Pendergast on his blog Confessions of an Awareness Nerd.

Explore the Blog

Share this Post