As Seen on NBCNews.com & YahooNews.com54,911 total fake jobs removed from LinkedIn150 fake jobs removed from Teal7,000+ fake profiles removed from LinkedIn1,000+ hijacked profiles removed and disrupted100s of fake companies destroyedOne Mission — Decimating Criminal EnterprisesAs Seen on NBCNews.com & YahooNews.com54,911 total fake jobs removed from LinkedIn150 fake jobs removed from Teal7,000+ fake profiles removed from LinkedIn1,000+ hijacked profiles removed and disrupted100s of fake companies destroyedOne Mission — Decimating Criminal Enterprises
← All Cases
Case File · 007 · Part II of III

The Stateside Strangler

Part II — The Network Revealed: Mapping the full architecture of a domestic employment fraud network.

Continuing SeriesNetwork mappingMulti-platform

Part II: The Network Revealed

Where Part I established the existence of the Stateside Strangler network, Part II mapped it. The investigation expanded from initial entity identification to full network architecture — tracing the connections between fake companies, shared assets, operational patterns, and the human infrastructure behind the scheme.

The scope of what was uncovered exceeded initial estimates. The network was not a loose collection of related bad actors — it was a structured operation with clear organizational logic, shared resources, and coordinated activity patterns.

The Architecture

Network analysis revealed multiple layers of entity construction. Front-facing fake employer pages were supported by networks of fake employee profiles that provided organizational credibility. Those fake employees, in turn, were connected to secondary networks of recruiters — some fake, some real professionals whose identities had been borrowed without consent. The entire structure was designed to create circular trust signals: the company had employees, the employees had connections, the recruiter had endorsements.

Shared asset analysis identified common elements across multiple nominally independent entities — repeated logo variations, overlapping address data, consistent posting schedules, and linguistic patterns that tied listings across different company pages to a common authoring source.

The Victim Profile

Part II also expanded the documented victim profile. The operation targeted multiple professional categories simultaneously, with apparent prioritization of roles with corporate access: finance, IT, HR, and executive support. The pattern was consistent with an operation oriented toward either credential harvesting for account access or candidate placement in positions that would enable downstream fraud.

Takedowns and Network Response

As Part II removals proceeded, the network demonstrated adaptive behavior — replacing removed entities with new constructions using the same underlying patterns. This adaptation confirmed the existence of active human operators rather than automated infrastructure, and it shaped the approach taken in Part III: disrupting the operational layer, not just the visible entity layer.

Case Statistics

Fraud TypeCoordinated Fake Employer Network
SectorFinance / IT / HR / Executive Support
PlatformLinkedIn + Others
StatusActive Investigation

Part II Findings

  • Three-layer network: fake employers, fake employees, fake recruiters
  • Shared asset signatures linking nominally independent entities
  • Circular trust signals engineered across the network
  • Prioritization of corporate-access roles in victim targeting
  • Network demonstrated active adaptation after initial takedowns
Request Case Dossier
← Part I: Discovery Part III: The Reckoning →