Linkedin provides hackers with convenient resources
The social media platform LinkedIn has built itself up to be a fundamental part of the business community. It’s no longer acceptable for a working professional or business to not have a profile on LinkedIn. Social networking on LinkedIn has enabled advancements in marketing, hiring, and tons of other business activities. However, with so much business and personal information posted on the platform for anyone to view, phishing threats are terribly easy for hackers to achieve.
Why is this?
- Your Guard is lowered - Once trust is established, it’s only natural for you to let your guard down. LinkedIn is regarded as the most professional social media platform due to its business-orientation. People trust LinkedIn more than they do Facebook or Twitter, making cyber-attacks a no-brainer since you aren’t likely to question the validity of a phishing scheme.
- Account Verification - Unlike Twitter and Facebook which show a checkmark next to each verified account to display their legitimacy, LinkedIn only displays this checkmark for users with premium accounts. This means that anyone can create an account under any name and claim to be that person.
- High Quality Business Information - Not only do hackers have clear access to individuals information, but they know the company they work for and all of their connections that work with them as well. This makes phishing even easier to come from a name the person is familiar with. i.e. Spear phishing.
Spear Phishing is THE LEADING cyber-threat on linkedin
Spear phishing is a type of phishing that is targeted towards a specific individual, organization or business. Usually this comes in the form of posing as a coworker or boss. But how are cyber criminals able to pull this off on LinkedIn? It comes back to having all the information they need right in the platform. This includes the name of the person, where they work, what position they have, and all of their connections.
Email addresses are also very easily exploited as most companies follow the same system for assigning these to all employees whether that be their last name and first initial followed by the company domain or their first and last name separated by a period. Once a hacker figures out one email from a company, it's easy for them to find all of the others.
Hackers aren’t only using LinkedIn to get information to send outside of the platform, but fake profiles and messages are being sent within the system for further phishing. Messages can be sent to anyone, even if they aren’t a connection, so there is nothing stopping a cyber criminal from creating a fake account and sending you a phishing message.
How can you protect yourself on linkedin?
LinkedIn is doing their best to try and address the phishing issues that have risen. They have a website available for users to report fake profiles and phishing attempts. You can also forward any phishing emails that come from LinkedIn or you believe were taken from your LinkedIn profile to email@example.com and they will block this email.
That being said, these tools aren't foolproof and phishing will still happen one way or another. LinkedIn is a valuable tool for so many individuals and businesses that they would be hard pressed to give up.
Here are our top tips to help you stay safe on LinkedIn:
- 1. Be skeptical, never answer any messages from someone who isn’t a connection
- 2. Don’t share personal information within messages or InMail in the platform
- 3. Don’t click links; try and navigate to sites that are connected by going to the site directly.
- 4. When you are applying for jobs, don’t send information to addresses that aren’t connected to the company
- 5. Any messages coming from LinkedIn should include their official footer.
- 6. If you receive any messages from someone claiming to be a coworker or boss, double check that the email address is correct for the person. Notify this person immediately and report this to LinkedIn
For more tips on keeping yourself secure from external threats, watch our Cybersecurity awareness training and subscribe.