Hackers continue to troll LinkedIn

Social media sites remain in the sights of criminals in fooling users

0 intro linkedintroll
Credit: Steve Traynor
Linked to crime

LinkedIn and other social networks are becoming targets for threat actors since they know it's a great way to bypass company's defenses. These attacks are becoming more common because it’s easy and inexpensive. Companies have placed a lot of money in their perimeter security and purchased products to find sites with poor reputations scores. LinkedIn circumvents both of these layers. LinkedIn is typically a site that is not blocked by network filters to allow HR departments the capability to find new employees. LinkedIn is also a reputable site, so these reputation-based security products will allow any employee to access the site.  Cylance has created some tips to help fend off these attacks.

RELATED: The rise of LinkedIn fraud

1 fake profile
Credit: Thinkstock
Beware of fake user profiles

Be careful about accepting ‘Friend Requests’ from people you don’t know. Scammers may set up fake profiles specifically tailored to catch your attention – for example, by creating profiles made to look like recruiters from top companies in your industry, by using an attractive profile picture (which may be a stock photo), and by attempting to connect with others on our team or within your company so that their profile looks more reputable.

 

LinkedIn
Credit: Thinkstock
Think twice before oversharing

As with Facebook and other social networks, oversharing can get you (and your company) in trouble. Sharing too much detail about your day-to-day professional life gives social engineers all the tools they need to find a way into your company – either physically or digitally.

For example:

  • Sharing a photo that shows your work security pass (makes it easy for someone to copy)
  • Posting pictures taken in the office (including whiteboards or other sensitive info)
  • Posting about your company’s travel plans in advance (makes it easy for someone to impersonate a member of your company by ‘knowing’ this insider info)
  • Writing about the hardware or software your firm uses internally (attackers love to know this)

 

LinkedIn
Credit: Thinkstock
Enable two-step verification

This will prevent an attacker from gaining full access to your account. With this setting enabled, you’ll be sent an SMS message containing a secondary login code each time you sign in from a new location. A malicious actor who gets hold of your LinkedIn password would then need physical access to your cellphone in order to login to your profile.

Here is a short introduction to show you how to enable two-step verification.

 

4 change password
Credit: Foundry
Change Your Password Often

Following the LinkedIn data breach in 2012, where 167 million encrypted user credentials were stolen, it has recently come to light that those email and password combos are now for sale on the dark market. If you haven’t changed your LinkedIn password in a while, it is strongly suggested that you do so as soon as possible. Better still, use a password manager to generate a unique and strong password.   

 

5 review settings
Credit: Thinkstock
Regularly review your security settings

LinkedIn provides a myriad of security and privacy options to help keep your profile and data secure from prying eyes. A good start is to customize your public profile. This will allow you to fine tune exactly what information is visible to the public. Simply click your Account (top right), select Privacy and Settings, click the Privacy tab, then choose ‘Edit Your Public Profile.’ You might be surprised at how much you’ve been unknowingly revealing about yourself and your job to the outside world.