Since its launch in 2003, LinkedIn has grown to become not only the largest professional social network but also a vital cog in the marketing machinery of companies and one of the world’s biggest recruitment platforms.
With over 930 million users across 200 countries, there’s no denying that it’s an incredibly valuable platform, but as with any social media – it isn’t without its risks to cyber health.
In this blog, we’re going to take a deep dive into the cybersecurity threats posed by Linkedin and share what you (and your team!) can do to mitigate those threats. Let’s get started.
The five LinkedIn threats you need to look out for
Hacking and account takeover
By far the most common threat on LinkedIn is that of hacking and account takeover. Where weak or reused passwords appear, so do cybercriminals looking to take advantage.
Once a cybercriminal has access to your account, they can utilise your network to spread spam, launch phishing attacks, spread misinformation or even impersonate you for their own financial gain. Remember, only some voices on LinkedIn can be trusted!
Protecting against hacking and account takeovers:
- Use strong passwords: Create strong and unique passwords for every website you use. Utilise a combination of upper and lower case letters, numbers and special characters.
- Turn on two-factor authentication (2FA): LinkedIn supports 2FA as standard, ensuring that even if your password is compromised, a criminal would still need a secondary authentication method to get into your account.
- Update old passwords: That old faithful password may not be so faithful anymore. Use websites like haveibeenpwned.com to see whether it has been revealed in a breach, and make sure you replace old passwords when possible.
Phishing scams
Once a cybercriminal gains access to a LinkedIn account, they’re able to make use of it in any way they please. Oftentimes, that means deploying phishing scams.
Phishing scams are deceptive attempts to trick users into revealing sensitive information, such as login credentials, financial data, or personal details.
LinkedIn users may encounter phishing attacks through emails, messages, or even fake LinkedIn profiles that appear authentic.
These cyber-threats can be particularly dangerous as they exploit human trust and curiosity. For example, posing as a senior manager in your organisation may contact a new starter requesting confidential information.
How to stay protected from phishing scams:
- Remain vigilant: Always keep a close eye out for unusual activity on an account, and if you aren’t sure you trust the person you’re talking to – don’t reply.
- Avoid clicking unknown links: Phishing attempts often trick you into clicking through fear or reward. Avoid clicking unknown links, especially if they ask you to log in or provide personal information.
- Train your team: Phishing attacks are the most common type of attack. Through effective phishing training, you raise the resilience level within your organisation.
Identity theft
LinkedIn profiles contain a staggering amount of information about both our personal and private lives. Your LinkedIn profile contains a huge digital footprint, whether it’s your location, job role, employer, personal achievements, hobbies or interests.
With just a single LinkedIn profile, it’s astonishingly simple for a cybercriminal to commit identity fraud.
How to safeguard against identity theft:
- Limit sensitive information: Avoid including excessive personal details on your LinkedIn profile that could be used for identity theft.
- Monitor account activity: Regularly review your LinkedIn account activity to ensure unauthorised individuals make no suspicious changes or posts.
- Report fake profiles: If you come across a fake profile using your identity, report it immediately to LinkedIn.
Job offer scams
LinkedIn’s success as a recruitment tool has led to an increase in job offer scams, in which scammers post fake job offers or internships to lure job seekers. Such offers may lead to financial losses or identity theft.
How to spot job offer scams:
- Verify the listing: Go to the company’s LinkedIn page and check to see if the listing is legitimate.
- Apply directly: Consider visiting the company’s website directly to apply.
- Check the listing: Look out for odd use of language and imagery, as these can be tip-offs of an illegitimate job posting.
Malware distribution
LinkedIn users may unknowingly encounter malware distribution, where cybercriminals disseminate malicious software through seemingly harmless links or attachments. Malware can infect your device and grant hackers unauthorised access to your data or use your device for illegal activities.
Protecting against malware:
- Use updated antivirus software: Ensure your device has reputable antivirus software installed and kept up to date.
- Scan attachments: Before downloading any attachments from LinkedIn messages, scan them for malware using your antivirus software.
- Be cautious with third-party links: Avoid clicking on links shared by unknown or untrustworthy sources.
How training helps protect you and your team online
While social networks like LinkedIn have proven their value for organisations time and time again, it’s clear that they aren’t without their risks.
With 90% of data breaches occurring as a result of human error, the only certainty in business is that it’s only a matter of time before an employee makes a mistake.
At Bob’s Business, we help organisations of all sizes slash their cyber risk with cybersecurity eLearning that leverages proven psychological principles and engaging content.
Curious to learn more? Click here to discover our cyber awareness product range.