Last year, job-focused online service LinkedIn suffered a cybersecurity breach that reportedly affected 92% of users and in the process exposed contact information, employment information and even email. location history.
According to an April 2022 report from Check Point Research, the Microsoft-owned network tops the list of all phishing attempts made in the last quarter. LinkedIn even overtook international shipping company DHL as the most targeted brand.
Currently, LinkedIn has over 774 million registered users in over 200 countries, which also makes it a top site in the social/professional networking space for hackers to gather user information as well.
“LinkedIn has become a crucial tool for attackers,” warned Chris Clymer, director and CISO at cybersecurity risk management provider Inversion6. “Using public information on LinkedIn, it is now possible to fully automate the collection of information where executives, finance personnel and other attractive targets for phishing or impersonation are identified. Virtually all targeted attacks involve the use of LI for information gathering.”
Watch what you share
LinkedIn proponents argue it’s the best way to network and find career opportunities. Too often, however, the same level of due diligence used on other social platforms is lacking with LinkedIn.
“LinkedIn can be a very valuable resource for professionals,” said Matthew Marsden, vice president of technical account management at cybersecurity and systems management firm Tanium.
“While content is generally limited to professional writing, job postings and industry discussions, there are still threats in using the platform. Malicious actors are creating fake profiles and seek to collect a network of ‘connections’ from which to collect information,” Marsden warned. .
Part of the reason is that if LinkedIn encourages sharing or resumes for job seekers, it can expose sensitive user information.
“Personally identifiable information (PII) is a common part of a resume, and it’s publicly exposed in a LinkedIn post,” Marsden said. “Deep resumes also provide valuable information that can be used in social engineering campaigns.”
It’s really no different than over-sharing on Facebook or Instagram of course.
“All social platforms have the potential to be exploited by nefarious people and LinkedIn is certainly no exception,” said Tom Garrubba, Director of Third Party Risk Management (TPRM) Professional Services at Echelon Risk + Cyber.
“Recent FBI warnings of incidents of thieves befriending people on the app and then luring or even tricking these unsuspecting users into cryptocurrency scams and other types of scams provide horrific examples of what can happen if you’re not careful,” Garrubba explained. “Social media fills that void of instant gratification and the humanistic need to be ‘loved.’ online sensitive details about our personal lives and those of our loved ones.”
In other words, due diligence is always recommended.
“For some it may be possible to simply not have a profile to limit their exposure – but this is an increasingly untenable position,” Clymber added. “For many of us, LinkedIn is a necessary tool to promote ourselves and our employers – a tool that cannot be ignored. Instead, it is beneficial to know that this information is readily available and always available. validate any suspicious email requests such as changes in payment information using a phone call in a familiar voice.”