Intel Security has warned that by simply accepting “I'd like to connect with you on LinkedIn" requests from people you don’t know, you could be could be making it easier for cyber criminals to target you and / or people in your professional network with attacks such as hacking and phishing.
What’s the Problem
Just as our social media profiles can actually give people a lot of information about us e.g. name, birthday, location, friends etc., so your LinkedIn profile can also reveal a lot of information about you and your connections. Personal information, especially information that could be matched up with other details and stolen information from elsewhere can be very helpful research material for cyber criminals when planning their attacks.
According to the CTO of EMEA at Intel Security, because LinkedIn is a professional network i.e. it gives details of your position in an organisation and your professional network, this can enable hackers to target senior level professionals and ultimately to target the corporate network.
How It Works
According to Intel, a cyber criminal could therefore request to connect via LinkedIn with as many junior and mid level employees and executives at the target company as possible. The criminal could then use their links with people in that organisation to provide the validation when they target the senior level executives, thus making it more likely that these executives will link connect them.
With all the right connections in place a cyber criminal could then use them to launch a well targeted phishing campaign. This could involve using name, job and company information to email things like fake invoices and authentic looking emails that could request wire money transfers or malware such as ransomware.
LinkedIn Security Concerns
This is not the first security concern relating to LinkedIn as data search engine LeakedSource recently revealed that the usernames and passwords of what could be up to 117m LinkedIn were put up for sale on the dark web by the hacker that stole the data.
What Does This Mean For Your Business?
It is important to raise awareness in your business that this type of crime exists and introducing a clear company policy around social media could also help. Members of staff should be asked to exercise caution when asked to link up with people they don’t know on LinkedIn.
Staff should also be made aware of / given some training about how to avoid common scams, including making staff aware of the risks of opening unknown attachments in emails or clicking on unknown links.