To LinkedIn, or not to LinkedIn... That is the Question

It’s not uncommon to receive seemingly random (and harmless) Linkedin connection requests from people you don’t know. Maybe it's from someone in the same industry or with a similar personal interest. Or even someone completely unrelated but with an irresistible smile, just wanting to “network.”

launch-security-blog-jimmy-bay-207388.jpg

So how do you know that person is real and if you should make that connection?

Unfortunately, there are a growing number of fake Linkedin members out there trying to hook unsuspecting users into unsuspecting relationships. The malicious requests are coming from sophisticated attackers with bad intentions. Here are a few of the key reasons why:

  • They know profiles are often loaded with great information. It’s hard to resist! We all want our profile to look great to other professionals and maybe even future employers. So we add lots of detailed information… Where did you work, when, and in what role?  What schools did you go to, for what degrees, and when? This info really helps bad actors craft personalized attacks.
  • They want to understand your connections. Phishing emails are becoming more sophisticated with attackers taking time to understand the connections between vendors, customers, and employees so that they can personalize and target their attacks. LinkedIn connections tell attackers quite a story about who you work with (e.g. your customers, vendors, and interest group).
  • InMail can be a direct attack method. Your team may be trained to deeply review emails before clicking links and attachments, but they now need to think about Linkedin messaging too. Knowbe4 reported incidents of InMail being used to send malicious links. That connection you just made may follow up with a maliciously crafted LinkedIn message.

In a day and age of connections and connectivity, it’s important everyone—executives, managers, and employees alike—recognize there are growing risks associated with social media like LinkedIn. A few tips to help keep you and your organization safe:

  • Research before connecting: Prior to accepting a new request, confirm it’s is a real one. Fake LinkedIn members use profile images of other people directly from the Internet. One spot check is to use Google image search where you can search the image and see if it’s the same person.
  • Change “Who can see your connections”: LinkedIn’s privacy settings allow you to control if others can view your connections and limit that to the point where you’re the only one. Make sure your privacy settings are up-to-date, you may have set them up a long time ago.
  • Conduct regular awareness training: New attack methods such as malicious Linkedin messages are constantly surfacing. Ongoing education for everyone in your organization is extremely important. A cybersecurity program should involve planned and scheduled cybersecurity awareness training that will keep your organization CyberSmart.
launch-security-blog-ben-white-138762.jpg

It’s always good to be diligent about who you’re connecting with and why. Please remember, all it takes is one bad click.

Stay Safe,
Your Friends @ Launch Security

Subscribe to the Launch Security Blog: Cybersecurity in 60 Seconds