Have you ever received a suspicious message through LinkedIn and thought, “this seems strange"? It has happened to me. While LinkedIn is an excellent way to find work and meet professional contacts, hackers have started phishing through the platform. I was reading an article through BleepingComputer that explained why attackers love LinkedIn, and it made sense. Let’s have a discussion about 5 simple reasons why hackers are using LinkedIn for phishing.
I received a “recruiter” message with a link that looked normal but was not. Fortunately, I didn’t click it.
Lesson learned: Always take a moment before clicking links even if they are on LinkedIn.
The report indicates that many compromised passwords are tied to social media accounts, and most of which do not feature two-factor authentication (2FA).
Consequently, if a person's old account is taken control of, it can be used to persuade others.
Advice: Enable 2FA for your LinkedIn profile. It is easy, free and will take you two minutes.
Take it into consideration — if you can see everyone who works for a company, it is easy for a hacker to view those same profiles. Then all they have to do is send an enticing "business message" to someone of importance.
You should take care of your activity: verify profiles prior to replying to messages from people you do not know. If something does not appear right, you should trust your instincts.
1. It bypasses normal security checks
Most companies have mechanisms in place to prevent phishing emails sent to employees, which is primarily using spam filters and other tools. Messages through LinkedIn are not filtered by these mechanisms. So when someone sends you a message with a fake job offer or link through LinkedIn, your security filter provided by your email can’t prevent it from reaching your corporate mail.I received a “recruiter” message with a link that looked normal but was not. Fortunately, I didn’t click it.
Lesson learned: Always take a moment before clicking links even if they are on LinkedIn.
2. It is cheap and convenient for hackers
Hackers do not need to utilize any tooling to use LinkedIn. Hackers miss out on emailing being able to simply take over a weak account and send messages.The report indicates that many compromised passwords are tied to social media accounts, and most of which do not feature two-factor authentication (2FA).
Consequently, if a person's old account is taken control of, it can be used to persuade others.
Advice: Enable 2FA for your LinkedIn profile. It is easy, free and will take you two minutes.
3. It Gives Easy Access to Important People
LinkedIn offers information about job titles, organizations, and contacts, which hackers utilize to identify high-value targets like managers or administrators at the company.Take it into consideration — if you can see everyone who works for a company, it is easy for a hacker to view those same profiles. Then all they have to do is send an enticing "business message" to someone of importance.
You should take care of your activity: verify profiles prior to replying to messages from people you do not know. If something does not appear right, you should trust your instincts.
4. High Stakes
Hackers are able to gain a substantial amount from a single phishing attack. If they successfully steal a LinkedIn account connected to an organization’s intranet or other applications, then they are subsequently able to gain access to larger infrastructures and extract pertinent data or financial resources. The report includes a statement that references the financial implications from just a single compromised account. So for the reasons mentioned, it is not “just a message” - it could be the initiation of a much larger assault.
Last edited:
