For many people, LinkedIn is a place where their professional information lives. That’s not an issue; everyone wants to get a new better job, secure new selling deals and also increase your professional network.
Many people, me, you, and probably every other LinkedIn user has accepted a connection request from someone they know nothing about. And this is where we go wrong. Everyone knows that they can “trust” LinkedIn with their info, and the hackers know that too, and they have taken advantage of this trust to phish people’s information through LinkedIn, a Cyber Security expert, Alison Wickoff, a Senior Researcher with the Counter Threat Unit at Secure Works in Atlanta warned.
Cybersecurity experts have warned that the malicious hackers will pose as some bored behind the computer office workers who are looking for nothing but a new professional connection.
Last month a group of hackers called OurMine stole and posted 3TB of files from Vevo – a music and video streaming company. The whole attack began from LinkedIn.
Once a LinkedIn user makes their email address visible to everyone, most of us do since we’re expecting for someone to notice your skills and contact us, they use that email to send Malware to you – unknowingly you’ll open the email and give the hackers a backdoor to all your personal information.
LinkedIn knows that this is happening, but since they don’t want to lose their credibility, they ignore all of it and act like everything is normal. The only way to stay safe, according to Paul Rockwell, the head of Safety and Trust unit at LinkedIn, is to accept connection requests from people you know or recommendations from your trusted connections.
Be more vigilant about profiles that are overly good, or too thin with information. Secure Works spent almost a year tracking down a group of hacker they dubbed Cobalt Gypsy. The team had created a fake LinkedIn account for a photographer based in London under the name Mia Ash, who, as expected, never existed.
Cobalt Gypsy primarily targeted the government, telecommunication, and oil funding organizations in the Middle East. The group was allegedly organized and funded by the Iranian Government. Cobalt Gypsy used a photo of a lovely lady and used it to lure male targets to their trap. Mia Ash could sent request, and the men would accept, she then asked them to chat on other social media platforms like Facebook. Eventually, Mia would send them a travel survey form to “speak out” their mind. Boom!
Another tactic the hackers use is to create a LinkedIn account of a real person, but the real person doesn’t know about it. They can also go to LinkedIn, view some of the busy profiles and create a copycat from one. This way if “your” account commits a crime, you’ll be the first suspect the cops pick up for questioning.
Hacking is not like breaking into a diamond safe house or robbing a bank with armed response, it is quite easy and the hackers, even if they fail, they don’t lose anything. They will keep trying. And hacking five users successfully out of 100, it’s a big win for them.