Hackers Are Using LinkedIn to Tailor their Phishing Attacks Just for You

Hackers Are Using LinkedIn to Tailor their Phishing Attacks Just for You

Beware of who you accept LinkedIn requests from.

Note: This article, which was originally published in 2017, has been updated to include related news & media resources.

Hackers have begun using LinkedIn, the popular social network for business professionals, to create better phishing attacks. Already, one breach – at Vevo – has been attributed to the practice.

According to a report by USA Today:

Cybersecurity firms say criminals have figured out how to subvert the network by posing as authentic, boring, cubicle-office dwellers.

They’re also posing as exotic looking female photographers and high-level executives that don’t actually have LinkedIn profiles.

It starts with a simple request to connect. LinkedIn is all about connections and networking and given the generally constructive nature of the network—people tend to be a little more trusting.

That’s apparently a mistake.

And that’s honestly the saddest part about this. There is an unfortunate cycle of life on the internet, people forget before Facebook was awash with fake news and catfish accounts that it was a social network for American college students. My high school girlfriend met and picked her roommate for her freshman year at Georgetown on Facebook. Nowadays that could get you killed.

My point is, here is yet another place on the internet where the good faith is gone. For your own safety it’s best to best skeptical of every new request, be mindful of any information you disclose and to whom. It’s just sad.

The most common way hackers are exploiting LinkedIn is to enhance their phishing attacks. This is called spearphishing. It’s a practice where hackers socially engineer a believable touchpoint – usually an email – that it will convince a person to take the desired action. A lot of the time the target isn’t the person being phished, but rather where that person works. That individual’s computer or credentials could serve as an access point to a larger network.

When you think about it, what better place to grab the details to create the perfect email to phish someone at work than their LinkedIn profile? You can find email addresses, work histories, connections. It’s a bounty of details.

And then there’s a couple of other more niche ways that LinkedIn has been exploited as well.

One is just a take on the Facebook play of creating a fake profile and playing the long game. This is relatively low stakes and can pay off big time even with a low ratio of success.

The other is to create profiles for people that don’t have them. Another Facebook play, but one made more effective by the fact that the hackers can typically use Wikipedia pages to convincingly pose as high-level executives in big companies.

The bottom line is that you need to start being more careful on LinkedIn.

If you get a request from someone you don’t know, check and see if you have any mutual connections. Be guarded. And be careful what you put in writing.

Above all, use common sense.

Recent Related News

Updated on March 24, 2021

10 comments
  • You see, to leave a reply you ask me for my email address and you say it won’t be published, but why should I trust you? I wonder whether using mine or a fake one.

  • Recently yesterday almost most of the kids in my high school in their school accounts have gotten hacked included me. But I never gotten it, until a friend of mine invited me to it but I’m pretty sure he was hacked by before.

  • I’m in trouble since 31 August 2018 trying to take out “bad people” from my account, my password was not a trivial one, but they changed it a couple of time when my devices where switched off. The password change notifications arrived about 8 hours after, but when I did it by myself I received the notification immediately. Anyway, I’d like to point out that geographical correlations is the minimal security requirement for a social platform like Linkedin, so it’s difficult to understand why someone can change my password from 10.000 miles away from me…

    Is it there some software vulnerability that should be fixed quickly ?

  • My account was hacked 3 times in 24 hours. The password change notification I got mentioned that the change occurred in Nigeria while I live in Europe.

    Very annoying messages were sent to my professional contacts of which many replied back to me. Very awkward !

    The passwords I used could only be known by me which leads me to believe that there is a severe breach at the LinkedIn side. I enabled two-factor authentication now hoping it will spare me from future troubles.

  • Do you need to hire a ethical hacker who can render best job without compromise? You need a hacker for pen testing, hardware repairs, protection of emails, bypass of phone security and many more? Hack wizard is the best hackers for hire.

  • My account has been hacked & obviously My password has been changed, so I cannt do anything about it! Please advise as I need this for social networking !!

  • About a few months back my credit score was in the low 500, I couldn’t get approved for a loan to buy a home or car. I reached out to a specialist that I got referred to by a friend and he removed all the negatives on my credit report and increased my score up to 795. all my inquiries, evictions, school loan etc were removed. if you also need your credit fixed, Reach out to: CyberNetHack101 At Fastservice Dot Com

  • Hi guys, when it comes to recovery of funds either from binary options, crypto, forex and ponzi schemes. (C y b e r N e t H a c k 101 at Gmale) are the best recovery expert around. they have recovered my funds and also funds of my friends, colleagues who were in similar situation as I was.

  • About a few months back, a relative had to clear out her name. She had a criminal record to clear. I  reached out to a specialist that i got referred to by a friend and he cleared every criminal record attached to her name.If you also need your name/profile to be erased from any criminal record, Reach out to: CyberNetHack101 At Gmail Dot Com

  • I strongly recommend the service of a good hacker to you and I have used them quite a number of times and they have never disappointed me. They do all types of mobile hacks, get unrestricted and unnoticeable access to your partner/spouse, Skype, Facebook Account, Email(s), Whatsapp, Instagram, Text messages, Snap Chat, Hang out, Twitter, Hangout, etc.
    Contact: F I X U R W O R R I E S at D O C T O R dot C O M
    Getting the JOB done is as simple as sending and stating what you want to do.

Leave a Reply

Your email address will not be published. We will only use your email address to respond to your comment and/or notify you of responses. Required fields are marked *

Captcha *

Author

Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.