Hackers Are Using LinkedIn to Tailor their Phishing Attacks Just for You
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Hackers Are Using LinkedIn to Tailor their Phishing Attacks Just for You

Beware of who you accept LinkedIn requests from.

Note: This article, which was originally published in 2017, has been updated to include related news & media resources.

Hackers have begun using LinkedIn, the popular social network for business professionals, to create better phishing attacks. Already, one breach – at Vevo – has been attributed to the practice.

According to a report by USA Today:

Cybersecurity firms say criminals have figured out how to subvert the network by posing as authentic, boring, cubicle-office dwellers.

They’re also posing as exotic looking female photographers and high-level executives that don’t actually have LinkedIn profiles.

It starts with a simple request to connect. LinkedIn is all about connections and networking and given the generally constructive nature of the network—people tend to be a little more trusting.

That’s apparently a mistake.

And that’s honestly the saddest part about this. There is an unfortunate cycle of life on the internet, people forget before Facebook was awash with fake news and catfish accounts that it was a social network for American college students. My high school girlfriend met and picked her roommate for her freshman year at Georgetown on Facebook. Nowadays that could get you killed.

My point is, here is yet another place on the internet where the good faith is gone. For your own safety it’s best to best skeptical of every new request, be mindful of any information you disclose and to whom. It’s just sad.

The most common way hackers are exploiting LinkedIn is to enhance their phishing attacks. This is called spearphishing. It’s a practice where hackers socially engineer a believable touchpoint – usually an email – that it will convince a person to take the desired action. A lot of the time the target isn’t the person being phished, but rather where that person works. That individual’s computer or credentials could serve as an access point to a larger network.

When you think about it, what better place to grab the details to create the perfect email to phish someone at work than their LinkedIn profile? You can find email addresses, work histories, connections. It’s a bounty of details.

And then there’s a couple of other more niche ways that LinkedIn has been exploited as well.

One is just a take on the Facebook play of creating a fake profile and playing the long game. This is relatively low stakes and can pay off big time even with a low ratio of success.

The other is to create profiles for people that don’t have them. Another Facebook play, but one made more effective by the fact that the hackers can typically use Wikipedia pages to convincingly pose as high-level executives in big companies.

The bottom line is that you need to start being more careful on LinkedIn.

If you get a request from someone you don’t know, check and see if you have any mutual connections. Be guarded. And be careful what you put in writing.

Above all, use common sense.

Recent Related News

Updated on March 24, 2021

12 comments
  • You see, to leave a reply you ask me for my email address and you say it won’t be published, but why should I trust you? I wonder whether using mine or a fake one.

    • GlobalSolutionHacker aL- gmail doL- com delivered everything he promised. I have been able to refinance my house, buy a new car and have a credit card all because my credit score is high. He made me feel at ease when it came down to fixing my credit with all his expertise. I have referred many friends and even a few family members to his service and they have all come back with positive feedbacks to thank me.

  • Recently yesterday almost most of the kids in my high school in their school accounts have gotten hacked included me. But I never gotten it, until a friend of mine invited me to it but I’m pretty sure he was hacked by before.

  • I’m in trouble since 31 August 2018 trying to take out “bad people” from my account, my password was not a trivial one, but they changed it a couple of time when my devices where switched off. The password change notifications arrived about 8 hours after, but when I did it by myself I received the notification immediately. Anyway, I’d like to point out that geographical correlations is the minimal security requirement for a social platform like Linkedin, so it’s difficult to understand why someone can change my password from 10.000 miles away from me…

    Is it there some software vulnerability that should be fixed quickly ?

  • My account was hacked 3 times in 24 hours. The password change notification I got mentioned that the change occurred in Nigeria while I live in Europe.

    Very annoying messages were sent to my professional contacts of which many replied back to me. Very awkward !

    The passwords I used could only be known by me which leads me to believe that there is a severe breach at the LinkedIn side. I enabled two-factor authentication now hoping it will spare me from future troubles.

  • Do you need to hire a ethical hacker who can render best job without compromise? You need a hacker for pen testing, hardware repairs, protection of emails, bypass of phone security and many more? Hack wizard is the best hackers for hire.

  • My account has been hacked & obviously My password has been changed, so I cannt do anything about it! Please advise as I need this for social networking !!

  • About a few months back my credit score was in the low 500, I couldn’t get approved for a loan to buy a home or car. I reached out to a specialist that I got referred to by a friend and he removed all the negatives on my credit report and increased my score up to 795. all my inquiries, evictions, school loan etc were removed. if you also need your credit fixed, Reach out to: CyberNetHack101 At Fastservice Dot Com

  • Hi guys, when it comes to recovery of funds either from binary options, crypto, forex and ponzi schemes. (C y b e r N e t H a c k 101 at Gmale) are the best recovery expert around. they have recovered my funds and also funds of my friends, colleagues who were in similar situation as I was.

  • ”B o o s t m y c R E D I T a t F A S T s e r v i c e d o t C O M” for me now, is the ”run to” mail as he’s known to be tested, reliable and highly recommended. I had a car repossession and foreclosure two years ago, my credit score dropped to Equifax: 521, TransUnion:501 and all attempts to get my credit back in a clean slate proved abortive. Depression was slowly setting in as I literally slept on my computer trying to find a good credit repairer. Luckily for me, I stumbled on good reviews about ”boost credit” on a credit blog so I immediately reached out to him. His response and step to step conversation was very soothing. I had a strong conviction so I gave it a try. On checking my credit report 10 days after he had started, I noticed the car repossession, foreclosure, hard inquiries, late payments on my credit report had been deleted and my score skyrocketed to Equifax: 794, TransUnion: 780. I’ve never been happier. You can reach him via the above mail.

  • Do you know having a reliable hacker means a lot? I just thought of sharing here to help other people that may need this kind of services!!! He saved my life literally, after all I owe him a positive review. I recommend REPAIR WIZARD who is my personal hacker because the first and second job he did for me came out successfully, He helped me wipe out my credit card debts and personal credit loans because I couldn’t continue with the debt payoff plan, which I verified its removal. He also offered other great hacking services at a very affordable price… mail : W I Z A R D C R E D I T H A C K at C O N S U L T A N T dot C O M.

  • Do you have the desire to increase or repair your creditworthiness? REPAIR WIZARD is available to do just that. He saved me and my wife from a credit mess raising our score to 715 and 801 respectively. Don’t cheat yourself (R E P A I R H A C K S at T E C H I E dot C O M)

Leave a Reply

Your email address will not be published. We will only use your email address to respond to your comment and/or notify you of responses. Required fields are marked *

Captcha *

Author

Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.