Homepage / Technology / Just say no to LinkedIn requests from strangers; some may be phishing scams
Başkanın ilk icraatı işçi kıyımı olmuştur! 719 7slots kumarhane 90 Business Online Solutions What Is a Board Analysis? The Importance of Planning and Programs Development How Board Governance Software Improves Meetings and Governance How to Craft a Successful Board Meeting Reminder Benefits of a Virtual Data Room for Bankruptcy VDR Example for Business Hong Kong ユースカジノの登録方法を初心者にも分かりやすく図解入りで解説 チェリカジ 5 Как быстро пополнить счет в Казино Х в любой валюте Официальный сайт Up X казино и мгновенные игры Paşa Casino Mobil Uygulama 2025 Giriş Üyelik Bonusu Freespin No Deposit Bonus Casino Free Spins In New Zealand What Are The Best Online Casinos For Real Money Pokies And Bonuses In Australia Дэдди Казино официальный сайт Джойказино: информация про официальный сайт Glory Casino giriş için buraya tıkla ve Türkiyede en popüler casino kullanıcısı ol Les Gambling establishments en Ligne en France 2024 200% Reward + 300 Free Rotates LevelUp Internet casino Melbourne En İyi ve Güvenilir Casino Siteleri Canlı Casino Siteleri 2023 Listesi En İyi ve Güvenilir Casino Siteleri Canlı Casino Siteleri 2023 Listesi Le meilleur casino en ligne franзais Extra Casino avec le dйpфt minimal le in addition bas Yeni Casino Siteleri ᐈ Çevrimiçi Kumarhaneler Mart 2024 Les gambling establishments en ligne proposent une grande variйtй de jeux de internet casino gratuits. Türkiye’deki Resmi Web Sitesi Google Play, Türkiye’de kumar oyunlarına izin verecek Her Gün Tatil Olsa ORDU’DA PAZARTESİ GÜNÜ FINDIK FİYATI NASIL? كازينو اون لاين الكازينوهات الممتازة على الإنترنت ألعاب الكازينو المباشرة مينا كازينو العر Google Play, Türkiye’de kumar oyunlarına izin verecek Domain Sorgulama & Domain Fýrsatlarý Canlı Casino Siteleri: 2024 Güvenilir Siteler Seçilmiştir Golden Easter Slot İncelemesi 2024, Demoyu Ücretsiz Oynayın Golden Easter Slot İncelemesi 2024, Demoyu Ücretsiz Oynayın 1xbet Türkiye Giriş Empieza Kayıt 202 Kumar Ve Kumarhaneler Hakkında Pek İlginç 21 Bilgi Kumarhane Doğru Yazımı Nedir? Tdk Ile Kumarhane Kelimesinin Doğru Yazılışı! Mobilbahiste En İyi Kumar Bonusları Ve Kazançlar Mobilbahis Giriş Sayfası On Line Casino Siteleri En Iyi Casino Siteleri 2024 Mostbet: Türkiye’de Internet Casino Mostbet Online Slotlar Ve Canlı-casin Pin Up Casino Oyna Türkiye, Pinup’un Sah Web Sites Ifade Haberleri Son Dakika Ifade Hakkında Güncel Haber Ve Bilgiler “önceliğimiz Transferin Önünü Açmak, Görüştüğümüz Yerler Var” On Line Casino Nuh’un Gemisi Deluxe Resort & Spa, Kıbrıs The Benefits of Document Management Bonus Veren Siteler 3 000 Den Fazla Online Oyunu Ücretsiz Oyna En Tehlikeli Kumar Oyunu Ekşi Sözlük Deneme Bonusu Veren Siteler Deneme Bonusu 2024 Explore the Magic of WildCardCity Güvenilir Bahis Siteleri En İyi Kumar Siteleri Balıkesir Triatlonuna Avrupadan Ödül Tricks of the Aviator gambling establishment game by Spribe Çevrim Içi Kumar Siteleri “bonus” Yalanıyla Kandırıyor En Güvenilir Canlı On Line Casino Siteleri Xbetting-tips Com Uncovering the Abundant Tapestry of Ozwin Gambling establishment Evaluating Board Portal Providers Uncovering the Wealthy Tapestry of Ozwin On line casino Electronic Data Area Providers Evaluation Cobra Internet casino: Raising the Australian On the internet Video gaming Practical experience 4 Things to Search for in Safeguarded Cloud Safe-keeping Fastpay On line casino Australia – Simple and No-Taxation Wagering Web page officielle franзaise de Joka Gambling establishment The Software Development Universe Game Woo Internet casino – Enjoy Slot machine games around australia Ostdeutsche Biersorten What Are Virtual Data Rooms? Vitamin D Receptor Polymorphisms Revue du Casino BlackLabel Faktory, kterй ovlivnujн hodnocenн ceskэch online kasin How to Make the Most of Your Web Development Organization and Advertising Efforts L’essor des casinos en ligne en France Boost Meeting Efficiency With Boardroom Technology Developments WildJoker Casino WildCardCity On line casino – Guaranteed Australian Gambling Portal WildCardCity Casino – The Ideal On the internet Gambling establishment within australia Modern Technologies Produce Sharing Documents Online Faster and More Protect Free Virtual Info Room pertaining to Speedy Due Diligence A Review of Data Area Software For people who do buiness Five Board Bedroom Features Which will help You Acquire a More Productive Boardroom Electronic Systems To your Business Understanding Legal Terms and Laws in Today’s World The Laws and Contracts of Hollywood: A Sunset Blvd. Tale Legal Discussion Between Johnny Cash and Antonin Scalia Legal Insights: What Teens Should Know Legal Issues and Exceptions: What You Need to Know Legal Insights and Expert Analysis Celebrity Dialogue: Legal Matters in the 21st Century Famous Personalities Discuss Legal Issues The Boys in the Boat: Legal Advisors and The Quest for Legal Knowledge Understanding Legal Matters: Q&A on Criminal Law, Joint Ventures, and More Enticing Title The Departed: Understanding Basic Work Requirements and Legal Rights Youth Slang Blog Article Legal Insights: A Journey into the World of Law The Ins and Outs of Legal Matters: Everything You Need to Know Legal Insights and Trends: A Rap Guide Mysterious Legal Matters Unveiled

Technology

Just say no to LinkedIn requests from strangers; some may be phishing scams

Written by finanster
on October 6, 2017
Leave a comment

Most of us have done it: eager to build professional leads that might open a door to the next job or sales deal, we’ve accept that LinkedIn request from an unknown contact.

Wrong move.

A go-to staple for professionals, LinkedIn can pose dangers to unsuspecting users because people have come to have confidence in it and by extension, implicit faith that all accounts on the platform are legitimate.

Enter the hackers. Cybersecurity firms say criminals have figured out how to subvert the network by posing as authentic, boring, cubicle-office dwellers.

“It’s got trust built into it, and hackers leverage that trust to their own nefarious purposes,” said Allison Wikoff, a senior researcher with the counter threat unit at SecureWorks, an Atlanta-based security company.

Last month hackers stole and posted over three terabytes of files from the music video site Vevo — a breach that began with a single phishing attack through LinkedIn. A group called OurMine claimed responsibility.

Once part of a user’s network, a LinkedIn contact can see another’s email address (if the user has made that available). He or she has also established a personal connection that makes it more likely the target will open an email that contains malware.

“They can really tailor the phishing email to the person’s profile, based on what they do for a living, what type of job they have, all of which makes it so much easier to trick them into clicking a link,” Wikoff said.

The social network, wary of losing its credibility, has tried to stamp out these hoax users and warn its 500 million users to do the same.

“The most important thing LinkedIn members can do to protect themselves is to only accept requests from people they know or recommended contacts from a trusted connection,” said Paul Rockwell, head of LinkedIn’s trust and safety unit.

The company also has an entire team dedicated to finding and rooting out fake accounts, which it says comprise a tiny portion of its users, and offers a website to report fake or co-opted accounts.

Acquired by Microsoft in 2016, LinkedIn has become the de facto repository of most people’s occupational lives, a place where their resume lives and where the world — and potential employers — can find out about their professional abilities.

That’s why you should investigate before you click “Accept,” said J.D. Gershbein, CEO of Owlish Communications, a Chicago-based company that helps professionals hone their LinkedIn profiles.

He himself only accepts about one out of every five invitations that come his way.

Be especially careful of profiles that seem thin on facts or too good to be true. If you find one with no head shot or a person with fashion-model looks and a short or nonexistent work history, be cautious. Gershbein say’s he’s seen those sorts of invitations far too many times.

Sometimes attackers are simply trying to harvest email addresses to send spam to. But as in the Vevo case, LinkedIn can also be used as a way to lure the unwary into clicking on phishing emails.

Once the recipient clicks on a link or opens a document that contains malware, the malicious software infiltrates their computer, compromising everything on it and possibly any networks it connects to.

More from USA Today:

5 things you can do to stay safe on LinkedIn
5 scams that are fooling even the smartest victims
Your social security number is precious — and not everyone who asks needs it

Sometimes these are tied to industrial espionage or even state-sponsored attacks.

Wikoff’s team at SecureWorks spent a year tracking a group it dubbed Cobalt Gypsy, which had created a fake LinkedIn profile for a nonexistent London-based photographer named “Mia Ash.” The group targeted telecommunications, government, defense, oil, and financial services organizations with links to the Middle East, SecureWorks says. It believes the group was associated with Iranian government-directed cyber operations.

The Mia Ash persona used a photo of an attractive young woman, an actual photographer in Romania with a different name, and the mainly male victims it targeted all too often agreed to connect with her. Once they did, “she” talked them into chatting on Facebook and other venues, ending in a request to fill out an online survey about travel that she sent them.

Some users wonder why it would be worth anyone’s time to target them. But the stakes are low for attackers, say experts.

“It’s not like robbing a bank, where you go to jail. The majority of them may fail but it doesn’t cost much. If they run 100 attempts and only two work, it’s a great success rate,” said Joseph Steinberg, with SecureMySocial, a firm that works with companies on problems associated with employees use of social media.

Real fake people

Another tactic frequently used by scammers is creating a LinkedIn account for someone who doesn’t have one, or a copy-cat account if they do, which they then use to try to lure in people.

“This really does freak people out, finding themselves on a social media network and it’s not them,” said Zack Allen, threat operations manager for ZeroFOX, a Baltimore-based company that works with companies on social media risks.

The danger is not so much to the person whose account it purports to be, but to the victims it is aimed at. For example, attackers might find someone high up at Chevron who doesn’t have a LinkedIn account, create one in their name and then use it to target people in the oil and gas industry whose networks they want to infiltrate.

“It’s very easy to think, ‘Chevron’s talking to me, I’m must be really smart, this is great!’ And that’s when the attack kicks off,” said Allen.

Someone attempted this with computer security expert Bruce Schneier this summer when he discovered a LinkedIn account had been created in his name. LinkedIn was quick to help him shut it down and he then created his own account in self defense. This one, however, has no entries beyond telling visitors, “I don’t log in, I never post anything, and I won’t read any notes or comments you leave on this site.”

That’s why experts urge even people who don’t want LinkedIn accounts to check periodically to make sure none have been created using their name. It’s also helpful to check nicknames and diminutives, just in case someone’s trying for Chuck Taylor when you go by Charles.

LinkedIn has become a must have, and a must protect, said Gershbein.

“LinkedIn is where you go to find a job but it’s also a place where executives can brand, where sellers can find prospect, where HR people recruit talent and where companies showcase their culture. It’s important,” he said.

Source: Tech CNBC
Just say no to LinkedIn requests from strangers; some may be phishing scams

Comments are closed.