Uptick in Phishing Attacks on LinkedIn
Authored by Cole Lacara
What is happening?
Regular users of the professional networking and social working platform have noticed an increase of threat actors trying to steal critical personal information through phishing attacks using false LinkedIn accounts to trick unsuspecting victims to give up confidential information.
How is it happening?
Threat actors will start by creating fraudulent LinkedIn profiles and start creating vast networks with multiple other accounts to make their accounts seem more credible. At this point, they will start to target active accounts with phishing emails acting as recruiters or as individuals that want to help expand other networks. With these phishing emails, some will create false recruitment documents which have you input critical information or, will have dangerous links that will send you to a webpage and have them download harmful files with hidden payloads.
How can you mitigate the risk?
If you currently have and use an active LinkedIn account, whenever receiving emails from any other profile you personally do not know, be skeptical of anything they send you. Do not download anything sent unless you are sure it holds no negative payloads, and hover over each link provided to make sure it is taking you to a location you expect it to be.
Javier is a principal within the Cybersecurity Services Group at CLA. Prior to joining CLA, Javier spent ten years supporting the Department of Defense as well as a financial services company in the fields of insider threat, incident response, analytics, and systems engineering.
Comments are closed.