A recent report from Check Point Research
revealed a shocking statistic - the Microsoft-owned business platform LinkedIn
is impersonated in nearly half of all phishing attacks globally.
One of the ways
scammers leverage LinkedIn to deploy their phishing attack is when they zero in
on anyone seeking a new job or career change. While e-mails like "You have 1
new invitation" or "Your profile has been viewed by 63 people" can be
authentic, it's critical to verify the e-mail address it's sent from to ensure that
it's genuinely from LinkedIn. These impersonators will send e-mails that look
identical to the real ones, with links to fake LinkedIn pages that will rip off
your information as soon as you enter it.
Another way
cybercriminals leverage LinkedIn is by creating fake profiles and messaging
people about job opportunities. Once you're on the hook, they'll either ask for
a small payment upfront to process your application (that you'll never see
again) or send you a link to a form you must fill out that's actually a
phishing link in disguise.
LinkedIn is aware of
the problem and is working on developing advanced security features to protect
its users. Here are three of the current security features it has already
deployed:
- Suspicious
Message Warnings -
LinkedIn's technology can detect messages from people who are attempting
to take you off the platform or are saying something potentially
inappropriate, and will send you a warning notification.
- Profile Verification - This
feature allows you to verify your page's authenticity. By submitting an
additional form of ID, you can get a verification badge on your profile,
so anyone who looks at it knows you are who you say you are. This is a
valuable feature since scammers are always looking for fresh targets and
have pages that get shut down quickly, so they don't often bother keeping
information up-to-date.
- Profile Information - This feature allows you to see the details of
a person's profile to help you determine whether or not to respond to a
message, accept a connection request, trust an offer, etc. Under your
profile, if you click "More" and select "About this profile" from the
drop-down menu, you'll see information like:
●
When the profile was created.
●
When the profile was last updated.
●
Whether the member has verified a phone
number.
●
Whether the member has a work e-mail
associated with their account.
- AI-Generated
Profile Picture Detection - Scammers will use AI to generate realistic
profile pictures of fake people to create fake profiles used to scam
users. Scarily, LinkedIn's research showed that users were generally
unable to visually distinguish real faces from these synthetically generated
ones. As a result, LinkedIn partnered with Academia to develop and deploy
advanced detection features that allow LinkedIn to detect AI-generated
profile pictures and shut down their profiles before they cause problems.
Do you use LinkedIn
to find jobs, employees, or clients? It's a great resource for business, but
it's important to stay secure. However, LinkedIn's features are just the first
line of defense. If someone in your organization were to fall for a scam and click
a bad link, would your internal security solutions be enough to protect your
network?
We can help you find out. We'll do a Security Risk Assessment to help you determine if your network is vulnerable to any type of attack. Contact us today to learn more!
