Attention: Schemers Use the Accounts of Your LinkedIn Contacts to Send You Phishing Messages

You probably already know that you should never interact with messages that come from unknown senders, but what do you do when someone from your contacts sends you a link or a file and asks to view it? If you want to be safe, it is best to take a moment to consider whether you were expecting to receive such content and if it is normal for the sender to send it. Otherwise, you may end up opening malicious files or visiting phishing websites. While none of your contacts might want to put you in such a situation, on purpose, cybercriminals who might hack your friends’ or colleagues’ accounts most certainly would want that. As you see, cybersecurity specialists were notified about a phishing message on LinkedIn that was sent from a hacked account of a user who was close to the targeted victim. If you have not heard about such messages yet, we invite you to read our full blog post and learn more about this LinkedIn scam.

How does this LinkedIn scam work?

The first ones to examine one of the LinkedIn scam’s messages were Naked Security researchers who were notified about it by their colleague. After having a look at it, specialists confirmed that the message was sent by a cybercriminal who was impersonating the hacked account’s owner. The text was friendly but short as the sender simply explained that he was sending a document shared via OneDrive.

The attached link’s URL address started with www.businessinsight, which might make it look like the link ought to lead to a legitimate website. Thus, if a user, who receives such a phishing message on LinkedIn, does not inspect it further, he might not see anything suspicious about it. After all, such messages appear to be coming from friends, colleagues, or other people that the targeted user might be in contact with often enough to make the phishing message on LinkedIn seem normal.

However, further inspection of the link revealed that it leads not into business-insight.net, but a phishing website. Since the last part of the sent link’s URL address was /office365, specialists suspect that the hackers’ site may have loaded a copy of the Microsoft Office365 login page. Researchers cannot be one hundred percent sure about it because the link was blocked during tests, and all they saw was the page not found error. Nonetheless, we doubt that this was the last cybercriminals' attempt to scam LinkedIn users, which is why we recommend being extra careful if you have an account on this platform.

How to protect yourself from LinkedIn scams and attacks alike?

The reason why the person who reported the LinkedIn scam did not interact with the received phishing message on LinkedIn is that he noticed something unusual. There were no grammar mistakes or any other usual signs that could indicate the message comes from scammers. Nevertheless, unlike the person the hacker was impersonating, he used the person’s full name when signing the text. Such a formal way of signing a message raised suspicion, and the targeted victim decided to have it examined.

If you do not want to be tricked into opening malicious links or files received via LinkedIn or any other platform, you should always pay attention to even the smallest details. If you received a file or a link that you were expecting to get from one of your contacts, you should be safe. However, if you receive a message with such content out of nowhere, you may want to contact the sender via phone or some other messaging system and ask whether he did write the suspicious message.

Moreover, there are more precautions you can and should take if you receive questionable files or links. In case it is a file, we highly recommend scanning it with a legitimate antimalware tool before opening it. If your suspicions are confirmed, the chosen antimalware tool should help you get rid of potentially dangerous data. As for attached links, you should always have a closer look at their URL address. Phishing websites often contain parts of legitimate web pages’ URL addresses to make them look harmless.

Still, instead of assuming the site is reliable, you should inspect the entire link and look for random parts that might make no sense. Particular attention should go to the link’s last part as it shows where you will be redirected to. To be more precise, a phishing link might contain a reputable company’s name at the start, but the last part of its URL address may reveal that it leads to a web page that has nothing to do with the mentioned company’s name.

How can cybercriminals hack LinkedIn accounts?

Same as any other account, your LinkedIn profile could be hacked if you are using a weak or a compromised password. Currently, a strong passcode is a combination of at least 10-12 characters that include both upper-case and lower-case letters, numbers, and symbols. Also, a secure password has to be unique. It means that the same combination cannot be used for multiple accounts. If your account’s password does not correspond to these requirements, it might be weak.

What about compromised passwords? Typically, this title is given to passcodes that might have been exposed, for example, during a data breach. It does not matter if a password got exposed only on one platform or a website. Any other account that uses the same password is at risk. Thus, once a password gets breached, it becomes compromised. Cybercriminals in possession of breached credentials could search for accounts that use the same login names and passcodes across multiple websites and platforms. Breached passwords are often sold on the dark web too, so your compromised credentials could be put to use faster than you think.

How to secure your LinkedIn account?

Users who do not want their accounts to be misused for the LinkedIn scam or similar attacks should firstly make sure that they are using a complex password that has not been compromised. In other words, you should set up a unique passcode that you have not used ever before. If you fear you might forget a complex password and do not want to go through the password recovery process, we recommend employing a dedicated password manager.

For example, Cyclonis Password Manager can generate unique passcodes from up to 32 characters and remember all of them for you. If you choose, our application can even log you into your accounts automatically to make it easier to access them. You do not have to worry about your login credentials’ safety either as the tool stores them in an encrypted vault. Plus, it offers extra safety precautions like Two-Factor Authentication and automatic logout. Have we mentioned yet that it is free and works on Windows, Mac, Android, and iOS? You can learn more about the features it offers here.

Besides creating a strong passcode for your LinkedIn account, we also advise turning on Two-Factor Authentication. This way, knowing your login credentials will no longer be enough to hack your account as the extra security layer will protect it. LinkedIn has a couple of authentication options to choose from, and if you need any help while activating this feature, you should follow the instructions provided here.

Attacks like the LinkedIn scam remind us how careful we have to be with content that may look harmless at a glance. Also, cases such as this prove that hackers do not necessarily need to be interested in your personal information. The ones behind this LinkedIn scam employed hacked accounts to approach their victims in a way that would not raise suspicion. What we mean to say is that there is no good excuse for lazy password habits, and if you want to be safe online, you should take password security seriously.

December 6, 2019

Leave a Reply