You get an email with the subject line “request to connect via LinkedIn”. Apparently a J.H. Christ wants to connect with you. You click view profile and lo! J. H. Christ has a pithy profile complete with a picture sporting blonde hair and blue eyes. But is it a devilish hacker in disguise?
I’ve been sorting through all the top security predictions for 2014 from Symantec, Websense and other security vendors. Most predict Java will continue to be exploited, cloud data will be increasingly targeted (as long as the US government lets the NSA run amok that’s guaranteed), mobile phones will be under attack. In short the usual suspects that get trotted out almost every year.
But one prediction from Websense caught my attention. Number 6 on their list is Luring Executives via professional social networks like LinkedIn. Not long after Websense published their predictions, LinkedIn launched a lawsuit against hackers who used Amazon cloud services to “scrape” their web site. Since May 2013, hackers exploited the LinkedIn web site to gather profile information and pictures probably to create false profiles as is already happening on Facebook and Twitter.
And in a recent study of the five most dangerous email subjects, at the top of the list is Invitation to connect on LinkedIn. (The complete list is here). The “phishing” email contains links that look like they’re going to LinkedIn to view a profile or accept the connection but actually take you to another web site that either grabs your LinkedIn login details and/or runs a malicious script on your computer.
So how do you protect yourself as a business professional?
First, if you get one of those fake LinkedIn emails and click on one of the links, change your LinkedIn password immediately via the real LinkedIn web site and run a virus scan. If you think the connection request email is “phishy”, log in to LinkedIn from your browser and check your messages. If it is legitimate, there will be a request in your messages.
Second, don’t just connect blindly with everyone who requests it even if your colleagues have accepted the request. Do a little research. Check the profiles of connection requests carefully. Do they have a picture? Do their contact details match their company website? Is their profile complete? Search under their name in LinkedIn and see if another similar profile pops up.
Be prepared to see more hacker activity on business social networks this year.