In recent weeks, a wave of cyber attacks has targeted LinkedIn users. Perpetuated on a global scale, this unsettling surge in targeted attacks has led to calls for heightened security measures to safeguard accounts.
Users have fallen victim to account takeovers, with hackers gaining control by changing passwords and manipulating account settings. Some users have even been coerced into paying ransoms under the threat of having their accounts permanently wiped. Hackers may also be exploiting data for blackmail purposes or spreading malicious content.
As the threat continues to escalate, users are advised to exercise caution and to proactively implement strategies and measures to protect their online presence.
In this series of expert comments, cybersecurity experts from SecureTeam provide practical tips to fortify your LinkedIn account against potential breaches and minimise the risks associated with potential cyber threats.
Strong passwords and two-factor authentication are key
“Make sure to create a complex password, preferably using a password generator such as LastPass. Use a combination of upper and lower-case letters, numbers, and special characters. Don’t use predictable information such as birthdays, other significant dates or names.
We recommend using three random words when creating passwords, as these are strong enough to protect against brute-force attacks. Frequently update your password to minimize the risk of unauthorized access.
“Two-factor authentication can also be used for added security. We recommend using an email for this, rather than a phone number.”
Monitor account activity
“Frequently review your account for any unusual or suspicious activity. In recent attacks, hackers changed associated email addresses to an address from the rambler.ru mail system. This then allowed them to perform other account changes without victims being notified. Your LinkedIn account should be associated with an email address actively used by you. Make sure to set up alerts to notify you of any changes made to your account settings or email address.”
Be wary of phishing attempts
“Be wary of unexpected emails claiming to be sent by LinkedIn, particularly those requesting sensitive information. This often indicates a phishing attempt. Make sure to verify the legitimacy of emails by checking the sender’s address and confirming this with official communication channels.”
Seek out information
“Make a proactive effort to follow the news, and stay informed about the latest cybersecurity threats and best practices. Understand the tactics cybercriminals may use to target social media accounts, and how to protect yourself from them.”
Frequently update security software
“Keep your operating system, web browser, and security software up to date. Regular updates patch vulnerabilities that hackers could exploit.”
Backup your account
“Hackers may threaten to permanently delete your account. To combat this, regularly export your LinkedIn data to have a backup in case your account is compromised.”
Be wary of posting personal information on LinkedIn or other social accounts
“Limit the quantity of personal information both publicly and privately visible on your LinkedIn profile. Be wary about sharing sensitive details as these may be used against you in social engineering attacks.”
How should I respond if I receive a ransom message?
- Stay calm, and do not engage
“Cybercriminals frequently use intimidation tactics to pressure victims into taking immediate action. Try to maintain composure. Avoiding acting out of fear or panic is crucial in this situation. Don’t engage with the hacker or attempt to negotiate, as this may escalate the situation. Payment does not guarantee a resolution and supports criminal activity.”
- Take a screenshot of the message
“Document any messages received by hackers, including the sender’s information, message text and associated details.”
- Report the incident to LinkedIn and law enforcement
“Report the incident to LinkedIn, and to law enforcement if you feel unsafe or believe the threat to be serious. They can provide guidance and investigate further”
- Change your password, and review your account settings
“Change your password. If you have used the same password elsewhere, change the password for these accounts too, as they may also be compromised. Review your LinkedIn account settings for unauthorized changes.”
- Enable two-factor authentication
“If you have not already done so, enable two-factor authentication for your LinkedIn account. This provides an extra layer of security even if your password has been compromised.”