It is well known that hackers and fraudsters surf Facebook to find individuals who have not protected their information through Facebook’s privacy settings. People put a lot of information on Facebook that is very personal and can give criminals detailed leads on how to launch successful campaigns against unsuspecting victims.
Less publicized is the fact that these same criminal surfers are also looking at individuals’ LinkedIn profiles to gain information about the individual and its employer to launch successful phishing campaigns.
Through LinkedIn, cybercriminals easily find out who individuals are employed by, and then use the “see all employee” feature to identify coworkers. This provides the hackers with a list to start sending targeted phishing emails.
They can assemble all of the information from the company’s LinkedIn connections, and figure out the company’s suppliers, technology vendors and third party service providers, such as payroll, HR and benefits providers and customer relations management platform. This provides them with trusted sources to use for phishing campaigns.
According to the German Ministry of Interior, social media sites such as LinkedIn have been used by Chinese intelligence personnel for espionage. It found that these intelligence personnel created fake profiles of HR specialists, head hunters, recruiting specialists, and project leads to reach out to potential targets to compromise individuals and companies.
The study in Germany reminds us to review and set LinkedIn privacy settings. To start, go to your LinkedIn account, click on your picture and click on Privacy and Settings in the drop down menu and go through each section to make sure it is set in the manner you wish.
For step-by-step instructions, CyberScout has published an easy to follow guide, which can be accessed here.