LinkedIn, the largest business and employment-focused social media platform, has become a prime target for scammers and impersonators. With an estimated 875 million members, both organizations and individual users are at risk of falling victim to phishing attacks on the platform. These attacks can occur through LinkedIn itself or via email, with threat actors posing as the social media provider.

One common tactic employed by cybercriminals is to establish a connection with one person and then use that connection to gain access to the rest of the user’s network. By building trust among the contacts, the threat actors can deceive individuals into revealing sensitive information or sharing access to their connections. This can lead to serious consequences, including financial loss and reputation damage.

To protect themselves from falling for LinkedIn phishing scams, users can follow a few important steps. First and foremost, it is essential to stay vigilant and conduct some research before accepting new connection requests. LinkedIn advises users to look for red flags such as empty profiles, profanity, fake names, or profiles impersonating public figures. Even if a profile appears legitimate at first glance, it is crucial to remain alert for any small inconsistencies and exercise caution when accepting requests from strangers.

One useful tactic is to perform a reverse image search on a profile picture. Cybercriminals often steal others’ photos to use in LinkedIn phishing scams, so checking if the same image appears elsewhere under a different name can help uncover fraudulent accounts. Tools like Google’s reverse image search feature or image search engines like TinEye can be handy in this regard. However, it is important to note that unique, AI-generated images may not show up in a reverse image search. LinkedIn has implemented a deep learning-based model to detect such pictures and block associated accounts as part of its automated anti-abuse defenses.

In late 2022, LinkedIn introduced new features to combat fake profiles and phishing activity on the platform. The “About this profile” feature provides users with crucial information like the date of profile creation, last update, and whether the user has verified their work email, government-issued ID, or workplace. Profiles that have been recently created without any verification steps may raise suspicion, especially when combined with other suspicious behavior. Additionally, LinkedIn has started adding warnings to some in-platform messages containing “high-risk content.” For instance, if a contact suggests connecting on another platform like email or WhatsApp, it may indicate phishing activity. Users can report these suspicious messages without alerting the senders if they choose to do so.

Users should also exercise caution when receiving emails that appear to be from LinkedIn. It is essential to check the sender’s domain, which should be either “@linkedin.com,” “@e.linkedin.com,” or “@el.linkedin.com” to confirm the email’s legitimacy. Any other domain indicates a phishing attempt, and the email should be deleted immediately. Users can also consider reporting such emails to LinkedIn to help combat phishing activity.

LinkedIn warns users about common fake phishing emails with subject lines like “Account suspended,” “LinkedIn closing & termination of your account,” “LinkedIn profile security alert,” and “Your account will be terminated.” These emails are designed to deceive users into taking action that compromises their security. It is crucial to remain aware of such tactics and be cautious when interacting with emails claiming to be from LinkedIn.

Looking ahead, attackers may increasingly turn to generative AI and deepfake AI technologies to create highly convincing text, audio, and video for LinkedIn phishing campaigns. This poses a significant challenge for end users and businesses, who must continue to exercise caution and employ trust-but-verify principles when interacting on LinkedIn and other social media platforms. As attack methods evolve, it is crucial to stay informed and take preventive measures to protect oneself and the wider LinkedIn community from phishing scams.

Source link