LinkedIn is a popular choice amongst professionals and one of the few social media platforms I use regularly. There are numerous legitimate reasons that people like and use LinkedIn – gaining business contacts, finding high-value articles and industry information, keeping up with acquaintances and their accomplishments, and maybe most importantly, it seems to be one of the few bastions of civility in online social discourse.
The Dark Side of the Moon
However, with the good comes the bad. According to Hootsuite, the online marketing repository of statistics and advice:
- LinkedIn has one billion users worldwide
- LinkedIn has members in 200 countries
- Most of LinkedIn traffic comes from the United States
- 67 million companies are listed on LinkedIn
- It is a very large clearinghouse for resumes and job seekers
Statista notes that 55% of LinkedIn users in the U.S. are from high-income households. Over 40% of millionaires are LinkedIn members. Out of the one billion users, only 175 million have LinkedIn Premium, which has added privacy features.
Therefore, while these statistics are not necessarily bad in and of themselves, what they do present is a huge opportunity for cybercriminals, industrial spies, and nation-state intelligence operatives to “blend in” and victimize trusting users, often over a period of weeks, if not longer. The targets frequently own businesses or manage agencies, which makes them prime targets for ransomware attacks. Often the tactic is as simple as a phishing email imitating the social media platform with catchphrases such as “You appeared in nine searches this week”, “Your profile matches six new jobs”, or “You have five connection requests pending”. At that point, in time, the usual attack methodology takes place. You are either taken to a fake login page where your credentials are stolen or malicious code is loaded into the link you clicked on, which could allow the hacker into your network.
Are your connections real?
While this does not seem unusual as a way of deceiving the victim, a new malevolent use of LinkedIn has become recently popular. Hackers will now often use fake profiles to gain the trust of legitimate users, sometimes communicating with the victim for months before sending them malicious links. They also are capable of eliciting information from the victim outright, or even trying to use the connections to boost credibility so the ultimate target may be willing to connect with the hacker.
A recent example occurred when the North Korean Advanced Persistent Threat (APT) ScarCruft created fake LinkedIn accounts posing as recruiters for cybersecurity professionals (oh the twisted irony). They used other social media accounts as well to build a relationship before hitting the victim with malicious files or links. There have been similar Linked attacks by the APTs Lazurus and Charming Kitten. These are sophisticated groups well-known in the cyber intelligence community.
Connect responsibly
LinkedIn can be a valuable tool for increasing contacts. But despite its efforts to control fake accounts, it still cannot possibly stop every fake profile or sham connection. Job searchers and recruiters are much less susceptible to fraud operating in a more closed environment, such as Clearance Jobs (shameless plug). If you do use LinkedIn, be wary of those trying to connect with you who have profiles too good to be true or those who you have no proof the person is really who they say they are. Do not take the mutual connections list as legitimacy. I have seen multiple people fall for the same account based on their common connections.