Nowadays, practically everyone has a profile on LinkedIn. This is a useful tool for letting companies know who you are, your work experience, your present position and the best way to contact you. Along with other personal details, it is common to include an email address.
Yet despite these benefits, the platform also has its drawbacks, at least when it comes to security. The tool is not only useful for human resources managers, but also for spammers and cyber-criminals on the lookout for email addresses to which to send fraudulent messages.
More often than not, the real target of these attacks is not the owner of the email account, but the company where they work, and its data. For a cyber-criminal, this social network is like an address book containing the company email addresses of thousands of users, who use these addresses instead of their personal ones for any professional business.
Once they have found several accounts with the same company name, they make a note of the address structure (usually firstname.lastname@example.org). Then, with a slightly more refined search, they can get a list of all employees’ email addresses.
If the hacker knows the structure of the network that the company uses, they can access the system by sending an email to the employees in their address book. This mail might include, say, a link to a page where the recipients are asked to enter the username and password to access the organization’s platform. Once they have them, they have free reign to spy on internal information.
Those often excluded from the attack are the IT department, as they might rumble what’s going on. However, customer services, marketing, accounts, and human resources are much more attractive targets for hackers.
If the criminals manage to enter the systems, this is just the first step to getting other type of information: personal details, account numbers, passwords and databases can all be compromised.
Companies often encourage employees to have a presence on Linkedin. Yet saying where they work, looking for new customers and employees and increasing brand visibility on the Internet has its risks.
How to keep unwanted messages out of your professional inbox
- Stay up-to-speed on IT security. It’s a good idea to go on courses or for companies to organize workshops. If employees can recognize scams it can help prevent them from falling into the traps set by criminals.
- Employees should be clear about what kind of data they will be asked for on the company’s ICT platforms so as not to enter personal information on external websites. Recognizing the email account used for internal memos is also a useful aid for distinguishing suspicious messages.
- Another thing you should consider when protecting your company (and also yourself) is to understand the mechanisms that are available to alert technicians to any strange items. IT managers can also play their part, warning about the importance of these actions. A timely warning can prevent someone from clicking a fraudulent link or revealing personal data.
- Use a personal email account in LinkedIn. This makes it more difficult to identify, although the same advice still applies: don’t open emails from unknown senders, don’t click on the links to unknown content and be careful where you enter your data.