LinkedIn, for some a torture, for others an important tool for networking and exchanging information. Ask any online marketing specialist and they’ll probably say things like “LinkedIn is the most underrated, fastest growing network, just post some ads”. In the information age, data is gold and attackers find it particularly valuable. For example, for the preparation of targeted phishing campaigns.
Information of value to an attacker at LinkedIn
LinkedIn is a very good source of information for attackers, regardless of whether they want to find out as much as possible about companies or private individuals. Due to the growing number of users, the network becomes more and more interesting for users, companies, advertisers and attackers. As attackers we get different information about our potential victim. This includes, for example, the history of employment, educational pathways, approximate whereabouts, user names or the personal website.
To see this we have to visit the profile. If the potential victim should not be alerted by our visit, we create a sockpuppet. An account that is filled with information invented by the attacker, i.e. a fake account. This is of course against the terms of use of LinkedIn, but it allows an attacker to obfuscate his true identity.
What does an attacker do that for?
An essential part in the course of an attack is the so-called “Reconaissance phase”. No matter if it is a phishing attack, a targeted ransomware infection, e.g. emotet (Reconaissance was here searching the contact book) or a social engineering attack. In this phase, an attacker tries to get as much information as possible about his potential victim – that could be a company or a private person. Linkedin is very well suited for the preparation of attacks on companies, as private individuals are registered there with a private e-mail address, but often pursue professional interests. This blurs the line between professional and private and the user loses the overview.
If you want to protect yourself and your employees, perhaps a live hacking is just right for you. There we treat exactly these topics. Also with a penetration test we focus this topic extremely. For example, if a user gives LinkedIn his own “user name” and uses it on other platforms, an attacker could find these profiles with ContactOut, a simple Google Hack , namechk or RocketReach . On the platform itself so-called search operators can be useful. Similar to Google Hacking, LinkedIn also offers more targeted search options. This Cheatsheet lists some of these special operators.
How to protect my LinkedIn account
Adjust the privacy and security settings to suit your needs. These are quite lax in the basic configuration of LinkedIn and make it easy for an information collector. To do this, click on your profile picture in the upper right corner and then on “Settings and Privacy”. One of the most important settings is that “second degree contacts” cannot be found by mail address.
If an attacker has your mail address, he can use this tool to check whether you have a LinkedIn profile and are already collecting initial information. Test@test.de will of course be replaced by the actual e-mail address. This will also not be displayed as a visit on your profile, so you will not be notified if you are currently being scouted.
Someone wants to add me as a contact on LinkedIn
We all know it. After an event we suddenly get contact requests at LinkedIn and we’re not sure who that is anymore. If your profile is set to “private”, it could be that an attacker tries to get your information with a sockpuppet. How can you make a first step to check if it is a real or a fake account?
Very simple: Download the profile photo and do a reverse Google Image, Yandex or TinEye search. If the image appears frequently now, it is probably a stock photo, which was simply used to create the fake account. A challenge for this form of recognition will surely increase with the further development of AI.
