Published June 8, 2021
Are you aware of fake profiles on LinkedIn? Are you checking if someone looks genuine or not?
Because you should be.
Do you take steps to make your LinkedIn profile extra secure?
Recent events show you should!
This blog post isn’t to scare you or deter you from using LinkedIn. Far from it. If you know what to look for and take the necessary steps (see below!) you can have a safe, secure, and successful experience on the platform.
The UK’s MI5 has warned us of spies using fake LinkedIn profiles to trick users into sharing sensitive information. These malicious fake profiles, according to MI5, have approached over 10,000 UK nationals in the past 5 years!
Now, you might be thinking, ‘But what secret information do I have, Nigel?’ You might think you have no secrets to divulge, but nonetheless, you don’t want your data scraped, do you? (Think passwords, if you want a clue …)
The Centre for the Protection of National Infrastructure (CPNI) has launched the Think Before You Link campaign to warn government workers in particular of the threat.
Think Before You Link advises users to focus on the four Rs:
But how do you recognise a fake LinkedIn profile?
Here are some little signs to watch out for on their profiles:
— 🟣Jo Saunders // LinkedIn Connectfluence (@JoSaundersAU) April 27, 2021
TOP TIP: Remember that having mutual connections is NOT an indication of authenticity! Sadly, people you may know might have fallen for the fake Profile!
Whenever you receive a request to Connect, I reckon it’s worth spending a few seconds every time to check out their Profile. Keep an eye out for the signs I have listed above.
Always remember to be careful online and watch out for suspicious-looking folk. At the end of the day, cybersecurity could be the biggest threat to our businesses and to ourselves.
While we’re on the subject of security, some while ago LinkedIn had a data breach. The breach revealed over 750,000 people had:
…as their password.
Another 172,523 has, yes, you guessed it:
Perhaps these same people have ‘Barclays’ as their password for their bank account? It really wouldn’t surprise me at all.
In June 2021, the platform faced another LinkedIn data scrape. (The first being referred to was in April 2021). Included in the data scrape were the location, phone numbers, and inferred salaries of 700 million users. That’s 92% of people who use the platform.
And for approximately £3,600 the data can be yours too. Call me and I’ll do you a deal…just kidding…
The hacker under the name of Tom Liner actually told BBC News:
“It took me several months to do. It was very complex. I had to hack the API of LinkedIn. If you do too many requests for user data in one time then the system will permanently ban you.”
Often people use APIs (application programming interfaces) supplied by web services for acceptable purposes and use them to grab large quantities of data.
The grey area, 9to5Mac explains, lies in the fact the data is publicly available. People scrapping data maintain that they are only accessing data in the public domain but doing so in an efficient way. Others believe they are misusing tools not intended for the purpose. These people argue that there is more data available through APIs than is visible on websites. This makes it hard for users to know what data has been exposed.
Many security professionals feel that it isn’t a security breach if the data is available for public access. Ben Lovejoy, writing for 9to5Mac argues that if a service like LinkedIn doesn’t spot someone scraping literally hundreds of millions of records, that’s a massive security failure.
According to 9to5Mac, LinkedIn denied that Liner used its API. However, cybersecurity companies such as SIS Intelligence told the website we need more control over API use.
Make sure you have a complex password structure for all your online accounts and never repeat the same one.
Simple to suggest, but where do we start?
Saving all your passwords in a secure portal is probably the first thing. But then I hear you say this is SO inconvenient.
So here is a tip that might start you on your way that you can implement straight away.
Look around you for three items, inside or out.
I’m pretty sure you can remember those three words from here on.
Now string them together.
Change all a’s into 4’s, i’s into 1’s, e’s into 3’s. (Or something similar)
It begins to look like this:
Now here comes the clever bit.
If my password is for my HSBC account, I will insert the first two letters, H & S between the three words, like this:
And for good measure I will change the last S to $ and add a ‘!’ at the end:
Repeating the same for my Vodaphone account would look like this:
Recalling one single structure but having an infinite number of variables now provides you with a significant improvement over the name of your favourite pet and your date of birth. And 123456.
Now then, I am no security expert, so I’d welcome any contribution from anyone who can add value to this post.
Cybercrime is probably the biggest threat to our lives right now. Don’t be the low-hanging fruit that hackers love to bite on first!
For more in-depth advice on how to use LinkedIn safely, check out my LinkedIn Training Course!
On how I can help you turn your Linkedin profile into multiple opportunities in a few hours.