Is LinkedIn a safe place to do business?

LinkedIn has over 950 million members across 200 countries, and over 60 million companies are listed. It’s undisputedly a valuable business tool. The question is whether LinkedIn is a safe place to do business.

We recently discovered that cybercriminals have been deploying fake LinkedIn posts, along with direct messages to users, supposedly relating to a job vacancy. Such career-building opportunities are, along with business networking, the whole point of LinkedIn.

The whole point of this fraudulent campaign, however, was to lure unsuspecting users into downloading job descriptions and salary document files that dropped information-stealing malware. Aimed primarily at UK, US and Indian users, the DarkGate and RedLine malware-dropping campaign is linked to a group in Vietnam previously known to have targeted business accounts on Facebook.

LinkedIn attacks

This news comes hot on the heels of Ken McCallum, the head of MI5, warning that Chinese state-sponsored threat actors had targeted thousands of UK citizens in an attempt to garner intellectual property. Once again, these threats were initiated through fake recruitment opportunity postings.

McCallum told The Guardian newspaper that these attacks were “not aimed just at government or military secrets”. Instead, they have been increasingly targeting “promising startups, innovative companies spun out of our universities”.

Finally, in this trifecta of security threats, there have been recent reports that LinkedIn Smart Links, part of the Sales Navigator marketing service, are being used in phishing attacks.

Thanks to the structure of these links, they appear trustworthy to many email security protections. Of course, they are far from it in these cases and actually attempt to steal Microsoft credentials.

So, does this mean that LinkedIn isn’t a safe place to do business?

Is LinkedIn safe?

Ian Thornton-Trump, CISO for threat intelligence platform Cyjax, warns that LinkedIn may not be as safe as you think. “The more you interact on social media, the more at risk you put yourself, and LinkedIn’s interaction numbers are huge.”

Indeed, Cyjax’s PR agency believes that LinkedIn is the only platform that matters from a business perspective these days.

“From the threat intel perspective, LinkedIn has always been a great platform to use for targeting social engineering attacks like phishing and other fraudulent criminal scams,” said Thornton-Trump.

What he finds most interesting, however, is the bias in much mainstream media coverage of these threats. “For every Chinese, Russian, Iranian, or North Korean operative that’s revealed to be using the platform, I think it’s fair to say the Five Eyes and nearly every other intelligence agency is also probably using the platform.”

Roger Grimes, data-driven defense evangelist at KnowBe4, agrees that LinkedIn poses a threat. “Users see most direct messaging contacts as opportunities to connect and do potential business,” he said. “This positioning and inherent trust makes LinkedIn users a bit more susceptible to social engineering and cons.”

He added: “The scammers, in particular, know how to create business-like profiles, often stealing images, profile text and resumés from legitimate business users.”

How LinkedIn is responding to threats

The truth of the matter is that being a business-oriented network, LinkedIn promises a treasure trove of valuable information for the cybercriminal, fraudster, and, yes, even state-sponsored threat actors.

Targeted phishing attacks are made possible because the very nature of the network means that people share their current roles along with contact information.

LinkedIn has reacted by strengthening its security measures, including by way of identity and role verification. When we asked LinkedIn for a response, it replied:

“Scams or fraudulent activity are a clear violation of our policies. We use technology including artificial intelligence paired with teams of experts to keep our community safe, trusted and professional — with 99.6% of detected spam and scams being removed by our automated defences, and 99.7% of detected fake accounts blocked before members reported them.

“We’ve launched a series of free verification features, and an optional advanced safety feature that, when enabled, displays a warning on LinkedIn messages with high-risk content, such as a request to move the conversation away from LinkedIn — as this could be a sign of a scam. We also encourage our members to report anything suspicious or that might violate our Professional Community Policies so we can investigate. ”

UPDATE: This article was updated at 3.40pm on Tuesday 24 October with a response from LinkedIn.