As cybersecurity risks continue to proliferate, experts point to popular social media applications as common threat vectors. Last week, new research from NordLayer highlighted the danger of LinkedIn.
More than half (52%) of all businesses surveyed for the report experienced at least one LinkedIn scam, with attacks against larger organizations more common. Nearly one-third (31%) of small businesses, however, had been targeted — and two-thirds (67%) reported a monetary loss associated with the attack. Overall, 58% of businesses said LinkedIn scams had caused disruptions in day-to-day operations.
These scams typically take the form of fake job postings that users are urged to share with their network, requests to connect from professional recruiters who turn out to be spammers, and cryptocurrency investment opportunities that are expressly intended to pilfer bank accounts. Savvy hackers often duplicate profiles of legitimate people whose titles match their actual positions at real companies.
NordLayer’s research points out that LinkedIn has become the preferred app for scammers because of the sheer size of its user base and daily activity. More than 100 job applications are submitted every second on the platform by roughly 800 million users working at nearly 60 million registered companies. Many users are inherently more trustful of connections made on the business platform than, say, Facebook or Twitter.
As scammers get more sophisticated at leveraging LinkedIn, security experts urge users to exercise caution. “Employees are considered to be the weakest link in the cybersecurity chain, and LinkedIn has millions of professional accounts, making it an even more appealing target for scammers,” said Carlos Calas, a cybersecurity expert at NordLayer. “So no one should let their guard down, no matter how professional a message might look.”
LinkedIn’s internal security team points out that it deactivates millions of fake accounts each year. The social network also urged users to recognize the difference between “connecting” with a known colleague and “following” a public figure, encouraging users to “only connect with people you know and trust” and only follow someone who “you don’t know [but] that publishes content that is relevant to you.”
What else can your business do to avoid linkedIn scams?
• Protect your identity. The first step to combat cybercrime is to enable multi-factor authentication, which requires users to log into their LinkedIn account using a password and a unique code delivered via text, email, or a biometric credential like a thumbprint. This prevents scammers from hacking into someone’s account and using it to spread illicit information.
• Follow up outside of LinkedIn. Anytime a user receives a request for sensitive information, financial details, donations, or prizes via a LinkedIn message or request, they should try to verify that request through a different channel. Send an email or instant message to the colleague or connection in question — or, even better, connect with them via phone or video call to ask whether the request was real.
• Monitor business activity. Although it requires extra effort and resources, security experts urge businesses to regularly track activity on their social media platforms. For small to medium-sized businesses embedded in their communities, direct messages often pile up. If they’re not reviewed and acted upon promptly, overstretched employees responsible for social media can often rush through responses and miss easy-to-spot scams. Periodically review account details and profile information, too, to look for unauthorized logins or suspicious changes.
• Learn the basics. The next step, security experts say, is employee education. Workplace research shows that threat simulations can make a big difference — knowing what common scams look like can empower users to spot them “in the wild” and report them to a trusted IT provider or to LinkedIn itself. Training is not just a one-and-done proposition, either. Providing regular cybersecurity training can pay off for your business as social engineering scams evolve, email and social media protocols change, and new threats emerge.
• Partner with a trusted IT provider. Threat response is the most important part of cybersecurity protection. A good managed services provider should have extensive experience protecting clients from scams of all types: phishing, ransomware, malware, business email compromise, password theft, and illicit social media activity like the kind detailed above. Relying on 24/7 monitoring and maintenance, comprehensive solutions should scan client systems for common risks and known vulnerabilities and block threats before they ever impact your company. And any experienced partner should understand the rapidly changing nature of today’s threat landscape, going above and beyond the call of duty to protect client data, devices, and digital identities.
That’s the kind of protection your business deserves — and the kind that CMIT Solutions provides. As cybersecurity threats to businesses increase, we work around the clock to develop new protections and formulate new strategies for IT success. Our North America-wide network of independent business owners and IT technicians can enhance cybersecurity protection for your business.
If you’re worried about the threat from LinkedIn and other social media apps, contact CMIT Solutions today.