Security researcher JB Bowers (opens in new tab) has found that scammers are using LinkedIn to target users into giving up their passwords.
The scheme tries to trick unsuspecting users into opening up a "LinkedIn Private Shared Document," after which they're asked to enter their login credentials on a fake LinkedIn page.
- These are the best password managers to download
- Browse securely with the best Mac VPN
- Plus: Signal vs. Telegram: Which encrypted messaging app wins?
Suffice it to say, any users who receive an unsolicited message from an unknown contact via LinkedIn's internal messaging system should be cautious. This is especially true if users are asked to re-enter their login information.
For users who might have accidentally entered their login information, their LinkedIn contacts may begin seeing phishing messages as well. As for why criminals are targeting users on LinkedIn, it could be because frequent LinkedIn users have higher-than-average incomes and are considered higher value targets. Or it might be that because LinkedIn connects to other Microsoft services, such as Office 365, compromising a LinkedIn account could lead to more information theft.
If you, or anyone you know, is receiving phishing emails from contacts on LinkedIn, let them know immediately. Have them change their password and use this guide (opens in new tab) to report a hacked account to LinkedIn.
How to protect yourself from phishing
Phishing, as the name implies, tries to bait users into giving up sensitive information. This could be in the form of emails promising a free iPad or, as in the case above, something more procedural.
Don't assume that phishing attacks happen only on Gmail or large social media platforms. Schools and businesses are also targets of phishing attacks. Scammers are also becoming more sophisticated, and because LinkedIn tells them who you work with, they can send you a fake email that seems to come from your boss.
The best way to protect yourself from phishing is to learn how to spot it. Even if an email seems to come from someone you know, examine the message. If the email formatting or wording seems off, immediately become suspicious. If there's an attachment, scan it with one of the best antivirus programs.
Using one of the best password managers is also a good way to keep yourself secure. Try to avoid using the built-in password managers found in Chrome or Firefox, which are frequent malware targets — dedicated third-party ones tend to be more secure. And of course, never use the same password twice.