LinkedIn is a networking site used to connect with colleagues, employers, and other business contacts. Even though LinkedIn is designed for professionals, it is just as vulnerable as any other social media platform.
In a recent scam, cybercriminals use stolen LinkedIn accounts to message the contacts of those accounts. The message includes a link to a “LinkedInSecureMessage”—which is not a service that LinkedIn provides. The link takes you to an official-looking page that includes the LinkedIn logo and a “View Document” button. If you click the button, a phony LinkedIn login page opens. Information entered on this screen will be sent straight to the cybercriminals who will likely sell your account for use in similar social networking scams.
Don’t fall for it! Remember these tips:
Stay up-to-date on which features your accounts and platforms offer. For example, LinkedIn does not offer a file sharing feature.
Never trust a link in a message that you were not expecting. If you think the notification could be legitimate, reach out to the sender by phone to be sure.
Remember that cybercriminals use more than just emails to phish for your information. Always think before you click!
Stop, Look, and Think. Don’t be fooled.
The KnowBe4 Security Team