LinkedIn is a business networking site that attracts more and more professionals every day. But like other popular websites, it can also be the target of cyberattacks.
Main LinkedIn Privacy Concerns
LinkedIn security issues exist for all its users, however, most users are corporate users and face specific threats. These include:
Corporate espionage – LinkedIn serves as a connection tool that can be exploited by those seeking secrets for corporate espionage or to sell state secrets to foreign governments.
Fraud and phishing – There are many job-seeking individuals on LinkedIn looking for work or business connections. They can be targets for fraud and phishing using social engineering tactics.
Contact details risks – Consider how much information you put on your LinkedIn profile or your submitted resume, such as a home address, phone number, etc. These can be used for dangerous purposes by others.
Workplace risks – LinkedIn has also become an influencer platform for career-focused individuals, just like Instagram or other social networks. This can become a workplace issue if it causes gossip, workplace violence, or other such grievances.
Reputational risks – Your career reputation could suffer if you post information without doing your research due diligence. Also, if LinkedIn or your account is ever hacked or compromised, a dangerous actor could post information on your behalf that could harm your public reputation. Like other social networks, LinkedIn is not safe from hackers going after users’ information. So, if you use LinkedIn, your data is at risk of theft, especially your email address and password.
Each social media site is operated differently and faces various levels of risk from hackers and those wishing to commit crimes. LinkedIn is no different and has been the target of serious cyber attacks over the years.
For example, the 2012 LinkedIn hack was perpetrated by a group of Russian cybercriminals and lead to the theft of 6.5 million user passwords. LinkedIn users could no longer access their accounts and were required to change their passwords.
Not all major website attacks occur through hacking code vulnerabilities. Some happen through deceptive (but accepted) means to target users and businesses that use the site.
For instance, in August of 2020, the Lazarus group, a North Korean-tied advanced persistent threat (APT) group used LinkedIn job advertisements to attack F-Secure, a cryptocurrency firm for heisting bitcoins. It was specifically addressed to a system administrator via a phishing document sent to their personal LinkedIn account.
This highlights the fact that each individual LinkedIn user is recommended to be aware of phishing attempts through LinkedIn that could compromise their security and data privacy.
The following are brief recommendations for setting up LinkedIn to maximize your security and privacy.
Avoid App Syncing – Make sure to check the sync settings on your account and stop syncing if it is active. Also, if you have the option of syncing LinkedIn with any other accounts or apps that may have access to your data, choose not to.
Have Strong Passwords – Do not reuse passwords across your online accounts. Make them hard to figure out by not using birth dates or easy to guess letter/number strings. Use symbols whenever possible and make the passwords as long as possible.
Limit Your Profile Photo Viewers – You can limit who can view your profile photo on LinkedIn. This will help keep your identity more secure. Although LinkedIn claims a photo can increase your visibility to prospective employers and associates, it is up to you if you want to provide it.
Turn On Two-factor Authentication – Two-factor authentication protects your account by requiring more than a password, and it is easy to set up.
Turn Off Targeted Ads – LinkedIn makes money from ads, just as other social networks do. If you do not want to be bombarded with ads on LinkedIn or by their marketing partners, you can choose to turn them off.
Do Not “Participate In Research” – LinkedIn wants to use your data and online behavior trail to sell to advertising partners and any organization that is seeking insights on trends related to the labor market. You can choose to not be a part of this by turning off “Participate in Research”.
Install Antivirus and Antimalware Software On Your PC – This can prevent spyware and keyloggers from monitoring your activity and stealing your LinkedIn login information.
Use A LinkedIn Data Protection App – These apps can help you protect your data across other apps on your smart device.
Be Cautious About Giving Your Phone Number to Anyone On LinkedIn – As in all real-life circumstances, giving strangers access to your phone number may not be the best idea.
Lower Or Turn Off Activity Broadcasts – If you want to keep your job activity hidden from view, then you can turn off Activity Broadcasts.
Limit Your Activity Feed – Your profile updates, posts, and activities can be included as part of your public feed on LinkedIn. Think about which details you want to provide to maximize your privacy.
Limit Who Can View Your Profile – Limiting who can view your profile information is a great way to protect your privacy. Especially consider enacting two-factor authentication for your LinkedIn account.
In today’s digital world, passwords keep your accounts protected from dangerous threats. However, this may not be enough, so it is recommended to add two-factor authentication wherever possible.
LinkedIn data protection apps can help you in several ways to give you broad privacy protection, including:
- Deleting search history across accounts.
- See all your accounts (Twitter, Facebook, Google, Alexa).
- Control privacy across accounts.
These also allow users to take control of other social media accounts through a centralized login and apply new changes to the privacy settings of each one automatically.
You can get many of these free for trial on Google Play or the Apple App Store.
So, if you are looking for a data protection app, check out Jumbo.
Sometimes LinkedIn may use security prompts to verify that you are the person attempting to login. If a user is trying to login with multiple devices, LinkedIn will detect this as unusual and will request a verification.
LinkedIn will use email or a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) check to verify you. Through email, you will need to find the verification code and enter it into the sign-in page and click Submit. This can also be referred to as a LinkedIn Security pin.
New account signups can get stuck in a CAPTCHA loop. In this case, the person may have attempted to sign in multiple times or with multiple devices. Enabling cookies on your browser can help prevent this. If you use a VPN or proxy server, LinkedIn may see this as a dangerous login attempt from another person in a different location. If possible, avoid using a VPN when you do not want a security check. Also, consider not logging out of LinkedIn each time you use it throughout the day.
In addition to the risks outlined above, LinkedIn users face various security threats:
Phishing – Fraudsters send fake login pages or infected files to steal usernames and passwords.
Malware – Malicious software is distributed through tainted links and attachments.
Account hijacking – Attackers take over accounts by guessing weak passwords through brute force.
Scams – Job scams, fake invoices, and other social engineering tactics target users.
Spam campaigns – Mass messages with malicious links are sent trying to infect devices.
Data harvesting – Profile scraping tools aggregate public information for identity theft and surveillance.
Network infiltration – Company insiders are recruited on LinkedIn for corporate espionage.
To secure your LinkedIn account:
- Use strong unique passwords.
- Enable two-factor authentication.
- Be vigilant against phishing attempts.
- Don’t connect with strangers.
- Limit personal information sharing.
- Vet job offers carefully.
Also install antivirus software, use secure networks, and avoid clicking random links or downloads.
LinkedIn provides security controls under “Settings & Privacy”:
- Login notifications to detect unauthorized access.
- Login history to view account access details.
- Password strength meter to gauge password complexity.
- Trusted device confirmation for recognized devices.
- Recovery options in case you lose account access.
Additional privacy settings allow controlling what profile and activity details are visible.
LinkedIn offers security tools like:
- Two-factor authentication via text or authenticator apps.
- Account lock that blocks logins after failed attempts.
- Email verification required during signup.
- Security reminders if your password is compromised.
- Bug bounty program that rewards vulnerability disclosure.
Past LinkedIn breaches include:
- 2012 password leak exposing 6.5 million encrypted passwords.
- Recruitment fraud campaigns conducted via fake LinkedIn accounts.
- Malware-laced phishing messages purportedly from contacts.
- Users hacked after reusing breached passwords from other sites.
To manage LinkedIn passwords safely:
- Use a unique complex password only for LinkedIn.
- Consider using a password manager to generate and store it.
- Never reuse your LinkedIn password elsewhere.
- Change passwords immediately if compromised.
- Don’t use simple dictionary passwords that are easy to crack.
LinkedIn phishing often looks like real messages. Watch for:
- Suspicious sender addresses.
- Spoofed accounts.
- Spelling/grammar mistakes.
- Odd links to fake login pages.
- Strange attachments.
- High pressure tactics urging urgent action.
If you encounter questionable security issues on LinkedIn:
- Report suspicious messages to LinkedIn.
- Notify connections of potential scams.
- Contact LinkedIn support for assistance.
- Scan for and report fake accounts using your name.
By using strong unique passwords, enabling two-factor authentication, connecting cautiously, limiting personal information sharing, and monitoring account activity, LinkedIn users can maximize security. Report any suspicious activity and leverage LinkedIn’s security tools and settings. With vigilance, you can safely benefit from LinkedIn’s networking potential.
know the risks to their privacy and use best practices to protect themselves from cyber threats.
For more information about how secure Facebook is, read this post.