Hackers are Targeting LinkedIn with Phishing Scams – How to Protect Yourself

/0 Comments/in , /by

Retail, shipping, and tech companies are no longer the most common brands that hackers use to hide their attempts at phishing. These days, social media platforms are the main choice, and hackers are using sites like LinkedIn to dupe victims into giving them information. In fact, when we look at global phishing attacks during the first three months of 2022, more than half were from LinkedIn brands.

Phishing scams on LinkedIn generally revolve on stealing credentials, financial scams, espionage, and impersonations design to facilitate all of the above.

The research company, Check Point, released a report that shows LinkedIn and associated brands have been used 44% more by hackers when compared to the previous quarter, the final three months of 2021. At that point, these brands were used in only about 8% of all phishing attempts.

In this report, it shows that LinkedIn is the most targeted brand, but other brands, like WhatsApp, are also being used for these dastardly deeds. WhatsApp is in the top 10 of all brands being used for phishing scams, and it accounts for about 1 in 20 phishing attacks worldwide. Shipping companies, too, like DHL, are also popular options for hackers, too. The top five are LinkedIn, DHL, Google, Microsoft, and FedEx. WhatsApp, Amazon, Maersk, AliExpress, and Apple round out the top 10.

Detecting LinkedIn Phishing Scams and Fake Profiles 

It can be difficult to detect LinkedIn phishing scams because many of these emails look extremely convincing. So, how can you determine what is real and what is fake? Here are some tips:

  • Take a look at the information on the sender. It should come from an address from LinkedIn.com. However, even if it does, there is still a chance it is fake.
  • Look at the content – if it has a lot of misspellings, grammar issues, or typos, it is likely a scam.
  • If there is a link that you are asked to click, hover over it first to see where it’s leading. If it is not from a LinkedIn.com domain, do not click on it
  • If there is an attached file, don’t open it. This is a fake email. LinkedIn would never send a file, and if you open it, you could infect your computer.
  • In any case, if something looks strange or suspicious, do not click anything or open any files.

There also might be fake profiles on LinkedIn that are focused on phishing attempts. Here are some tips to help identify them.

  • Check the entire profile for anything weird or odd. Things like inconsistencies may stand out.
  • Take a look at the number of contacts the person has – if it is low, it could be a profile that is newly created just to fraud others.
  • Is there an easy way to see why the person contacted you? Like are you in the same industry?
  • Is the person trying to share a file with you? Don’t accept it, and don’t fall for any type of sense of urgency.

If you have any doubts, or you are curious about what is said in the message, if it’s that important to you, don’t hesitate to contact LinkedIn. Ask to speak to that person. The person who answers will confirm or deny that the individual in question works for the company, and if they are legitimate, they can confirm or deny if they sent the message. You can also report LinkedIn scams as well.

Remember, cybercriminals can easily compromise LinkedIn accounts that are legitimate, so it’s very important to confirm via another communication channel, like a phone, if you are getting strange LinkedIn messages.

Proactively, engage your team in phishing simulation training to make them aware of what to look out for. This type of security awareness training is a cost-effective form of risk management.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Here’s How You Can… Almost…Delete Yourself Off of the Internet

/0 Comments/in , /by

Whether you like it or not, companies like Facebook, Google, and Amazon all have a ton of data about you, including social connections, health information, and things you like or dislike. These companies usually use this information for advertising and marketing purposes, other companies out there also are collecting information on you to influence you politically, and you probably don’t want them to have it.

Here’s How You Can... Almost...Delete Yourself Off of the Internet

The bad news is, that it is next to impossible to totally delete yourself from the internet. Keep in mind that if your data has been hacked, such as usernames and passcodes on sites that were breached, that data will live on the dark web forever. Check if your email, as a username was compromised on my site here: https://protectnowllc.com/hacked-checker/ The good news, however, is that you can remove a lot of your data if you put a little time and effort into it. Here are some steps to follow:

Opt-Out When You Can

You probably wouldn’t be surprised to know that collecting and selling consumer data is a big industry. In 2019, Vermont passed a law that required any company doing business in the state and buying and selling third-party info to register. More than 120 companies went through the process, and they collect information such as names, DOBs, addresses, education level, buying habits, and yes…. even Social Security numbers.

Some of these companies might be familiar to you — Oracle, Equifax, Experian, Acxiom, and Epsilon are some of them. There are data brokers that allow people to opt-out of this type of data collection, but it can be difficult to figure out how to do it. You may have to fill out a form online, send them an email, or even send in other identifying information.

There is an organization that can help – it’s called the Privacy Rights Clearinghouse. Here, you can access a database of more than 200 different data brokers, and you can see information on whether or not you can opt-out. You can also take a look at YourDigitalRights to get opt-out forms for the top 10 biggest data brokers.

Ask Google to Remove Your Personal Info

Another thing that you can do is to ask Google to remove your personal contact info from search results. You can remove your home address, your phone number, and your email address.

You can get started with this by going to this Google Support site to begin the process. Here, you can submit up to 1,000 URL’s that include information about you, and it will be removed from Google search results.

This doesn’t happen automatically. The company will review the request, and then contact you if more information was necessary. Once everything is in place, Google will let you know if it will approve the request. Some things, like public record or news articles, will not be removed, and people can still find this information by searching a name.

Also, keep in mind that just because your information is removed from Google, there are other search engines out there.

Get Rid of Old Accounts 

If you really want to minimize your online presence, deleting any accounts that you no longer use can be a real help. Did you have an account on MySpace? Try to delete it. Did you blog on Tumblr during high school? Scrap it.

Though it’s easy to delete a lot of these old accounts, it’s also pretty time-consuming. Start by making a list of any old accounts you can remember, and then go through them one by one. You will have to go to each site, and then figure out how to log in and then delete the account. To make things easier, you can use a site called Justdelete.me, which will point you to the page where you can start the process.

You also might want to search for your name, email address, or other information to see what comes up. If you see posts that come up, you may be able to contact the site administrator to remove the information.

Clean Up Your Online History 

If you don’t want to delete old accounts, that’s totally fine. However, you can still clean up some of the old data that may be stored online. For instance, your Twitter or Facebook timelines may have old messages on them that you don’t want to get out in public. You can also do similar with your email account.

Data that is posted publicly, like text or photos, is much more easily found than other information, but make sure prior to deleting, that you are backing these things up if you may want to ever access it. Almost all social media platforms have a backup option in settings that you can use to do this.

For those who want to get rid of old tweets in bulk, Twitter doesn’t let you do that. However, other programs like TweetDelete and Tweet Deleter will get rid of it. It’s not free, however, but once you do it once, at $5.99 a month for Tweet Deleter, you can cancel after that first month. Also, remember, that when you give third-party service access to your account, they can access information that is within those accounts, like direct messages. Alternatively, if you don’t use your Twitter account, just delete it.

Facebook posts are a bit different. Google, for instance, won’t post information from individual Facebook posts online, but if you want to do the most possible to remove your history, you can go into your account and delete them. You can make it a bit easier by checking out the Activity Log, and then choosing what you want to delete. Alternatively, if you no longer use your Facebook account, you can delete it.

Pay Someone to Do It 

Of course, there is a market for anything, and if you don’t want to spend the time to do all of this yourself, you can definitely hire a company to do it for you. These third-party data removal companies will do the time-consuming job of removing your data from the internet. Some, like DeleteMe, can attempt to remove the data from brokers who are selling your info. Others, like Jumbo, can give you an alert when there are data breaches that your accounts might be a part of, or it can be set to delete social media posts after a certain period of time.

Preparing for the Future 

As you can see, it’s probably possible to remove some of your information, but once a lot of it is out there, it’s nearly impossible to remove it all. However, the future is yet to be written, so there are some things that you can do to protect yourself in the years to come.

First, consider what type of information you really want to put online. When you sign up for a new account, consider what type of information you are comfortable sharing, and if you can, consider using a burner email account. This is an account that you can use to sign up for new accounts that are different from your actual email account. That way, when you start getting all of the spam, it goes to this account, and not your main account. Additionally, if this account gets compromised, it’s not a huge deal, assuming there is no identifying information kept in it.

You also might consider not using the “big guys” for your online browsing. For instance, you can choose a web browser that is not Chrome or Safari-like Brave, or a search engine that isn’t Google, like Duck Duck Go. You also should truly understand what type of information is shared by the apps or programs you are using.

Finally, you need to talk to your family and friends. If you really want to be invisible online, then you should make sure everyone knows. Most people will be considerate of your request. It’s a respect issue these days, and there could be many reasons why you don’t want your current location or photos of yourself posted to social media sites. Tagging you in things should also be avoided.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.