Hackers are Targeting LinkedIn with Phishing Scams – How to Protect Yourself

Retail, shipping, and tech companies are no longer the most common brands that hackers use to hide their attempts at phishing. These days, social media platforms are the main choice, and hackers are using sites like LinkedIn to dupe victims into giving them information. In fact, when we look at global phishing attacks during the first three months of 2022, more than half were from LinkedIn brands.

Phishing scams on LinkedIn generally revolve on stealing credentials, financial scams, espionage, and impersonations design to facilitate all of the above.

The research company, Check Point, released a report that shows LinkedIn and associated brands have been used 44% more by hackers when compared to the previous quarter, the final three months of 2021. At that point, these brands were used in only about 8% of all phishing attempts.

In this report, it shows that LinkedIn is the most targeted brand, but other brands, like WhatsApp, are also being used for these dastardly deeds. WhatsApp is in the top 10 of all brands being used for phishing scams, and it accounts for about 1 in 20 phishing attacks worldwide. Shipping companies, too, like DHL, are also popular options for hackers, too. The top five are LinkedIn, DHL, Google, Microsoft, and FedEx. WhatsApp, Amazon, Maersk, AliExpress, and Apple round out the top 10.

Detecting LinkedIn Phishing Scams and Fake Profiles 

It can be difficult to detect LinkedIn phishing scams because many of these emails look extremely convincing. So, how can you determine what is real and what is fake? Here are some tips:

  • Take a look at the information on the sender. It should come from an address from LinkedIn.com. However, even if it does, there is still a chance it is fake.
  • Look at the content – if it has a lot of misspellings, grammar issues, or typos, it is likely a scam.
  • If there is a link that you are asked to click, hover over it first to see where it’s leading. If it is not from a LinkedIn.com domain, do not click on it
  • If there is an attached file, don’t open it. This is a fake email. LinkedIn would never send a file, and if you open it, you could infect your computer.
  • In any case, if something looks strange or suspicious, do not click anything or open any files.

There also might be fake profiles on LinkedIn that are focused on phishing attempts. Here are some tips to help identify them.

  • Check the entire profile for anything weird or odd. Things like inconsistencies may stand out.
  • Take a look at the number of contacts the person has – if it is low, it could be a profile that is newly created just to fraud others.
  • Is there an easy way to see why the person contacted you? Like are you in the same industry?
  • Is the person trying to share a file with you? Don’t accept it, and don’t fall for any type of sense of urgency.

If you have any doubts, or you are curious about what is said in the message, if it’s that important to you, don’t hesitate to contact LinkedIn. Ask to speak to that person. The person who answers will confirm or deny that the individual in question works for the company, and if they are legitimate, they can confirm or deny if they sent the message. You can also report LinkedIn scams as well.

Remember, cybercriminals can easily compromise LinkedIn accounts that are legitimate, so it’s very important to confirm via another communication channel, like a phone, if you are getting strange LinkedIn messages.

Proactively, engage your team in phishing simulation training to make them aware of what to look out for. This type of security awareness training is a cost-effective form of risk management.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Boom! 14 Different Disasters Caused by Social Media

There are a number of ways that you or your small business could get caught up in a disaster on social media. Can you think of any? If not, that’s cool. Here are 14 that could be dangerous:social media

  1. A Horrific Reputation Online – Do you watch your company’s Facebook page? Do people post to it? Are you staff members posting? Even things that seem lighthearted at first, they could easily be taken in the wrong way by others.
  2. Racy Text or Images – If you or your employees are sharing racy text or images on their own social media pages, it could affect your business and your life. Though you cannot control what others are posting, you can absolutely educate them on how to use social media in an intelligent way. Generally, these things happen simply because of ignorance, but even something seemingly innocent could give your company or yourself a bad name.
  3. Fakers – You might not realize it, but there could be someone out there posing as your company or yourself. So, make sure to scope out the internet to see if anyone is using your company name or logo. There could even be fake websites out there. You can set up a Google Alert to notify you if your business name or personal name appears on the internet.
  4. Financial ID Theft – Though it might seem safe to post a picture of your new puppy on your company’s website, it could lead to a stolen identity. How? Well, if you post the photo, you will probably put the puppy’s name on it. A lot of people use the names of their pets as passwords or as answers to online security questions. Now, a scammer has one more piece of the puzzle that they can use to hack into your accounts.
  5. Photo GPS – When you post a photo to your social media account, make sure that the GPS is turned off. This way, a criminal cannot use it to locate you nor your employees. GPS is great, but it can also be dangerous.
  6. Vacations – Remind your staff about the dangers that can come when they post vacation information on their social media accounts. A burglar can easily use this information to find homes to break into. If they know, for example, that Sally in HR is on vacation, they know that she is not home, and now her house is a target.
  7. Corporate Snooping – There is also the possibility that a corporate snoop could set up a Facebook account, pose as a staff-member of a well-known company, and then pull in your real staff into a fake Facebook group. Then, they can feel free to talk about sensitive information that the criminal could then steal.
  8. Sex Offenders – Always know who you are chatting to online. Additionally, make sure to tell your kids or staff or staffs kids to be careful about talking with anyone new. This person could be a sex offender.
  9. Badmouthing – At some point, there will be a former or current employee who is disgruntled. They might feel like they were not terminated justly, or they might not like that they were passed over for a promotion. These are people who might try to get revenge by posting negative posts on your company social media pages.
  10. Bullying – Additionally, you might find that someone on your staff is a bully. Are they posting these types of bully messages on your social media? This could be bad for your business.
  11. Government Spying – Though it might sound crazy, there are instances where law enforcement agents can use social media to learn more about suspects in crimes.
  12. Fake Websites – You might also find that someone is setting up a fake website, and then pretending to be from your company. When a customer goes to your site, they could be giving them information about themselves, including their email address, account numbers, and phone numbers.
  13. Taking Over Accounts – Do you remember when the Associated Press and 60 Minutes had their Twitter accounts hacked? The AP account tweeted that President Obama was attacked. In response, the stock market tanked within minutes, causing people to lose millions of dollars because of a fake tweet.
  14. Liability – You can use the privacy settings on Facebook to hide certain posts, but that doesn’t mean they cannot be used in a future legal case. In fact, studies show that Facebook posts are used as evidence in 1 out of 5 cases of divorce.

What should you takeaway here? It is that there is no such thing as a social media account that it totally private. Someone who has bad intentions or even a post that isn’t meant to be malicious could ruin your or your company’s reputation.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Protect Your Company with This Social Media Security Advice

Social media is an excellent tool for small businesses, yet, the use of social media by small business staff can definitely put the company in danger. Many small business owners and managers don’t realize this.

Recently, I was talking to employees of a credit union about what to do in a robbery. Before this presentation, police officers had staged a robbery in the same credit union. The fake robbery was so real, some of the tellers were brought to tears, thinking they were really getting robbed.

After they were filled in on what was happening, everyone on the team discussed it. One of the most telling moments is when one of the tellers shared her story. During the mock robbery, one of the “robbers” handed a teller a note. It said this: “Your husband works at Pine Street Motors. We kidnapped him this morning. He is being held at another location. If you hit the alarm and notify police, he’s going to be killed.”

How did the bad guys know that her husband worked at Pine Street Motors? They simply looked online. They found the name of the bank, and then found out that the teller was listed as working at the bank on social media. Her social media account was connected to her husband’s, and his account said that he worked at Pine Street Motors.

Yes, it was that easy.

Here are some tips for social media that you might want to share with your staff:

Don’t Tell the Internet Where You Work

Tell employees that it’s not a good idea to share too many details about their work on social media pages. Though you can’t stop them from adding their employer on Facebook, you can tell them how this information can be used against them and the company. Make sure that they understand that this information could backfire and harm everyone involved.

Teach Your Staff How to Use Privacy Settings

You should also teach staff how to manage their social media privacy settings. Ideally, they should have maximum protection on every account. The default settings are lacking, and those put them at risk for hacking. You should also tell them that even the highest settings that social media sites have won’t keep everyone out. However, this level of protection is better than nothing.

Create a Workplace Policy for Social Media Use

Set up a policy in your workplace for social media use. Make sure this policy covers what employees associated with your company can say and what is totally prohibited.

Stop Banning the Use of Social Media in the Office

The moment you ban the use of social media at work, that’s the moment that someone will sneak around and do it anyway. This, of course, leads to dangerous things, as they can try getting around the firewall and other things that make your network vulnerable.

Train Your IT Team

Finally, make sure that your IT team is up to date on the latest ways to combat online-security issues. These teams must also know about the security risks that your business faces due to social media.

Additionally, the policy for employee social media use should be examined and updated quite regularly, and make sure to enforce it, too. Invest in anti-virus protection and make sure that all operating systems and browsers are always kept up to date when updates become available.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Protect Your Company with This Social Media Security Advice

Social media is an excellent tool for small businesses, yet, the use of social media by small business staff can definitely put the company in danger. Many small business owners and managers don’t realize this.

Recently, I was talking to employees of a credit union about what to do in a robbery. Before this presentation, police officers had staged a robbery in the same credit union. The fake robbery was so real, some of the tellers were brought to tears, thinking they were really getting robbed.

After they were filled in on what was happening, everyone on the team discussed it. One of the most telling moments is when one of the tellers shared her story. During the mock robbery, one of the “robbers” handed a teller a note. It said this: “Your husband works at Pine Street Motors. We kidnapped him this morning. He is being held at another location. If you hit the alarm and notify police, he’s going to be killed.”

How did the bad guys know that her husband worked at Pine Street Motors? They simply looked online. They found the name of the bank, and then found out that the teller was listed as working at the bank on social media. Her social media account was connected to her husband’s, and his account said that he worked at Pine Street Motors.

Yes, it was that easy.

Here are some tips for social media that you might want to share with your staff:

Don’t Tell the Internet Where You Work

Tell employees that it’s not a good idea to share too many details about their work on social media pages. Though you can’t stop them from adding their employer on Facebook, you can tell them how this information can be used against them and the company. Make sure that they understand that this information could backfire and harm everyone involved.

Teach Your Staff How to Use Privacy Settings

You should also teach staff how to manage their social media privacy settings. Ideally, they should have maximum protection on every account. The default settings are lacking, and those put them at risk for hacking. You should also tell them that even the highest settings that social media sites have won’t keep everyone out. However, this level of protection is better than nothing.

Create a Workplace Policy for Social Media Use

Set up a policy in your workplace for social media use. Make sure this policy covers what employees associated with your company can say and what is totally prohibited.

Stop Banning the Use of Social Media in the Office

The moment you ban the use of social media at work, that’s the moment that someone will sneak around and do it anyway. This, of course, leads to dangerous things, as they can try getting around the firewall and other things that make your network vulnerable.

Train Your IT Team

 Finally, make sure that your IT team is up to date on the latest ways to combat online-security issues. These teams must also know about the security risks that your business faces due to social media.

Additionally, the policy for employee social media use should be examined and updated quite regularly, and make sure to enforce it, too. Invest in anti-virus protection and make sure that all operating systems and browsers are always kept up to date when updates become available.

Facebook Photos bust Bank Robber

Do these bank robbers have bricks for brains? They actually posted photos of themselves with wads of the stolen cash on Facebook, says a story on thesmokinggun.com.

The alleged bank robers are John Mogan, 28 and Ashley Duboe, 24, and they’ve been charged with robbing a bank in Ohio. Mogan has already served time for a previous bank robbery conviction and was out on parole.

It all started when Mogan apparently sauntered into the bank and demanded money with a note. It’s not clear from the article whether or not Mogan brandished a weapon. At any rate, the teller handed over the money.

A video camera shows a thief in a hoodie exiting the bank with cash in his hands. Mogan has a distinct appearance in that both cheeks are tattooed.

Authorities believe that Duboe covered up the facial (and neck) tattoos with makeup prior to the robbery. Four days later, both geniuses posted their images to the Facebook page that they share, with Mogan pretending to bite into a thick wad of bills—which he refers to as a “McStack.” In another incriminating image, Mogan is pretending that the wad of cash is a phone.

A relative spotted the images, and from that point, things went sour for these Bonnie and Clyde wannabes. Both are currently behind bars, and the bond has been set at $250,000. Let’s see Mogan try to make a “McStack” with that amount and put his mouth around it.

Not surprisingly, neither of these two look too smug in their mug shots.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

6 Tips for Protecting Your Social Media Accounts

10 years ago, many of us were hearing about social media for the first time. Now, social media plays a giant role in our lives, allowing us to share pictures, connect with family and friends, and get updated news. Through social media, we can express ourselves to our inner circle and the world.

14DSo how devastating would it be if someone got a hold of your social media accounts?

They could really wreak some havoc, like sending dirty links to all of your followers on Twitter. Or worse, take personal information in order to steal your identity, which could take years to fix. Sadly, breaking into your social media account can be easy—just one wrong click on a phishing scam or using a weak password that is easy to guess

Luckily, there are a few things you can do to protect your social media accounts from hackers. Here are my tips:

  1. Discard unused applications. Take inventory of your social media accounts to see if there are any third-party applications that have access to your personal social data. Delete the ones you don’t use or don’t need. And make sure you are ok with what information they are accessing from your social profile/account as these can be gateways to your account for hackers.
  2. Be careful who you friend online. Only accept friend requests from people you know in real life. Often hackers will send requests so they can see the information you are sharing to help them take advantage of
  3. Sharing is not always caring. Double check your privacy settings to control who sees your posts. Also, be careful what you share online—think of what you post online as being there forever, even if you have privacy setting enabled. For example, sharing that you’re away on vacation could inform a thief that you’re not home and indicate to them it’s a good time to rob you.
  4. Use strong passwords. Using “password” as a password isn’t going to cut it. The strongest passwords are at least eight characters in length, preferably 12; contain a combination of upper and lower case letters, symbols and numbers, and are unique to each account. For more information on how to create strong passwords, go to passwordday.org. And don’t forget to join us to celebrate World Password Day on May 7th. If you have trouble remembering and keeping track of all your user names and passwords, a safe option is to use a password manager. I like, which allows you to log into sites and apps using multiple factors that are unique to you, like your face and fingerprints and the devices you own.
  5. Multi-factor authentication. Imagine a hacker has your password, username and email and even knows the answer to your secret question. He can get into your account. But if you’ve enabled multi-factor authentication, the hacker will need another factor to truly access your account. So without your phone, fingerprint, face or whatever factor you’ve set up, the game’s over for him. With True Key, you have to keep you safe online.
  6. Use security software. Of course, keep all your devices updated with comprehensive security software like McAfee LiveSafe™ service.

Don’t let hackers hack into your digital life! For other tips, check out @IntelSec_Home on Twitter or like them on Facebook!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

The Security Costs of being too Social

One of the arguments against being very virtually social is that nobody is SO important that everyone wants to know, for instance, that this person is going to be at the local sports bar watching the Super Bowl (or almost nobody; sad to say, some celebrities have half the world following them).

14DAnother argument, however, against tweeting and posting your every move is that this tells burglars when you’ll be away from your house.

So, you’re important enough to post every detail of your life on Facebook…but NOT important enough to be the victim of crime, right?

WRONG.

Maybe you’re not so virtually chatty, but other people actually tweet and post from the sports bar to keep followers updated about their emotions regarding the big game. At the same time, these folks are letting burglars know they’re away from home and not returning too soon.

Why You Should Curb Cyber Socializing

  • It’s true: People have been burglarized because the thieves found out they were on vacation or away via their social media posts.
  • Because posting your whereabouts in social media could lead to a burglary, you’ll have to pay for the natural fallout of the crimes, such as a homeowner’s insurance deductible and a higher premium rate due to multiple claims.
  • You could even lose any claim-free discount on your policy.
  • Though carriers won’t deny coverage if your car was stolen as a result of something you tweeted, the carriers want you to know how potentially risky it is to make personal posts, such as, “Hey, the whole gang’s going to my Uncle’s lake house to watch the Super Bowl on his monster flat screen!”
  • Save the mundane updates for after the event, when you get back home: “Hey y’all, just got back from watching the game at Uncle Budd’s…I’m gonna call in sick tomorrow ‘cause I’m so upset that we lost!” Which as you can see, is just as stupid, because you’ll get fired.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Social Media Identity Theft leads to Arrest

Are you one who believes you’re too smart, too savvy, to get your identity stolen in the social media world? Nobody thinks this will happen to them, and Stephanie Francis, 24, was no exception to that way of thinking.

http://www.dreamstime.com/royalty-free-stock-image-keyboard-recycle-button-green-white-icon-image35645776A report from firstcoastnews.com that the Jacksonville, Florida woman claims her identity was stolen—on social media of all places—and that the thief used it to create a phony Facebook account. This is interesting because there’s probably a ton of Facebook accounts under the name of “Stephanie Francis.” But there’s more to a fake Facebook account than using a name that a lot of other users have.

Francis says she’s being charged with a crime and wants to know how she can protect herself. As just mentioned, there’s more to this than just a duplicate of a common name. Francis explains in the article, “Someone created a Facebook with my name and picture on it and has been stalking my ex-boyfriend.”

This is just too easy to do: Find an online picture of the person, for instance, who bullied you in high school (it could be from an article announcing their promotion at a company, who knows?), then sign up on Facebook using that person’s name and photo for the profile page. How easy is that? And if you do anything illegal like stalk the bully’s ex-wife, the authorities will blame the bully! Social media is a magnet for cybercrime.

Francis has been charged with cyber stalking. She’s contacted Facebook and law enforcement, and the case has now gone to court. How did the imposter learn of her ex-boyfriend? Is this detail of Francis’s life in her social media posts? Maybe the imposter is a coworker and overheard her tell someone about the ex-boyfriend.

This case not only teaches the lesson of be careful what you post online, but also whom you share in person the details of your life—how loudly you talk, and who might be nearby to overhear.

Francis has created a Facebook account under a different name and faces another trip to court to try to resolve the situation.

Perhaps this mess could have been prevented:

  • Create a super strong password that would take a hacker’s machine two million years to crack.
  • Think! Think! Think before you post on social media!
  • Make your FB account as private as possible.
  • Seel out your likeness on social and the moment you discover an imposter, report it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

The Social Media Identity Theft of a School Director Via Twitter

We’ve seen this before and it never ends good. This time it’s resulting in an identity theft charge  for Ira Trey Quesenberry III, an 18-year-old student at Sullivan Central High School. A few years ago this would have been looked upon as a victimless prank. But times have changed and as social media sites like Twitter, Facebook, LinkedIn and others have morphed into much more than just recreational websites, it’s not just unacceptable; it’s a crime.

The Twitter account was created with the name and photo of Dr. Jubal Yennie, director of the Sullivan County school district. The account has since been deleted but the tweets sent in Yennie’s name were reported to be of an embarrassing nature and not appropriate for a school administrator. Why would an 18 year old do something like that?

The Smoking Gun reports, “Yennie contacted sheriff’s deputies last Friday to report the phony Twitter account. After investigators linked Quesenberry to the account, the teen reportedly confessed to opening it. Quesenberry was booked today by sheriff’s deputies, and is due to appear tomorrow in General Sessions court.”

Grab your/companies name/products/services, people. Sites like Knowem.com will do this for free or for a small fee. The worst thing you can do is nothing. There are millions of 18-year-olds out there to make you look stupid-er.

Robert Siciliano, personal security and identity theft expert and Advisory Board member to Knowem. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures

Using Social Media Passwords With Critical Accounts

For some social networking sites, security is not a top priority. Some do not protect your data with the same vigilance you could expect from your bank, for example. Nor do social media require strong passwords. And if you use the same passwords for more critical sites, like webmail or online banking, having your social networking account compromised can make those other accounts vulnerable as well.

Last year, 32 million passwords were posted online after a data breach at RockYou, a company that creates applications for social networking sites. The breach revealed the weakness of most people’s social networking passwords.

InformationWeek reports, that all the major sites have the same minimum password length of six characters. And password complexity checks are few and far between.

Of the 32 million people whose passwords were exposed, almost 1% had chosen “123456.” The next most popular password was “12345.” “Princess,” “qwerty,” and “abc123” were other common choices.

In another instance, phishers posted thousands of Hotmail addresses and the associated passwords in an online forum. These passwords were equally obvious. Those used most frequently included “111111,” “123456,” “1234567,” “12345678,” and “123456789.” Many of the phishing victims used people’s first names as passwords, most likely the names of their kids, spouses, and so on. 60% of the exposed passwords contained either all numbers or all lowercase letters.

Naturally, anyone using an insecure password is far more likely to be hacked. It is crucial to have strong, secure passwords for all online accounts, including social media accounts. And it is equally important to use different passwords for different accounts. Using the same password for social media sites as for critical accounts, like webmail and online banking, is an invitation for identity theft.

To protect your identity, observe basic security precautions. Consumers should also consider an identity theft protection product that offers daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious account activity is detected. McAfee Identity Protection includes all these features, plus live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visit www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him

discuss hacked email passwords on Fox News. (Disclosures)