October 1, 2014
LinkedIn is a useful tool for companies to know your work experience, your current position and so that they can also contact you without difficulty. Among other personal data, it is common to include an email address.
Despite its advantages, the platform also has its vulnerabilities, at least in terms of security. The tool is not only useful for human resources managers, but also for ‘spammers’ and cybercriminals eager to find email addresses to send fraudulent messages.
Most of the time, the ultimate target of these attacks is not the owner of the account, but the company where they work, and their data. For a cybercriminal, the social network is like an agenda containing the corporate emails of thousands of users who, carefree, use them instead of personal ones to deal with work matters.
Once they have found multiple accounts that share the name of the organization, they take note of the structure of the addresses (they are usually of the type firstname.lastname@example.org). You just have to do a more specialized search to come up with an entire mailing list of company employees.
If the hacker knows the structure of the technological network used by the company in question, he can access the system by sending an email to the victims in his directory. In it, it will include, for example, a link to a page where recipients are asked to insert the username and password to access the entity’s platform. When you get them, you will have a free hand to spy on your internal files.
The hacker excludes computer scientists from this type of attack, because by their training and “malice” they could discover the trap. However, customer service, marketing, accounting, and human resources departments are much more attractive targets.
If the cybercriminal finally manages to enter the computers, it will only be the first step for them to have access to another type of information: that of a private nature. Account numbers, security passwords, and databases can be compromised.
Companies often incentivize employees to promote themselves on LinkedIn. Saying where you work, looking for new clients and employees, but increasing the visibility of the brand on the Internet also has its risks.
How to prevent unwanted messages from reaching your professional inbox?
· Stay well informed about computer security. Attending courses or having the company organize workshops in this regard may be a good idea. Much trouble will be avoided if workers know how to recognize a fraudulent message and not fall for the traps set by attackers.
· Know for sure what type of data your company’s ICT platforms ask of them so as not to enter personal information on external pages. Recognizing the email account that handles the communications is also useful to distinguish suspicious senders.
· Another point that you should keep in mind to protect your company (and at the same time yourself) is to know the mechanisms that you can use to notify the technicians about any foreign element. IT managers can also do their part, warning of the importance of these actions. A timely notice can prevent someone from clicking on a fraudulent link or providing their details.
· Use a personal email account on LinkedIn. This will make it more difficult for them to identify you, although you can also apply the same recommendations: do not open emails from strange senders, do not click on the ‘links’ of content that you do not know and be careful where you enter the data.
[+] Videos de nuestro canal de YouTube