2 minute read
Your LinkedIn account may be at risk from cyber criminals
Over the past few weeks large numbers of users have reported being locked out of their accounts and many have reported account hijacks and takeovers. The implication is that there is an ongoing campaign by threat actors to obtain and take over a mass number of LinkedIn accounts.
While LinkedIn has not officially confirmed this, cyber analysts have noted that search terms such as ‘LinkedIn account hacked’, ‘LinkedIn account recovery’ and ‘breakout’ rose by up to 5,000 per cent recently. There has also been a steady rise of complaints on forums across the net with many users citing LinkedIn’s failure to respond to calls for help.
The attackers appear to be attempting to gain control of a large number of LinkedIn accounts by using leaked credentials or brute forcing. While the type of accounts being targeted do not appear to be connected, the effect of the takeover attempts can lead to temporary lockout for account holders – something which many users are currently experiencing.
LinkedIn account holders using multi-factor authorisation and strong passwords appear to be able to recover their account after a period of time has elapsed.
However, users without these security protocols are reporting having lost their accounts altogether. Once they have gained access to the account, the criminals will quickly replace the host email with one of their own, locking out the legitimate owners permanently. While the motive behind this current campaign is unclear, some users report being asked for a small ransom payment, so there may be a financial motivation.
Pundits have also commented on the fact that fake and hacked LinkedIn accounts are often used to launch credible phishing and malware attacks. In December 2022, over 100 million fake accounts were closed by LinkedIn and Meta, and with this opportunity being removed, it remains a distinct possibility that cybercriminals could be forced to shift towards compromising legitimate accounts.
What should I do if I have a LinkedIn account?
As stated at the top of the article, there is no confirmation from the host company itself that a large-scale campaign is underway, but their silence, along with the surrounding circumstantial information suggests that now is not the time do nothing.
If you have a LinkedIn account, now is a good time to review your security settings, enable 2FA, and switch to a unique and long password. Go to your LinkedIn security settings page to find out more.
Secondly, users are encouraged to monitor their inbox for LinkedIn notifications that a new email address has been associated to their LinkedIn account, this is an indicator that a compromise is taking place. Also, if you have been hacked, make sure to report to LinkedIn and also to Action Fraud (see below).
If you would like further guidance about how you should protect yourself online then simply join the Eastern Cyber Resilience Centre, a police-led company, for free today. We will help you understand the fundamentals of cyber security and what you should be doing today to protect your accounts.
How to report a cyber attack
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).
Rothamsted Conference Centre is a purpose-built events and conferencing venue in the heart of leafy Hertfordshire, uniquely situated to host local, national and international events, conferences and meetings.
We are focused on delegate wellbeing, providing healthy food, access to nature and a range of vegan and vegetarian options as standard.
Hertfordshire Chamber of Commerce members can save 10% on room hire at our Conference Centre by booking and hosting their event before December 31st, 2023. Quote "Herts Chamber" when booking.
