How can I hack a LinkedIn account

Warning: schemes use your LinkedIn contacts' accounts to send you phishing messages

You probably already know that you should never interact with messages from unknown senders. However, what do you do when someone in your contacts sends you a link or file and asks you to view it? If you want to be on the safe side, take a moment to verify that you expected to receive such content and that the sender normally sends it. Otherwise, you could potentially open malicious files or visit phishing websites. Even if none of your contacts want to put you in such a situation, cyber criminals who may hack your friends or co-workers' accounts certainly want to. As you can see, cybersecurity specialists came across a phishing message LinkedIn sent from a compromised account belonging to a user who was close to the affected victim. If you haven't heard of news like this before, we invite you to read our full blog post and learn more about this LinkedIn scam.

How does this LinkedIn scam work?

The first to betray any of the messages from LinkedIn were Naked Security researchers, who were informed about it by their colleague. After looking at it, specialists confirmed that the message was sent by an cyber criminal impersonating the owner of the hacked account. The text was friendly but brief, as the sender simply explained that they were sending a document shared via OneDrive.

The URL of the attached link began with www.businessinsight which could result in the link being directed to a legitimate website. If a user who receives such a phishing message on LinkedIn does not further verify it, they may not see anything suspicious about it. After all, such messages appear to come from friends, coworkers, or other people with whom the targeted user may have enough contact to make the phishing message appear normal on LinkedIn.

However, another check of the link revealed that it wasn't to business-insight.net but leads to a phishing website. Because the last part of the URL address of the link sent / office365 was , specialists suspect that the Hacker side possibly a copy of the Microsoft Office365 Has loaded the login page. Researchers can't be 100 percent sure because the link was blocked during testing and they just got the error " Page not found" saw. However, we doubt if this was the last attempt by cyber criminals to scam LinkedIn users. For this reason, we recommend that you be extra careful when you have an account on this platform.

How can you protect yourself from LinkedIn fraud and attacks?

The reason the person who reported the LinkedIn scam didn't interact with the phishing message they received on LinkedIn is because they noticed something unusual. There were no grammatical errors or other common signs that the message was from scammers. However, unlike the person the hacker impersonated, he used the person's full name when signing the text. Such a formal way of signing a message aroused suspicion and the targeted victim decided to have it investigated.

If you don't want to be tricked into opening malicious links or files received through LinkedIn or any other platform, always pay attention to the smallest details. If you received a file or link that you expected from one of your contacts, you should be safe. However, if you receive a message with such content out of nowhere, you may want to contact the sender by phone or some other messaging system and ask if they wrote the suspicious message.

Additionally, you can and should take additional precautions if you receive any questionable files or links. If it is a file, it is highly recommended that you scan it with a legitimate anti-malware tool before opening it. If your suspicions are confirmed, the anti-malware tool you choose can help you clean up potentially dangerous data. If you have attached links, you should always take a closer look at the URL address. Phishing websites often include parts of the URLs of legitimate websites to make them look harmless.

However, instead of assuming the website is reliable, check out the entire link and look for random bits that might not make sense. Particular attention should be paid to the last part of the link as it shows where you will be taken. More specifically, a phishing link might start with the name of a legitimate company, but the last part of its URL address can indicate that it leads to a webpage that has nothing to do with the name of the company mentioned.

How can cyber criminals hack LinkedIn accounts?

As with any other account, if you use a weak or compromised password, your LinkedIn profile can be hacked. Currently, a strong passcode consists of a combination of at least 10-12 characters containing both upper and lower case letters, numbers and symbols. In addition, a secure password must be unique. This means that the same combination cannot be used for multiple accounts. If your account's password doesn't meet these requirements, it might be weak.

What about compromised passwords? Typically, this title is assigned to passwords that were disclosed during, for example, a data breach. It doesn't matter if a password was only displayed on a platform or a website. Any other account that uses the same password is at risk. So as soon as a password is breached, it is compromised. Cyber ​​criminals with incorrect credentials can search multiple websites and platforms for accounts that use the same login names and access codes. Broken passwords are often sold on the dark internet too, so your compromised credentials can be used faster than you think.

How to secure your LinkedIn account

Users who do not want their accounts to be used for LinkedIn scams or similar attacks should first make sure that they are using a complex password that has not been tampered with. In other words, you should set up a unique passcode that you've never used before. If you are concerned about forgetting a complex password and don't want to go through the password recovery process, we recommend using a dedicated password manager.

For example, can Cyclonis Password Manager up to 32 characters unique passwords and generate all for you to save . If you wish, our application can even automatically log you into your accounts for easy access. You also don't have to worry about the security of your credentials as the tool stores them in an encrypted vault. In addition, it offers additional safeguards like that Two-factor authentication and the automatic logout . Did we mention it's free and under Windows , Mac , Android and iOS is working? You can find more information about the functions here.

We recommend enabling two-factor authentication in addition to creating a secure passcode for your LinkedIn account. That way, knowing your credentials is no longer enough to hack your account as the extra layer of security will protect it. LinkedIn offers a number of authentication options. If you need help enabling this feature, please follow the instructions here.

Attacks like the LinkedIn scam remind us of how careful we must be with content that may seem harmless at first glance. Cases like this also prove that hackers don't necessarily have to be interested in your personal information. Those behind this LinkedIn scam have used hacked accounts to target their victims in a way that does not arouse suspicion. What we mean by that is that there is no good excuse for lazy password habits, and if you want to be safe online, you should take password security seriously.