Cybercriminals and state-actor hackers increasingly are using LinkedIn as a source for company information and connections with diplomats and other officials, wrote chief technology officer Andy Kays in a commentary for the International Business Times on Feb. 2.
For example, in December the German Interior Ministry reported that Chinese intelligence services have been attempting to extract information and find intelligence sources by creating fake profiles on LinkedIn, Reuters reported.
Hackers can use LinkedIn’s “see all employees” feature to generate a target list for phishing attacks, wrote Kays, who works for UK threat and detection response company Redscan. Using LinkedIn to identify a company’s suppliers, technology providers and other connections, hackers can find potential ways into its systems. Information technology job ads on the site can reveal which databases, operating systems, storage and scripting languages a firm uses. Criminals also can place malware on their own profiles and then visit others’ to prompt visits that will spread viruses and other malicious software.
Kays doesn’t recommend that people and organizations stop using LinkedIn, but rather that they adjust their privacy settings and carefully consider how much and what type of information they share.