The internet has provided criminals with various means to access personal information, such as phone numbers and email addresses, usually through data breaches and the underground trade of stolen data. However, it is important to be aware of the potential risks associated with the misuse of professional networking platforms like LinkedIn, as they can become a goldmine of information for cybercriminals.

According to cybersecurity firm ESET, criminals can exploit LinkedIn’s abundant contact information utilizing web crawling software to collect data on potential targets without the need to purchase leaked information. This not only exposes LinkedIn users to potential scams and identity theft but also poses a threat to the companies they work for.

“Criminals not only aim to deceive individual users but also target their employers. In doing so, the information obtained can be used for more effective attacks since personal digital attacks can have different characteristics,” explains Camilo Gutiérrez Amaya, Head of Research at ESET Latin America.

Web crawling techniques enable cybercriminals to create lists of current employees within a company and identify potential targets within the supply chain. By accessing the “People” tab on a target company’s LinkedIn page, criminals can collect an up-to-date list of employees. However, the risks do not stop there. By analyzing interactions on company posts, they can identify suppliers and partners, expanding their list of potential targets and attack vectors.

ESET emphasizes that LinkedIn users should be aware that the information they share can vary between public and restricted access, visible only to connections on their contact list. Nevertheless, even when users choose not to provide external contact information, cybercriminals can still gather valuable data such as full names, job titles, and locations.

While LinkedIn primarily serves as a professional networking platform, some users provide their corporate email addresses. This enables malicious actors to engage in more targeted interactions with their victims. Additionally, sharing a corporate email address exposes the structure of email addresses within a company, saving time for cybercriminals following a standard format commonly used organizations.

Apart from email addresses, sharing phone numbers on LinkedIn can have severe consequences. Cybercriminals can collect these numbers and sell them as a list of potential clients or for other malicious purposes.

Protecting Personal Data on LinkedIn: Best Practices

Given the nature of social media interactions, it is important to take measures to safeguard personal data, not only on LinkedIn but across all platforms. Here are some best practices to protect your information:

1. Configure Privacy Settings: LinkedIn provides several privacy options to limit information access to non-connections. Adjust your settings to restrict the amount of data visible to those outside your network. Remember, this advice applies to all social media platforms.

2. Be Selective: Avoid accepting connection requests indiscriminately. Be cautious of bots and fake profiles on the network. Establish criteria before adding someone to your contacts.

3. Limit Information Sharing: Prioritize contact through the platform’s built-in tools and avoid sharing external data when possible. Minimizing the amount of personal information in the system reduces the risk of exposure.

4. Review Connections: Regularly assess your connection list and remove suspicious or suspect profiles. Fake profiles are prevalent on LinkedIn, so it’s important to maintain a clean and trustworthy network.

5. Consider Real-Time Information: Think twice before updating your workplace status in real-time. Active monitoring cybercriminals can exploit this information to target you with malicious content.

By following these best practices, LinkedIn users can enhance their online safety and protect their personal information from falling into the wrong hands. Remember, it’s always better to be proactive when it comes to cybersecurity.

FAQ:

Q: What is a web crawler?

A: A web crawler is an automated software tool that methodically navigates the internet, indexing information about websites and their content.

Q: How can web crawling be used cybercriminals on LinkedIn?

A: Cybercriminals can utilize web crawling techniques to collect contact information from LinkedIn profiles, potentially exposing users to scams and identity theft.

Q: How can LinkedIn users protect their personal data?

A: LinkedIn users can protect their personal data configuring privacy settings, being selective in accepting connection requests, limiting information sharing, reviewing connections periodically, and considering the timing of real-time updates.

Sources:

ESET Latin America (link: www.esetla.com)