LinkedIn's professional setting makes scams appear more legitimate, and scammers often collect personal information from employees' profiles to tailor their approaches, according to the latest research. PHOTO by Pexels
Recent research by cybersecurity company NordLayer reveals that 59% of Canadian businesses experienced LinkedIn scams last year.
However, interruption to operations (45%) and stolen/damaged client contacts (42%) are not the only results of attacks. More than four in 10 confirmed stolen/damaged data, as well as damaged reputation (38%), financial loss, and stolen intellectual property (34%).
Carlos Salas, a cybersecurity expert and an engineering manager at NordLayer, says that it is easy to get scammed on LinkedIn due to several reasons: “LinkedIn’s professional setting makes scams appear more legitimate, and scammers often collect personal information from employees’ profiles to tailor their approaches. They exploit trust and credibility by creating fake profiles or hijacking real ones.”
Types of schemes
One of the most important steps is to understand what types of scams are out there and recognize them once the attack happens. Research reveals the top five types of LinkedIn scams experienced in Canada last year.
More than four in 10 confirmed reported a fake job offer, almost 1 in 2 people experienced a phishing attempt (47%) on LinkedIn, and 38% received a request to connect from an unknown person with a suspicious link in the message as well as a fake tech support offer. Less prominent are dating scams (30%) and get-rich-quick offers (29%).
What employees are doing and what they should do when they encounter LinkedIn scams
After encountering LinkedIn scams, most employees in Canada inform the leadership of their organizations (72%) or report to LinkedIn (67%). Considering everything, it is important for companies to take steps to protect themselves from these scams. NordLayer’s head of engineering and cybersecurity expert Carlos Salas shares his expertise on staying safe from scams:
“LinkedIn scams can pose a serious threat to businesses, resulting in the theft of sensitive data, financial loss, and damage to the company’s reputation.”
He also suggests some of the ways how businesses can protect themselves from LinkedIn scams:
1. Education: Because almost all attacks start with a human, the best way to protect any business is to educate your employees about their types and techniques. Social engineering attacks are incredibly powerful, so ensure your employees know how to handle and report them.
2. Use two-factor authentication: Encourage employees to use two-factor authentication (2FA) on their LinkedIn accounts to make it harder for attackers to get into the accounts.
3. Limit access to sensitive information: Only share sensitive information with employees who need to know. Ensure that access to sensitive information is restricted and that employees are trained to handle sensitive data.
4. Verify requests for information: Be cautious when receiving requests for information from unknown contacts on LinkedIn. Verify the requestor’s identity through other channels, such as email or phone, before sharing information.
5. Keep software updated: Ensure that all software and applications used by the business are updated regularly, including anti-virus software and firewalls.
By implementing these measures, businesses can significantly reduce the risk of falling victim to LinkedIn scams.
Methodology: NordLayer surveyed 500 companies in three countries: the United States, the United Kingdom, and Canada. The external agency SAGO conducted the surveys between March 15 and 25, 2023. Respondents were asked a set of questions about LinkedIn scams in the B2B industry. The samples were taken from non-governmental organizations operating in the services industry, and the target respondents were decision-makers (sole or partial) for IT-related acquisitions. Companies were divided into three main groups regarding size: 1 – 10 employees (small), 11-200 employees (medium), and 201+ employees (large).
NordLayer is an adaptive network access security solution for modern businesses. It helps organizations of all sizes to fulfill scaling and integration challenges.