Insights For Success

Strategy, Innovation, Leadership and Security

LinkedIn

Beware of LinkedIn SpearFishing Attacks

GeneralEdward KiledjianComment
Image by  king dams used under Creative Commons License

Image by king damsused under Creative Commons License

We have been tracking an organized spearfishing attack occurring on LinkedIn since early October 2015. Since many of my contacts weren’t aware, I decided to publish this quick post.

This is a simple attack where a “bad actor” creates a fake LinkedIn page with actual connections. Pretending to be a recruiter, they encourage applicants to visit a special CV submission page which infects your computer with malware.

  1. Always be weary of new connections on LinkedIn offering something interesting. Just because you have common connections doesn’t mean they are real or trustworthy.
  2. When applying for a job, always visit the company website directly by entering the URL yourself (not clicking on a link) and visit the careers section.
  3. Be careful and don’t be too trusting on the internet

Profiles

In the past, scammers had incomplete profiles with major language issues. In this attack, it seems the profiles are complete with full (fake) job history, education and even LinkedIn group memberships.

A quick analysis of a handful of these profiles reveals much of the content is stolen from valid pages. Images are stolen from the internet. Career summaries are stolen from valid LinkedIn users. Job history is stolen from actual job postings.

A series of these profiles are created and used to endorse each other making these profiles look authentic and trustworthy.

Attribution

Interestingly this attack seems to match activity discovered by Cylance in December 2014 in file called Operation Cleaver

The Cylance report lists domains being faked and we see some of those re-used in this attack. Domains include:

  • Teledyne-Jobs.com
  • Doosan-Job.com
  • NorthropGrumman.net

To be clear there are other domains being used but these are examples of domains seen in the Cylance attack and the newer one.

Conclusion

The moral of the story is be careful. Treat your CV and personal information as valuable assets and protect them. Don't blindly trust anyone on the internet regardless of how "connected" they seem to be to your network. Don't trust endorsements.

Don't know where this came from originally or I would give proper attribution.

Don't know where this came from originally or I would give proper attribution.

3 secrets to using LinkedIn to advance your career

GeneralEdward KiledjianComment
Image by  Adriano Gasparri  used under Creative Commons License

Image by Adriano Gasparri used under Creative Commons License

LinkedIn has created a unique niche for itself amongst professionals looking to bolster their career. Read my article about The You Brand , and you may start to see opportunities to use LinkedIn as your personal self promotion platform. 

Related Articles:

Here are some of the elements you could use to improve your overall LinkedIn visibility and credibility.

Update Your Profile

Sounds pretty basic but it deserves a special spot here as the first suggestion.  Remember that LinkedIn is where potential employers go to discover who you are. It is often the first opinion a potential partner or employer will have of you. 

It is very important to remember:

LinkedIn is not Facebook, please stay professional

Make sure everything in your profile exudes professionalisms from the level of english you use to describe your positions to the picture you upload. You'll notice on my LinkedIn profile that my background (on the very top) is a serene picture of a forest. Chose something that describes you without going overboard. 

LinkedIn also allows you to add other content which may be relevant to your future job prospects such as whitepapers, images, presentations, etc.

LinkedIn Profile Tips:

  1. Have a well lit professional looking photo
  2. Have an original (non job title) tagline that describes your capabilities
  3. Have more contacts. Add anybody you have met to LinkedIn. There is something powerful when that 500+ connection number is shown on your profile
  4. When using LinkedIn for intelligence work, turn on anonymous browsing (link) to do it discreetly
  5. Linkedin in NOT a resume and shouldn't be treated as such. Consider it a living document that describes you. 
  6. It is important to update your LinkedIn status at least once a week. Remember to stay professional.
Image by  Sean MacEntee  used under Creative Commons License

Image by Sean MacEntee used under Creative Commons License

Blogging

Blogging is the great equalizer of the internet. Everyone has an equal opportunity to produce quality content and demonstrate their thought leadership capabilities.

In fact this article you are reading will be posted on my own personal blog at kiledjian.com and also cross-posted on LinkedIn using their blogging feature.

If your readers like your content, they can like or share it which increases your visibility beyond your own network.

Image by  Hans Põldoja  used under Creative Commons License

Image by Hans Põldoja used under Creative Commons License

Nurture your network

LinkedIn created the Connected app (link) and describes it as: " Because most opportunities come from the people you already know, and fostering genuine relationships can help you be more successful."

LinkedIn is telling you how important nurturing your network is... Are you listening? 

You want to be top of mind within your network. If an opportunity comes up, you want your contacts to think of you. Remember that 70% of jobs aren't posted so your LinkedIn army can help you get hired.

How to browse LinkedIn profiles anonymously

technologyEdward KiledjianComment
Image by  Pierre (Rennes)  used under Creative Commons License

Image by Pierre (Rennes) used under Creative Commons License

LinkedIn is a critical business tool for many professionals. It can be incredibly useful for research, communication, strategy building and corporate intelligence. 

Social Network privacy is a difficult concept for most users to understand. Social Networks are built on their ability to track you and then use that information to generate money. Facebook does this by leveraging your network to generate custom sticky newsfeeds. LinkedIn uses this information to entice users to "upgrade to premium" to see who has viewed your profile. Obviously it is in their interest to make enabling maximum privacy as confusing and as difficult as possible. If too many people enabled the maximum privacy settings, their networks would become less engaging and sticky, driving down revenues. 

So how can you browse LinkedIn profiles anonymously? Read on my friend...

Go to Account Settings

Click on Privacy & Settings 

Then Select the Profile Tab

Choose "Select what others see when you've viewed their profile"

Now choose what level of privacy you want to enable. In my case, I've left it on the default setting. You can choose "You will be totally anonymous" and voila.

LinkedIn Tip #7 - Don't spam your connections with every update

GeneralEdward KiledjianComment
Image by   Esther Vargas   used under Creative Commons License

Image by Esther Vargas used under Creative Commons License

In its default configuration, every time you make a change to your LinkedIn profile, it advertises this change to all of your contacts. This is a wonderful feature when you change jobs or companies but becomes annoying when you start cleaning your profile and send 30 updates to your network.

Here are the steps to change this setting:

Go down to the Privacy controls section

Then uncheck the box