When discussing the risks of fraud, malware and other scams on social networking sites, security professionals often refer to Facebook and, to a lesser extent, Twitter. What about LinkedIn? Its popularity is increasing, as does its feature set, and the company’s IPO will help ensure an abundant supply of funds to fuel growth. This article explores the scams, fraud, phishing and other risks involving LinkedIn that have occured to date.
According to some metrics, LinkedIn’s popularity rivals only that of Facebook; however, there appear to be fewer fraudulent activities related to LinkedIn. Seeking to better understand this apparent paradox, I asked on Twitter why we aren’t seeing more scams and malware on LinkedIn.
Below is the gist of the answers I received. (Thanks to everyone who responded!)
- LinkedIn isn’t used as often as Facebook, implied @secdouchebag and @kcgeek. Though LinkedIn has a lot of users, one study found that only 50% of them visit the site at least weekly and only 20% visit it daily. Fewer interactions with the website might explain why most of the LinkedIn incidents seem to have involved email.
- LinkedIn apps platform is very limited, said @bond_alexander. The weak app ecosystem restricts this way of targeting the social networking site’s users. This may be another reason for email being a common element in many LinkedIn scams, he added. In contrast, Facebook apps are highly popularand have often been misused by scammers.
- People’s LinkedIn interactions have a professional perspective. This frame of mind doesn’t generate the same social/emotional response as Facebook, which makes them more resistant to being tricked, suggested @adamshostack. In addition, @marypcbuk pointed out that people tend to pay more attention to their LinkedIn interactions, because they police their professional activities more carefully than personal ones.
LinkedIn users certainly aren’t immune to risks. For instance, @nuskoolsecurity highlighted numerous spam messages that replicated emails that LinkedIn sends to its users; @secdouchebag mentioned the existence of spear phishing on LinkedIn; @wireheadlance pointed out the use of LinkedIn by scam artists.
The potential of LinkedIn as the platform for malicious activities is especially significant because many organizations allow access to linkedin.com, even when they block other social networking sites, as @xaocuc observed.
Conjectures aside, what incidents involving LinkedIn have actually taken place in the recent years? This post is part of a series that explores LinkedIn scams, fraud and information security risks. The other posts are:
- Exploring LinkedIn Look-Alike Email Spam Campaigns
- The Potential for Malicious Ads on linkedin.com
- Scams and Malicious Activities Using the LinkedIn Website
- The Use of Fake or Fraudulent LinkedIn Profiles