Why There Are Fewer LinkedIn Scams and Malware Than Facebook Ones

When discussing the risks of fraud, malware and other scams on social networking sites, security professionals often refer to Facebook and, to a lesser extent, Twitter. What about LinkedIn? Its popularity is increasing, as does its feature set, and the company’s IPO will help ensure an abundant supply of funds to fuel growth. This article explores the scams, fraud, phishing and other risks involving LinkedIn that have occured to date.

According to some metrics, LinkedIn’s popularity rivals only that of Facebook; however, there appear to be fewer fraudulent activities related to LinkedIn. Seeking to better understand this apparent paradox, I asked on Twitter why we aren’t seeing more scams and malware on LinkedIn.

Below is the gist of the answers I received. (Thanks to everyone who responded!)

  • LinkedIn isn’t used as often as Facebook, implied @secdouchebag and @kcgeek. Though LinkedIn has a lot of users, one study found that only 50% of them visit the site at least weekly and only 20% visit it daily. Fewer interactions with the website might explain why most of the LinkedIn incidents seem to have involved email.
  • LinkedIn apps platform is very limited, said @bond_alexander. The weak app ecosystem restricts this way of targeting the social networking site’s users. This may be another reason for email being a common element in many LinkedIn scams, he added. In contrast, Facebook apps are highly popularand have often been misused by scammers.
  • People’s LinkedIn interactions have a professional perspective. This frame of mind doesn’t generate the same social/emotional response as Facebook, which makes them more resistant to being tricked, suggested @adamshostack. In addition, @marypcbuk pointed out that people tend to pay more attention to their LinkedIn interactions, because they police their professional activities more carefully than personal ones.

LinkedIn users certainly aren’t immune to risks. For instance, @nuskoolsecurity highlighted numerous spam messages that replicated emails that LinkedIn sends to its users; @secdouchebag mentioned the existence of spear phishing on LinkedIn; @wireheadlance pointed out the use of LinkedIn by scam artists.

The potential of LinkedIn as the platform for malicious activities is especially significant because many organizations allow access to linkedin.com, even when they block other social networking sites, as @xaocuc observed.

Conjectures aside, what incidents involving LinkedIn have actually taken place in the recent years? This post is part of a series that explores LinkedIn scams, fraud and information security risks. The other posts are:

Lenny Zeltser

Updated

About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He presently oversees the financial success and expansion of infosec services and SaaS products at NCR. He also trains incident response and digital forensics professionals at SANS Institute. Lenny frequently speaks at industry events, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more