A lot of people think that there is nothing to be grabbed from them, because they have nothing to hide, but it is not only about hiding. The simplest stuff on the web is worth money. Twitter accounts are already worth more than creditcard accounts. Your Facebook ID is worth around 5 dollars, and your gmail account is worth 1 dollar.
Just to give you a view, the following things can be sold on (underground) markets:
- Your profile picture
- Your telephone number
- Your private email address
- Your business email address
- Your title in the company you work at
- Access to your network
The hackers or companies that will scrape this information from your profile, will filter the data that has been collected and put them in specific groups. Now we should not forget that a lot of LinkedIn accounts were compromised a couple of years ago. If we expect that 50% did actually change their passwords, there is still a lot of accounts that can be compromised easily.
These compromised accounts have contacts stored in their account, and if you use LinkedIn on a regular basis, you will know that LinkedIn has a function which allows the export of all the contact details in one button.
Say hi to spam
The contact information which is extracted can be used for specific spam campaigns, the hackers can also initiate spear-phishing attacks because they will have a view on who is in your environment, and who is more likely to have contact with you. Remember, we are now only using LinkedIn information – if the threat actor decides to use multiple sources, for example; Facebook and Twitter – the chance is very high that a legitimate looking spear-phishing will be setup.
Of course this spam means money for the hackers, they have sold your email address to various marketing companies (legitimate and illegitimate).
Your profile picture
Believe it or not, you are beautiful, and hackers will use your picture in order to lure other people into their traps. Complete profile packs are being sold on underground forums. These packs allow hackers to perform social engineering attacks and advanced scams. For example; they will create a profile on a dating app with your profile information.
Should I close my LinkedIn?
No. LinkedIn is a great tool, it allows you to network, and there are people that already care about your profile security, but you can help them a bit. Make sure that you do not simply add people on your LinkedIn network. Make sure that you know them, and that you have some match with them.
Pay attention on how the profile has been setup and if the profile is active. You can also watermark your pictures in such a way that it will be not usable for the hackers. Regarding to your emails, make sure to use a separate email account for your online (social) activities, this helps you to filter out unwanted messages and spam.
LinkedIn has setup multiple guides on how to secure your profile, it is strongly recommended to follow their advice.