LinkedIn Account Takeovers and Ransom Demands – A Threat Extending to Business Accounts
A recent phenomenon that has sent shockwaves through the realm of professional networking is the surge in LinkedIn account takeovers, often followed by ransom demands. This alarming trend poses significant risks to individuals and businesses alike, highlighting the need for heightened vigilance and robust security measures.
The motivations behind these takeovers can vary; some hackers may use compromised accounts for spamming, phishing campaigns, or distributing malicious content to a larger network. More recently, however, a new and particularly concerning aspect of these takeovers has involved holding the hijacked LinkedIn accounts for ransom.
What happens when a LinkedIn account is taken over by hackers?
Ransom demands associated with LinkedIn accounts have raised the stakes for cyber criminals. After gaining control of an account, hackers may alter the profile information and connections to make it appear more legitimate. This enables them to launch targeted attacks on colleagues, clients, or partners, effectively using the victim’s professional network as leverage.
The primary goal of this approach is to extort money from the victim. The attackers threaten to exploit the victim’s connections by sending out misleading messages, sharing harmful content, or tarnishing their professional reputation unless a ransom is paid. The repercussions of such actions could be detrimental to the victim’s career and relationships, adding an emotional layer to an already distressing situation.
How to minimize the risk of LinkedIn account takeovers:
As the threat of LinkedIn account takeovers and ransom demands looms large, it’s crucial to take proactive measures to safeguard your professional online presence. Here are some steps you can take to minimize risks:
- use strong passwords – use strong, unique passwords and avoid using the same password across multiple platforms. Create strong, complex passwords that include a mix of upper and lower-case letters, numbers, and symbols.
- enable 2FA – enable Two-Factor Authentication (2FA), adding an extra layer of security by requiring a second verification step beyond just your password – this could be a code sent to your phone or email.
- regularly monitor account activity – assign an individual within the organization to regularly review the LinkedIn business account for any unauthorized changes or suspicious activity.
- educate employees – provide training to employees about the risks of phishing attacks and account takeovers and teach them how to identify suspicious messages and connections.
- create a response plan – ensure you have a response plan in place should the business account be compromised – this should include steps for communication, reputation management, and cyber security remediation.
- consider professional help – in the event of a serious breach, it may be necessary to involve cyber security professionals who specialize in incident response and recovery.
How Waystone Compliance Solutions can help
Waystone Compliance Solutions is a leading provider of cyber security consulting and compliance services to the financial services industry. Please reach out to us to find out more about how we can help you to assess your current cyber security measures.