LinkedIn Account Takeovers and Ransom Demands – A Threat Extending to Business Accounts

      In the ever-evolving landscape of cyber security, new threats are constantly emerging, targeting our personal and professional digital spaces.

      A recent phenomenon that has sent shockwaves through the realm of professional networking is the surge in LinkedIn account takeovers, often followed by ransom demands. This alarming trend poses significant risks to individuals and businesses alike, highlighting the need for heightened vigilance and robust security measures.

      The motivations behind these takeovers can vary; some hackers may use compromised accounts for spamming, phishing campaigns, or distributing malicious content to a larger network. More recently, however, a new and particularly concerning aspect of these takeovers has involved holding the hijacked LinkedIn accounts for ransom.

      What happens when a LinkedIn account is taken over by hackers?

      Ransom demands associated with LinkedIn accounts have raised the stakes for cyber criminals. After gaining control of an account, hackers may alter the profile information and connections to make it appear more legitimate. This enables them to launch targeted attacks on colleagues, clients, or partners, effectively using the victim’s professional network as leverage.

      The primary goal of this approach is to extort money from the victim. The attackers threaten to exploit the victim’s connections by sending out misleading messages, sharing harmful content, or tarnishing their professional reputation unless a ransom is paid. The repercussions of such actions could be detrimental to the victim’s career and relationships, adding an emotional layer to an already distressing situation.

      How to minimize the risk of LinkedIn account takeovers:

      As the threat of LinkedIn account takeovers and ransom demands looms large, it’s crucial to take proactive measures to safeguard your professional online presence. Here are some steps you can take to minimize risks:

      • use strong passwords use strong, unique passwords and avoid using the same password across multiple platforms. Create strong, complex passwords that include a mix of upper and lower-case letters, numbers, and symbols. 
      • enable 2FAenable Two-Factor Authentication (2FA), adding an extra layer of security by requiring a second verification step beyond just your password – this could be a code sent to your phone or email.
      • regularly monitor account activity – assign an individual within the organization to regularly review the LinkedIn business account for any unauthorized changes or suspicious activity.
      • educate employees – provide training to employees about the risks of phishing attacks and account takeovers and teach them how to identify suspicious messages and connections.
      • create a response plan – ensure you have a response plan in place should the business account be compromised – this should include steps for communication, reputation management, and cyber security remediation.
      • consider professional help – in the event of a serious breach, it may be necessary to involve cyber security professionals who specialize in incident response and recovery.

      How Waystone Compliance Solutions can help 

      Waystone Compliance Solutions is a leading provider of cyber security consulting and compliance services to the financial services industry. Please reach out to us to find out more about how we can help you to assess your current cyber security measures.

      Contact us

      Previous post Next post

      More like this

      New year, stronger security - essential cyber security resolutions

      As the calendar turns to 2024, we’ll be approaching our blogs with a quarterly theme, starting with Q1’s ‘Foundations of…
      Read more

      Cyber security in 2023 - key trends and future considerations for the financial services sector

      2023 presented a continued surge in cyber attacks, ranging from sophisticated ransomware campaigns to supply chain compromises. These threats pose…
      Read more

      SEC Adopts Rules on Cyber Security Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies

      The SEC has voted today to adopt new rules requiring public companies to disclose material cyber security incidents and, to…
      Read more

      US State Data Privacy Laws – a comparison

      As more US states introduce privacy laws, companies must be aware of and be able to manage the varying provisions…
      Read more

      Business Email Compromise – is your business protected?

      In today's digital age, email has become an essential tool for business communication. However, with the increasing reliance on email,…
      Read more

      The California Privacy Rights Act – what it means for consumers and businesses

      The California Privacy Rights Act (CPRA) is a privacy law that was passed in California in November 2020 and came…
      Read more