HQ/EMEAFind out how we can help your business
LinkedIn users are now protected with three new security features that aim to fight cybercriminals on the platform that spread malware, perform espionage, steal data, or execute fraudulent activities.
One of the most prolific threat groups that carried out LinkedIn attacks was the North Korean ‘Lazarus’ gang, known for offering fake job offers to people and luring them to install malware on their devices. This malware would then infiltrate the victim’s corporate network and steal financial assets or critical data.
Separate researchers have also identified numerous fake LinkedIn user profiles that impersonate others or use a fake identity of a non-existing person to conduct fraudulent scams.
LinkedIn introduced three new security features to protect people against fake profiles and malicious private messages.
The three new LinkedIn security features are intended to provide security for users to verify an account’s authenticity, spot if an account uses AI-generated profile photos, and warn about a potential malicious private message.
In identifying an account’s authenticity, LinkedIn first rolled out the “About this profile” section that provides information about the account owner’s profile creation date, verified phone number, and linked corporate email address.
The social platform stated that this section would help other users determine if a real person owns a LinkedIn user profile. Threat actors would have to commit and invest an unrealistic time frame in maintaining and operating a fake user account with a convincing creation date. The linked company email will also serve as a basis of an account’s authenticity; thus, not having to link one would signify a suspicious user account.
Secondly, LinkedIn also implemented a new deep-learning-based AI to spot user accounts that use AI-generated profile photos, demonstrating a fake identity of a non-existing individual. The platform’s technology could verify profile photo uploads and determine whether they are generated through AI, commonly used by scammers to conduct fraud on people.
Lastly, threat actors who propose to take conversations with users outside of LinkedIn would immediately raise an alert, as the platform now prompts warnings as these circumstances happen. Most scammers use social engineering to build their victims’ trust, which eventually leads to a proposition of them transferring to another social platform where it is safer to talk about business.
LinkedIn’s efforts to protect its users from cyberattacks prove that threat actors are flexible in their attack tactics, including executing attacks on a platform where many highly skilled and intelligent professionals are active.
