This LinkedIn Scam Got Me (Almost)...and It Should Scare You Too
Even though the cybersecurity pros I work with haven't fallen for the latest LinkedIn scam, seeing it hit my inbox made me realize just how dangerous and believable these attacks are. The sophistication of this one surprised even me, and that's concerning. Luckily, no damage was done this time, but as LinkedIn usage grows, we need to be prepared. Here's how to protect yourself before these scams evolve even further...
The Attack – Simplified
These attacks start with a super convincing fake email that looks like it's from Microsoft. It might warn you about suspicious activity and make you panic. You click, get taken to a website that looks exactly like the Microsoft login page, and enter your credentials. But here's the trick – even with your password, they need that one-time security code sent to your phone or email. The fake email pressures you to hand over that code, and once you do, the attackers are in control of your entire account.
Don't Wait to Take Action
These scams aren't going away, they'll only get trickier. Taking a few precautions now is much better than dealing with a hacked account later.
My Top Defense Tips
- Scrutinize the Sender: I never trust an email address at first glance. One wrong letter, an extra domain (.co instead of .com), is a red flag, no matter how official it looks.
- Resist Clicking: If an email makes me nervous or claims there's an urgent problem, I never click links. I go to the company website directly and log in that way.
- Codes are Sacred: Codes sent to my phone or email are my last line of defense. At work, we're told to never share these with anyone, and that's my rule for everything now. Stay Informed and Empowered
If you're unsure about phishing in general, there are great resources online Security Awareness Training | KnowBe4 And if your company offers any security training, take advantage! Before you open an unknown email – Stop, think, and don't be uninformed.
Source: Perception Point 04/09/2024