Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Linkedin Hacks. Show all posts
LinkedIn Users
Cyber Security Cybersecurity Jobs Fake Job Fake Job Ads Linkedin Linkedin Hacks LinkedIn Users

How to Spot and Avoid LinkedIn Scams: A Complete Guide to Staying Safe Online

 

Most people trust LinkedIn for connecting careers, finding jobs, or growing businesses - yet that very trust opens doors for fraudsters. Because profiles often reveal detailed backgrounds, attackers pull facts straight from bios to craft believable tricks. Spotting odd requests or sudden offers helps block risks before they grow. Awareness matters, especially when messages seem too eager or oddly timed. 

Most people come across false job listings on LinkedIn at some point. Fake recruiter accounts tend to advertise positions offering large salaries, little work, fast placement, or overseas moves. Often, these deals turn out poorly once applicants get asked for private details or required to cover costs like setup fees, instruction modules, or tools. A different but frequent method relies on deceptive messages that mimic real notifications from the platform - these contain harmful web addresses meant to capture account passwords and access codes. 

One way attackers operate now involves tailored tactics, including spear-phishing. Studying someone's online activity helps them design messages appearing genuine and familiar. Sometimes these interactions shift from LinkedIn to apps such as WhatsApp or Telegram, avoiding detection more easily. Moving communication elsewhere raises serious concerns - it typically precedes deeper manipulation. Another trend gaining ground includes scams based on fake investments or romantic connections; here, confidence grows slowly until false money offers appear, frequently tied to digital currency. Watch out for certain red flags when using professional platforms. 

When messages push you to act fast, promise big rewards, or ask for private data, stay cautious. A profile showing few contacts, missing background, or odd job timelines might not be genuine. Confirm who you're dealing with by checking corporate sites - this basic move often gets ignored. Start smart - shielding your online presence begins with straightforward habits. Click only trusted links, since risky ones open doors to trouble. Two-step login adds a layer of safety, making breaches harder. Strong passwords matter; reusing them weakens protection. 

Staying inside LinkedIn messages helps keep exchanges secure. Sharing less personal detail lowers exposure quietly. Privacy controls fine-tune who sees what - adjust them often. Safety grows when small steps add up behind the scenes. Right away, cut contact if something feels off - then alert LinkedIn about the account. 

When financial data might be exposed, changing passwords fast becomes key, while also warning your bank without delay. Even as the platform expands, threats rise at the same pace, which means staying alert matters more than any tool. Awareness acts quietly but powerfully, standing between safety and harm.
Read more »
Spies
China Foreign policy Foreign policy official Linkedin Linkedin Hacks Spies

How China uses LinkedIn to recruit spies


One former senior foreign policy official in the Obama administration received messages from someone on LinkedIn offering to fly him to China and connect him with “well paid” opportunities.

A former Danish Foreign Ministry official got LinkedIn messages from someone appearing to be a woman at a Chinese headhunting firm wanting to meet in Beijing. Three middle-aged men showed up instead and said they could help the former official gain “great access to the Chinese system.”

A former Obama White House official and career diplomat was befriended on LinkedIn by a person who claimed to be a research fellow at the California Institute of Technology, with a profile page showing connections to White House aides and ambassadors. No such fellow exists.

Foreign agents are exploiting social media to try to recruit assets, with LinkedIn as a prime hunting ground, Western counterintelligence officials say. Intelligence agencies in the United States, Britain, Germany and France have issued warnings about foreign agents approaching thousands of users on the site. Chinese spies are the most active, officials say.

“We’ve seen China’s intelligence services doing this on a mass scale,” said William R. Evanina, director of the National Counterintelligence and Security Center, a government agency that tracks foreign spying and alerts companies to possible infiltration. “Instead of dispatching spies to the U.S. to recruit a single target, it’s more efficient to sit behind a computer in China and send out friend requests to thousands of targets using fake profiles.”

The use of social media by Chinese government operatives for what American officials and executives call nefarious purposes has drawn heightened scrutiny in recent weeks. Facebook, Twitter and YouTube said they deleted accounts that had spread disinformation about the Hong Kong pro-democracy protests. Twitter alone said it removed nearly 1,000 accounts.

It was the first time Facebook and Twitter had taken down accounts linked to disinformation from China. Many governments have employed similar playbooks to sow disinformation since Russia used the tactic to great effect in 2015 and 2016.
Read more »
Vulnerability
Click Session Hijacking Linkedin Hacks Vulnerability

Clickjacking Vulnerability found in Linkedin leads to account Deletion



 LinkedIn Vulnerable to User Account Delete using Click jacking, found by Asish

This Vulnerability is accepted by LinkedIn they are in a process to patched it but not yet patched. The hack use the Linkedin account deletion page itself.




Vulnerability Information:
  • Vulnerability Type: ClickJacking
  • Found By: Asish
  • Status: UnFixed
  • Alert Level: Critical
  • Website: http://linkedin.com

Default Account Closing page provided by Linkedin:
This exploit use the default Account Closing page.
User can close his account from LinkedIn by visiting the following page
https://www.linkedin.com/secure/settings?closemyaccountstart=&goback=.nas_*1_*1_*1

Once he click continue user have to click on verify account to close


And Final Step


Exploit:ClickJacking Vulnerability


To exploit this Asish have created a fake page with a small game. This page has an invisible iframe which renders remove close account page. The correct answer, in this case ‘82’, is placed over the Continue and Verify account from vulnerable page & ‘Submit’ on Close Account.

Once user submit the right answer his account will be removed from LinkedIn

Are you curious to play this Game?

The document is available here(Password: 8nj98F4h9AW)

Read more »
Subscribe to: Comments (Atom)