Connect Only With People We Know and Trust, LinkedIn Says

Exposing personal information and data in the public domain, such as social networks, is obviously a security risk. Malicious hackers and scammers are everywhere, victimizing unwitting users. Professional networking service LinkedIn, for one, says social networking users should connect only with people they actually know.

(Image Credit: ShutterStock)

For instance, several top U.S. government officials have received so-called “spear phishing” attacks through Gmail. Another attack compromised SecurID authentication tokens, which were exposed to unauthorized parties and used by millions. In both cases, the attackers successfully tricked their targets into opening e-mail attachments that appeared to come from trusted sources or colleagues.

Founded in December 2002 and launched in May 2003, LinkedIn is mainly used for professional networking. In the beginning of 2012, LinkedIn reported more than 150 million registered users, spanning across 200 countries worldwide. LinkedIn is not without its own security flaws and potential vulnerabilities, though.

For one, there is a flaw that affects only the IE version of the LinkedIn toolbar, which would allow a malicious web site to hijack the user’s browser, and potentially their PC. Until a patch was available, it was recommended to uninstall the toolbar. LinkedIn released an update to fix it.

Second, hackers exploited cookies stored in users’ computers, and stole information being transmitted through the networks. LinkedIn cookies usually stay resident on a user’s hard drive, so that there will not be a need to repeatedly key-in usernames and passwords to login. These login credentials are transmitted without encryption, though. So anyone who is able to get hold of the cookie files can easily gain access to the user account. Upon this discovery, LinkedIn reduced the “life” of the cookies from one year to three months. Even though LinkedIn has taken this step to reduce the risk to its users, LinkedIn users are still encouraged to change their passwords regularly and frequently.

LinkedIn lets users invite current and former colleagues without having to know their e-mail addresses, and it’s another potential vulnerability. A malicious hacker can simply pretend he works for company “ABC” and invite everyone from company ABC to join their network. Users are advised  to think very carefully about the information being revealed. One suggestion is for LinkedIn users to make the complete profile visible to premium account holders only.

“We recommend members connect only with people that they know and trust,” says LinkedIn Corporate Communications Manager Richard George to CNNMoney. He adds that “all Internet users should of course be aware of the fact that there are bad guys out there who unfortunately resort to things like phishing attacks, and that people should use common sense and tools available to them to ensure that they don’t fall prey.” Even though we know people online, we might want to ask them questions to authenticate or verify that they are who they claim to be.